an121stud

7/23/2019 AN121STUD

http://slidepdf.com/reader/full/an121stud 1/692

Power Systems for AIX II: AIXImplementation andAdministration

(Course code AN12)

Student Notebook

ERC 1.1

5.3

over

Front cover

7/23/2019 AN121STUD


Student Notebook

October 2009 edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis withoutany warranty either express or implied. The use of this information or the implementation of any of these techniques is a customerresponsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. Whileeach item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results willresult elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

© Copyright International Business Machines Corporation 2009. All rights reserved.

This document may not be reproduced in whole or in part without the prior written permission of IBM.

Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictionsset forth in GSA ADP Schedule Contract with IBM Corp.

Trademarks

The reader should recognize that the following terms, which appear in the content of thistraining document, are official trademarks of IBM or other companies:

IBM® is a registered trademark of International Business Machines Corporation.

The following are trademarks of International Business Machines Corporation in the United

States, or other countries, or both:

PS/2® is a trademark or registered trademark of Lenovo in the United States, other

countries, or both.PostScript is either a registered trademark or a trademark of Adobe Systems Incorporated

in the United States, and/or other countries.Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the

United States and other countries.

Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.

in the United States, other countries, or both.Linux® is a registered trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, othercountries, or both.

UNIX® is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, or service names may be trademarks or service marks of others.

AIX® AIX 5L™ AS/400®

DB2® Electronic Service Agent™ Everyplace®

Express™ HACMP™ Notes®

POWER® POWER2™ POWER3™

POWER4™ POWER5™ POWER5+™

POWER6™ Power Architecture® POWER Hypervisor™

Power Systems™ PowerHA™ PowerPC®

PowerVM™ pSeries® RS/6000®

System p® System Storage™ Tivoli® WebSphere® Workload Partitions

Manager™

7/23/2019 AN121STUD


Student Notebook

Course materials may not be reproduced in whole or in part

without the prior written permission of IBM.

iii AIX installation © Copyright IBM Corp. 2009

7/23/2019 AN121STUD


Student Notebook



iv AIX installation © Copyright IBM Corp. 2009

7/23/2019 AN121STUD


Student Notebook

5.3

OC



©Copyright IBM Corp. 2009 Contents v

Contents

Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Live partition mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8Evolution of AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9

Overview of the POWER6 servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14Typical Power / AIX system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20Virtual I/O server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26How can we perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28

Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-29Exercise 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-30Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-31

Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2UNIX System administration challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3System management objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4AIX administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8SMIT main menu (text based) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9Dialog screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11Output screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14SMIT log and script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-15Web-Based System Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17IBM Systems Director Console for AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18Console interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20Console applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22Console management view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

7/23/2019 AN121STUD


Student Notebook



vi AIX installation ©Copyright IBM Corp. 2009

System health (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-26System health (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-27System health (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-29Classical SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-31DCEM portlet (1 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32DCEM portlet (2 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-33DCEM portlet (3 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34

DCEM portlet (4 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35DCEM portlet (5 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-37Console logging and tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-38Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-40Exercise 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-41Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-42

Unit 3. System startup and shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2System startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3

Managed system activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5Start-up modes for AIX (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6Start-up modes for AIX (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7AIX start up process overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8AIX partition activation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9AIX partition activation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10The alog command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11 /etc/inittab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13Run levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15Directory and script control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17System resource controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18

Listing subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19SRC Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20AIX partition shutdown (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21AIX partition shutdown (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23Managed system shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26Exercise 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-28

Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2

Installation methods for AIX 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3AIX installation in a partition (DVD or CD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4Installing AIX from CD/DVD (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5Installing AIX from CD/DVD (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7Installation and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8Method of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9Installation disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11Set Primary Language Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12

7/23/2019 AN121STUD


Student Notebook

5.3

OC



©Copyright IBM Corp. 2009 Contents vii

Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-13Software install options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15Install summary and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16Accept License Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17AIX installation: Post steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18Installation assistant and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19AIX installation in a partition using NIM: NIM overview . . . . . . . . . . . . . . . . . . . . . 4-20

AIX installation in a partition using NIM: Configuration steps . . . . . . . . . . . . . . . . 4-22Network boot (1 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23Network boot (2 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24Network boot (3 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25Network boot (4 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26Network boot (5 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27Network boot (6 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29Network boot (7 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31Exercise 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2AIX media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3Software packaging definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5Software bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7AIX software levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8What is my AIX version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10Software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11Software repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12

Software states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13Software listing and versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15lslpp, filesets and files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16Installing new software using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17Installing software using command line, examples . . . . . . . . . . . . . . . . . . . . . . . . 5-18Red Hat Package Manager filesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19Applying patches to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-20Applying patches, apply, commit, reject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21Listing fixes (APAR's) installed on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22Interim fix management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23Removing installed software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

Recovering from broken or inconsistent states . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25Service update management assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26SUMA base configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27SUMA task configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28SUMA command line execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29Fix Central Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-31Fix Level Recommendation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33Exercise 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34

7/23/2019 AN121STUD


Student Notebook



viii AIX installation ©Copyright IBM Corp. 2009

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-35

Unit 6. System configuration and devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2Device terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3System configuration and device overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-5Device commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-6

System device layout example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-7prtconf (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-10lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-11lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15 /dev directory, device configuration and control . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16Device addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-17

Physical location code examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-18Virtual location codes, example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-21Exercise 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23

Unit 7. System storage overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2Components of AIX storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3Traditional UNIX disk storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4Benefits of the LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5

Logical Volume Manager components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6Physical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8Volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-10Volume group descriptor area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-14Uses of logical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-16What is a file system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-18Why have multiple file systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-20Standard file systems in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-22 /etc/filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-24Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-26

Mounting over an empty directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27Mounting over files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28Listing file systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29Listing logical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30Checkpoint (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31Checkpoint (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32Checkpoint (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-33Exercise 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-35

7/23/2019 AN121STUD


Student Notebook

5.3

OC



©Copyright IBM Corp. 2009 Contents ix

Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3SMIT volume group menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5Adding a volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6Adding a scalable volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7Listing volume groups and VG attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8

Listing PVs in a VG and VG contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-9Change a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11Extend and reduce a VG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12Remove a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14Activate and deactivate a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15Import and export a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16Reorganize a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18LVM and RAID support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19LVM options which affect performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20Mirroring (RAID1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21Mirroring, allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-22Striping (RAID 0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23Striping and mirroring (RAID 10 or 1+0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-25Logical volume placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26Mirroring scheduling policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28Mirror write consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30SMIT logical volume menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32Adding a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33Show LV characteristics (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34Show LV characteristics (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36

Add copies to a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37Increasing the size of a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39Remove a logical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40List all logical volumes by volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41Mirroring volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42Physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-44SMIT physical volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-45List physical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-46List logical volumes on a physical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-47List a physical volume partition map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48Add or move contents of physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49

Documenting the disk storage setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-50Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-51Exercise 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-52Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-53

Unit 9. File systems administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2Journaled file system support in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3Advantages of enhanced JFS (JFS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

7/23/2019 AN121STUD


Student Notebook



x AIX installation ©Copyright IBM Corp. 2009

JFS2 structural components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-5Listing i-node and block size information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-7Creating a JFS2 file system (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8Creating a JFS2 file system (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9Mounting a file system and the /etc/filesystems file . . . . . . . . . . . . . . . . . . . . . . . .9-10JFS2 logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-11Creating a file system on a previously defined logical volume . . . . . . . . . . . . . . . .9-12

Changing the size of a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-13Removing a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-14File system space management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-16Listing file system utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-17Monitoring file system growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-18Listing disk usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-19Control growing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-21The skulker command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23Block size considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-24Fragmentation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26

Verify and repair a file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-27Documenting file system setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-28System storage review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31Exercise 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-32Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-33

Unit 10. Paging space. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2What is paging space? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-3

Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5Sizing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7Paging space placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-10Checking paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-12Adding paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-14Change paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-16Remove paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18Problems with paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-20Documenting paging space setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-22Exercise 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-23

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-24

Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2Backup introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-3System image backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-5Creating a mksysb image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-7image.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-9bosinst.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-11

7/23/2019 AN121STUD


Student Notebook

5.3

OC



©Copyright IBM Corp. 2009 Contents xi

mksysb tape image format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13Restoring a mksysb, from tape device (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15Restoring a mksysb, from tape device (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16Restoring a mksysb, from a NIM server (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . 11-18Restoring a mksysb, from NIM sever (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19Creating a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20Restoring a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21

Traditional UNIX and AIX backup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23Backup by filename and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24Backup and restore by inode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26tar command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28cpio command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29pax command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30dd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31Compression commands (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32Compression commands (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-33Good practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36Exercise 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-37Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38

Unit 12. Security and user administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2

12.1. Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6Group hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8

User hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10Role based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11Controlling access to the root account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13Security logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-14File/Directory permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16Reading permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18Changing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22Changing ownerships and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26

12.2. User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-27User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-28Console login sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-29User initialization process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31Message of the day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33Security & Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-34SMIT users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-36Listing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-38Add a user to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-39

7/23/2019 AN121STUD


Student Notebook



xii AIX installation ©Copyright IBM Corp. 2009

Change / Show Characteristics of a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-41Remove a user from the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-42Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-43Regaining root's password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-45SMIT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-46Listing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-47Add a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-48

Change or remove a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-50RBAC overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-52RBAC defined roles and authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-53RBAC (basic) implementation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-56RBAC example (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-57RBAC example (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-58Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-59Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-60

12.3. Security files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-61Security files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-62

Security files introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-63 /etc/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-65 /etc/security/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-67 /etc/security/user file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-69Group files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-73 /etc/security/login.cfg file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-74Validating the user environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-76Documenting security policy and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-78Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-79Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-80Exercise 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-81

Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-82

Unit 13. Scheduling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2The cron daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3crontab files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5Format of a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7Editing a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-9The at and batch commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11Controlling at jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-13Documenting scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-14

Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-15Exercise 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-16Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-17

Unit 14. TCP/IP networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-2What is TCP/IP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-3TCP/IP layering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-5TCP/IP start-up flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-7

7/23/2019 AN121STUD


Student Notebook

5.3

OC



©Copyright IBM Corp. 2009 Contents xiii

Ethernet adapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8Virtual LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10IEEE 802.1Q VLAN tagging (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-11IEEE 802.1Q VLAN tagging (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12VLAN group example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13AIX VLAN tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15

IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17Subnetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18Supernetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19How is TCP/IP configured on AIX? (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20How is TCP/IP configured on AIX? (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-21Command line TCP/IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22Verifying network interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23Name resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-24Routing implementation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-26Routing implementation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-28Multipath routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-29Additional configuration, IP aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-31Testing for remote connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-32Ports and sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-34inetd daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-35Remote UNIX commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-36Transferring files over a network (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-37Transferring files over a network (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-38Network File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-39NFS server configuration (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-40NFS server configuration (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-42

Manual NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-44Predefined NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-45Virtual Network Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-47VNC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-48Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-49Exercise 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-50Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-51

Unit 15. Introduction to workload partitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2Workload partition overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3

Workload partition overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5Reasons to use workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6WPAR is built on top of WLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8AIX workload partitions initial state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9Application WPARs (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10Application WPARs (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11Creating an application WPAR: wparexec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12Application WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13System WPARs (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14

7/23/2019 AN121STUD


Student Notebook



xiv AIX installation ©Copyright IBM Corp. 2009

System WPARs (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-15System WPAR device access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-16Creating a system WPAR: mkwpar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-17System WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-18Creating a system WPAR with a network definition . . . . . . . . . . . . . . . . . . . . . . .15-19WPAR routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-20System WPAR file systems space (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-21

System WPAR file systems space (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-23WPAR management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-25Specification file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-26Starting a system WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-27Stopping and removing a system WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-28WPAR status: lswpar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-30WPAR logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-31System WPAR management: clogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-32AIX command restrictions in WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-33WPAR management: save and restore WPAR . . . . . . . . . . . . . . . . . . . . . . . . . .15-34

Software installation, shared /usr and /opt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-36Software installation, non-shared /usr and /opt . . . . . . . . . . . . . . . . . . . . . . . . . .15-37WPAR resource control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-38Shared-based approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-39Percentage-based approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-40Workload Partition Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-41Workload Partition Manager GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-42Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-43Exercise 15 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-44Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-45

Appendix A. Printers and queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Appendix B. Checkpoint solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . X-1

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Trademarks xv

5.3

MK Trademarks

The reader should recognize that the following terms, which appear in the content of this

training document, are official trademarks of IBM or other companies:

IBM® is a registered trademark of International Business Machines Corporation.

The following are trademarks of International Business Machines Corporation in the UnitedStates, or other countries, or both:

PS/2® is a trademark or registered trademark of Lenovo in the United States, other

countries, or both.

PostScript is either a registered trademark or a trademark of Adobe Systems Incorporatedin the United States, and/or other countries.

Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the

United States and other countries.

Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc.in the United States, other countries, or both.

Linux® is a registered trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other

countries, or both.

UNIX® is a registered trademark of The Open Group in the United States and other

countries.

Other company, product, or service names may be trademarks or service marks of others.

AIX® AIX 5L™ AS/400®

DB2® Electronic Service Agent™ Everyplace®

Express™ HACMP™ Notes®

POWER® POWER2™ POWER3™

POWER4™ POWER5™ POWER5+™

POWER6™ Power Architecture® POWER Hypervisor™

Power Systems™ PowerHA™ PowerPC®

PowerVM™ pSeries® RS/6000® System p® System Storage™ Tivoli®

WebSphere® Workload PartitionsManager™

7/23/2019 AN121STUD


Student Notebook



xvi AIX installation © Copyright IBM Corp. 2009

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Course description xvii

5.3

ef Course description

Power Systems for AIX II: AIX Implementation and Administration

Duration: 5 days

Purpose

Learn to install, customize and administer the AIX operating system in

a multiuser POWER (System p) partitioned environment. The courseis based on AIX 6.1 running on a Power6 system managed by

Hardware Management Console version 7 and provides practicaldiscussions that are appropriate to earlier AIX releases.

Audience

This intermediate course is intended for system administrators oranyone implementing and managing an AIX operating system in a

multiuser POWER (System p) partitioned environment.

Prerequisites

The students attending this course should already be able to:

• Log in to an AIX system and set a user password

• Execute basic AIX commands

• Manage files and directories

• Use the vi editor

• Use redirection, pipes, and tees

• Use the utilities find and grep

• Use the command and variable substitution

• Set and change Korn shell variables

• Write simple shell scripts

• Use a graphic Common Desktop Environment (CDE) interface

These skills can be acquired by attending AIX Basics (AU13) orthrough equivalent AIX/UNIX knowledge. Also, it would be helpful, but

not mandatory if students were familiar with partitioning concepts andtechnology taught in Power Systems for AIX I: LPAR Configuration

and Planning (AN11).

7/23/2019 AN121STUD


Student Notebook



xviii AIX installation © Copyright IBM Corp. 2009

Objectives

On completion of this course, students should be able to:

• Install the AIX operating system, filesets, and RedHat Package

Manager (RPM) packages

• Perform system startup and shutdown

• Discuss and use system management tools such as SystemManagement Interface Tool (SMIT) and IBM systems director

console for AIX

• Manage physical and logical devices

• Discuss the purpose of the logical volume manager

• Perform logical volume and file system management

• Create and manage user and group accounts

• Perform and restore system backups• Utilize administrative subsystems, including cron to schedule

system tasks, and security to implement customized access of filesand directories

• Configure TCP/IP networking

• Implement Workload Partitions (WPAR)

Contents

• Introduction to IBM POWER p systems, AIX, and systemadministration

• AIX System Management Tools

• System startup and shutdown

• AIX installation

• AIX software installation and maintenance

• System configuration and devices

• System storage overview

• Working with the Logical Volume Manager (LVM)

• File system administration

• Paging space

• Backup and restore

• Security and user administration

• Scheduling

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Course description xix

5.3

ef • TCP/IP Networking

• Workload Partitions

Curriculum relationship

This course should follow the AIX Basics course. A basic

understanding of hardware / AIX environment and simple commandsis recommended before taking this course.

7/23/2019 AN121STUD


Student Notebook



xx AIX installation © Copyright IBM Corp. 2009

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Agenda xxi

5.3

ef Agenda

Day 1

Welcome

Unit 1: Introduction to IBM Power Systems, AIX, and system

administrationExercise 1

Unit 2: AIX system management toolsExercise 2

Unit 3: System startup and shutdownExercise 3

Unit 4: AIX installationExercise 4

Day 2Unit 5: AIX software installation and maintenanceExercise 5

Unit 6: System configuration and devicesExercise 6

Unit 7: System storage overviewExercise 7

Unit 8: Working with the Logical Volume ManagerExercise 8

Day 3

Unit 9: File systems administration

Exercise 9Unit 10: Paging space

Exercise 10Unit 11: Backup and restore

Exercise 11

Day 4

Unit 12: Security and user administrationExercise 12

Unit 13: SchedulingExercise 13

Unit 14: TCP/IP networking

7/23/2019 AN121STUD


Student Notebook



xxii AIX installation © Copyright IBM Corp. 2009

Day 5

Exercise 14

Unit 15: Introduction to workload partitionsExercise 15

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1

5.2

empty Unit 1. Introduction to IBM Power Systems, AIX,and system administration

What this unit is about

This unit provides an introduction to IBM Power Systems, AIX andsystem administration.

What you should be able to do

After completing this unit, you should be able to:

• Define terminology and concepts of IBM Power System servers,

virtualization, HMC, and AIX

• Understand a typical set-up of a Power environment • Describe the roles of the system administrator

• Obtain root access with the su command

How you will check your progress

Accountability:

• Checkpoint • Machine exercises

References

Online AIX 6.1 Information

PSO03004-USEN-05

AIX “From Strength to Strength”

AU73G System p LPAR configuration and virtualization I

Note: References listed as “Online” above are available at the

following address:

http://publib.boulder.ibm.com/infocenter/systems/index.jsp

7/23/2019 AN121STUD


Student Notebook



1-2 AIX installation © Copyright IBM Corp. 2009

Figure 1-1. Unit objectives AN121.1

Notes:

© Copyright IBM Corporation 2009

IBM Power Systems

Unit objectives

After completing this unit, you should be able to:• Define terminology and concepts of IBM Power system

servers, virtualization, HMC, and AIX• Understand a typical set-up of a Power environment• Describe the roles of the system administrator • Obtain root access with the su command

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-2. AIX overview AN121.1

Notes:

Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX

System V with 4.3BSD-compatible command and programming interface extensions.

Announcement Letter Number 286-004 dated January 21, 1986:

• “The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix,which, in turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories.

Some portions of the modifications and enhancements were developed by IBM; otherswere developed by INTERACTIVE under contract to IBM.”


IBM Power Systems

AIX overview

• IBM’s proprietary operating system based on UNIX System V – Also has BSD compatible commands and programming interface

extensions

• Advanced Interactive Executive (AIX) runs on proprietaryhardware (H/W) called IBM Power Systems – Sixth generation of Power, based on Reduced Instruction Set

Computer (RISC) technology

• Most Power Systems today run many instances of AIX inpartitions known as Logical Partitions (LPAR) – This is H/W partitioning managed by the system firmware, Power

Hyperviso

L P A R :

A I X 1

L P A R :

A I X 2

L P A R :

A I X 3

7/23/2019 AN121STUD


Student Notebook




Figure 1-3. Logical partition overview AN121.1

Notes:

Logical partition (LPAR)

Logical partitioning is the ability to make a single system run as if it were two or more

systems. Each partition represents a division of resources in the Power System. Thepartitions are logical because the division of resources is logical and not along physical

boundaries.

Hypervisor Partitions are isolated from each other by firmware (underlying software)called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be

used interchangeably in this course.

Each partition has its own environment, for example – IP address or time of day, just asany AIX instance.


IBM Power Systems

Logical partition (LPAR) overview

• An LPAR is the allocation of system resources to createlogically separate systems within the same physical footprint.

• The resource allocation and isolation for a logical partition isimplemented in firmware called Power Hypervisor. – Provides configuration flexibility

• Each partition has its own: – Operating system – Resources: processors, memory, devices (defined in a profile)

• Resources can be changed dynamically using Dynamic LPAR (DLPAR)

• Partitions can consist of physical (real) or virtual devices

– or a combination of both

Power Hypervisor

System Hardware (memory, processors, devices)

LPAR 1 LPAR 2 LPAR 3 LPAR 4

sys104:42

sys214:42

sys311:42

sys419:42

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-4. Dynamic logical partitioning AN121.1

Notes:

Dynamic Logical partitioning (DLPAR)

The term Dynamic in DLPAR means we can add, move, or remove resources without

having to reactivate the partition. If there are partitions that need more or can do withfewer resources, you can dynamically move the resources between partitions within the

managed system without shutting down the partitions. Both the source and thedestination partitions must support the dynamic partitioning operation.

Processors and memory

Each running LPAR has an active profile which contains the resources that LPAR is

entitled to. For processor and memory settings, there is a maximum and a minimumrange. These boundaries cannot be exceeded when performing dynamic reallocation

operations.


IBM Power Systems

Dynamic logical partitioning (DLPAR)

• DLPAR is the ability to add, remove, and move resourceswithout reactivation of a partition – Processor, memory, and I/O allocation changes

• Processors and memory quantities are bound by the minimumand maximum profile settings

• Applications may be DLPAR-aware

LPAR 1

(running)

2.0 CPU16Gb Mem

DLPAR Operation:

- Add 2.0 CPU-Remove 4Gb Mem

-Move the DVD slot to LPAR 2

Before

LPAR 1

(running)

4.0 CPU12Gb Mem

After

7/23/2019 AN121STUD


Student Notebook




Applications

Some applications and utilities may not be DLPAR-aware. If they bind to a processor orpin memory, then you may need to stop these processes before you are able to perform

the DLPAR operation. IBM provides an Application Programming Interface (API) forthird party program DLPAR support on AIX 5L and AIX 6

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-5. Workload partitions AN121.1

Notes:

Workload partitions (WPAR) are virtualized, secure operating system environments,

within a single instance of the AIX operating system. Live Application Mobility is a capability

of WPAR technology which allows partitions to move between systems with limitedapplication downtime (for example, 20 seconds).


IBM Power Systems

Workload partitions (WPAR)

• Software (S/W) partitioning is managed by AIX. – Available from AIX 6.1

• Many AIX OS images can reside within a master global AIXimage.

• Live Application Mobility allows WPAR relocation to anotherbox or LPAR.

• WPARs provide automatic workload balancing.• WPAR technology is not H/W dependent.

– Support is available on Power 4, 5, and 6.

WPAR1

1. 2. WPAR2

WPAR3

WPAR 4

WPAR6

WPAR5

WPAR mgr

AIX1

AIX2AIX3

7/23/2019 AN121STUD


Student Notebook




Figure 1-6. Live partition mobility AN121.1

Notes:

Live Partition Mobility is a new capability that enables users to move partitions between

systems with no application downtime. Live Partition Mobility enables organizations to

move LPARs from CPU intensive servers to improve overall throughput based onrequirements at a particular time. This also allows us to use a maintenance window on a

physical machine without the need for any application downtime. The only interruption ofservice would be due to network latency. If sufficient bandwidth was available, a delay of at

most, a few seconds, could typically be expected.


IBM Power Systems

Live partition mobility

• Live partition mobility allows running AIX partitions to bemigrated from one physical server to another withoutdowntime. – For Power 6 only, LPARs must not contain any physical devices.

• Partition Mobility provides systems management flexibility andis designed to improve system availability. – Can help avoid planned outages for hardware or firmware

maintenance – Can help avoid unplanned downtime

• If a server indicates a potential failure, you can move its partitions toanother server before the failure occurs.

– Enables optimized resource use by moving workloads from server toserver

L P A R :

A I X 1

L P A R :

A I X 1

NoDowntime

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-7. Evolution of AIX AN121.1

Notes:

AIX

AIX has come a long way since 1986. The first stable version was released in 1993 with

v3.2.5. AIX 3 had key features that are still in AIX today such as smit, a logical volumemanager, the first UNIX flavour to incorporate LVM, and Journaled Filesystems. AIX 6.1

which was generally available (GA) in Nov 2007, saw the addition of many new leadingedge features into the OS. Here is a list, many of which are beyond the scope of this

course, but will be covered in detail in further education courses:

AIX Version 6.1 highlights

New Virtualization Support

• PowerVM Workload Partitions (WPAR)

• PowerVM Live Application Mobility, with the IBM PowerVM Workload PartitionsManager for AIX

• PowerVM Live Partition Mobility enablement


IBM Power Systems

Evolution of AIX

AIX Version 6.1 Technology Level 2(GA 14, November, 2008)

IBM Support for new IBM UNIX® SystemsNew Virtualization Support

• Faster Live Application Mobility• (with WPAR Manager V1.2• Inactive Application Mobility

• Independent WPAR network routes• WPAR named interface support

• IPv6 WPAR network support• MPIO support for physical and virtual paths• PowerVM™ n Port ID virtualization (NPIV)• PowerVM™ Shared Memory Partitioning

OS Integration and Management• IPv6 RFC currency• BIND 9.4.1 support

• IPv4 tunneling in IPv6 networks• nmon integrated into topas

• topasrec performance data recording• topas monitoring support for PowerVM VIOS

• mpstat and sar support WPAR support• Concurrent kernel update enhancements

• LVM support for SAN mirror pools• Systems Director Console enhancements

7/23/2019 AN121STUD


Student Notebook




Enterprise security features

• Role Based Access control

• Encrypting Filesystem

• Trusted AIX

• AIX Security Expert enhancements

• Secure by Default installation option

• Trusted Execution

• Filesystem access tool for suid

Near-continuous availability features

• Concurrent AIX kernel updates

• Kernel exploitation of POWER6 Storage Keys

• Dynamic tracing with probevue

• Functional Recovery Routines

• Live Dump

• Firmware assisted dump

Manageability features

• WPAR manageability features

• Systems Director Console for AIX

• Integrated filesystem snapshot

• Automatic, variable page size for POWER6

• Solution performance tuning

The evolution of POWER H/W

• ‘The 801’: IBM Reduced Instruction Set Computer (RISC) technology originated in1974 in a project at the Thomas J. Watson Research Center to design a large

telephone-switching network. The computer needed was named the 801 after Building801, where the research was taking place. The goal of the 801 was to execute one

instruction per cycle.

• ‘The RT’: The IBM RT was IBM's first RISC based UNIX (AIX) computer with a 32 bitROMP processor, without floating point capability that was first announced by IBM in

January 1986.

• POWER: In February 1990, IBM announces its new RISC-based computer line, theRISC System/6000 running AIX Version 3. The architecture of the systems is given the

name POWER, now commonly referred to as POWER1, which stands for PerformanceOptimization With Enhanced RISC. The systems were based on a multiple chip

implementation of the 32-bit POWER architecture. The models introduced included an

7/23/2019 AN121STUD


Student Notebook




5.2

empty 8 KB instruction cache (I-cache) and either a 32 KB or 64 KB data cache (D-cache).The models had a single floating-point unit capable of issuing one compound

floating-point multiply-add (FMA) operation each cycle, with a latency of only two cyclesand optimized 3-D graphics capabilities.

The model 7013-540 (30 MHz) processed 30 million instructions per second. Itselectronic logic circuitry had up to 800,000 transistors per silicon chip. The maximum

memory size was 256 Mbytes and its internal disk storage capacity was 2.5 GBytes.• RSC: In January 1992, an entry-level desktop workstation was announced (7011-220),

based on a single chip implementation of the POWER architecture, usually referred to

as RISC Single Chip (RSC). It was affectionately known as the “the pizza box”.

• PowerPC (601): The RISC System/6000 model 7011-250 (66 MHz) workstation, thefirst to be based on the 32-bit PowerPC 601 processor, was introduced in September

1993.The 601 was the first processor arising out of a partnership between IBM, Motorola, and

Apple. From IBM, the RISC Single Chip (RSC) microprocessor became the base designfor 601. The superscalar machine organization of the 601 was improved to achieve

greater performance. Additional custom circuit design was applied to reduce the diesize and to allow higher frequency operation. The Motorola 88110 microprocessor bus

interface formed the basis of the development of the 601 bus interface. The 601 did not implement the full PowerPC instruction set. Some infrequently used

instruction where excluded, and some new instructions and features were added, suchas support for symmetric multiprocessor (SMP) systems. The 601 is capable of

dispatching, executing, and completing up to 3 instructions per cycle. Instructions issueto multiple execution units (an integer unit, a branch processing unit, and a

floating-point unit), execute in parallel, and can complete out of order.

An SMP has multiple processors that have their own cache, the memory and devicesare shared.The 601 was a bridge from POWER to the full PowerPC architecture.

• POWER2: The model 7013-590 (66 MHz) was announced in September 1993 and was

the first RS/6000 based on the 32-bit POWER2 architecture. The most significantimprovement introduced with the POWER2 architecture for scientific and technical

applications, is that the floating-point unit (FPU) contains two 64-bit execution units, sothat two floating-point multiply-add instructions may be executed each cycle. A second

fixed-point execution unit is also provided. In addition, several new hardwareinstructions were introduced with POWER2: quad-word storage instructions, hardware

square root instruction, and floating-point to integer conversion instructions.

• POWER2 Super Chip: In October 1996, the RS/6000 model 7013-595 (135 MHz) wasannounced with the new 32-bit POWER2 Super Chip (also known as P2SC). The P2SC

is a single chip implementation of the POWER2 architecture, containing 15 milliontransistors on a single chip.

• RS64: In October 1997, the RS64 also known as Apache, was the first 64-bit PowerPC

RISC processor. The RS64 is a superscalar processor optimized for commercial

7/23/2019 AN121STUD


Student Notebook




workloads. The processor has separate 64 KB L1 cache for instructions and data andL2 cache controllers. The L2 caches run at full processor speed. The RS64 contains a

16 byte interface to 2-way set associative 4MB L2 cache. The RS64 was also used inthe AS/400, called A35.

There were 4 generations of the RS64 chip. PowerPC RS64 IV 64-bit RISCmicroprocessor, also known as Sstar, using copper and SOI technology.

Then in October 2000, pSeries 680 (600 MHz), a 6 to 24-way 64-bit SMP server, withup to 96GB of system memory, and 16MB L2 cache for each 600 MHz processor was

announced.

• POWER3: The POWER3 (64 bit) processor, announced in October 1998, unifies thePOWER2 architecture (P2SC) with the PowerPC architecture.

The SMP-capable POWER3 design allows for concurrent operation of fixed-pointinstructions, load/store instructions, branch instructions, and floating-point instructions.

POWER3 is capable of executing up to four floating-point operations per cycle, twomultiply-add instructions. Integer performance has been significantly enhanced over the

P2SC with the addition of dedicated integer and load/store execution units. The chip

features eight execution units fed by a 6.4 gigabyte-per-second memory subsystem.The core includes two high-bandwidth buses: a 128-bit 6XX architecture bus to mainmemory and 256-bit bus to the L2 cache that runs at processor speed. The POWER3

also has on-chip 64KB data cache and a 32KB instruction cache.

• POWER4: The POWER4 “Gigaprocessor” copper SOI 64-bit CMP microprocessor isbased on all earlier designs.

174-million-transistor POWER4 chip, with two 1.1/1.3 GHz five-issue superscalarmicroprocessor cores, a triple-level cache hierarchy, up to 256 GB memory, a

10-Gbyte/s main-memory interface, and a 45-Gbyte/s multiprocessor interface. The

POWER4 is a CMP chip, which means that it incorporates multiple processors on asingle piece of silicon.POWER4 machines saw the introduction of LPAR technology.

• POWER5: The POWER5 processor is an improved variant of the highly successful

POWER4 chip. The principal changes are support for Simultaneous multithreading(SMT) and an on-die memory controller. Each CPU supports 2 threads. Since it is a

multicore chip, with 2 physical CPUs, each chip supports 4 logical threads. ThePOWER5 can be packaged in a DCM (dual chip module), with one dual core chip per

module, or an Multi-Chip Module (MCM) with 4 dual core chips per module. POWER5+,presented in 3Q 2005, packages in QCM, 2 dual core chips.

• POWER6: The POWER6 processor was released in July 2008, with the model Power

570 3.5, 4.2 and 4.5 Ghz. POWER 5+ has out-of-order execution. However, POWER6uses mostly in-order execution. An out-of-order execution core has some performance

advantages, but it takes significantly more logic to manage the execution. The extralogic consumes electrical power. Since a key objective in the design of POWER6

systems was to conserve electrical power, the decision was made to implement thecore in-order.

The potentially lower performance is offset by the significant increase of processor

7/23/2019 AN121STUD


Student Notebook




5.2

empty frequency, more than 2X higher performance than p5/p5+ systems. TPCc and other benchmarks results for POWER6 show a performance improvement

near 100%, over POWER5 systems. POWER6 introduces many new features, with the highlight being Live Partition Mobility.

7/23/2019 AN121STUD


Student Notebook




Figure 1-8. Overview of the POWER6 servers AN121.1

Notes:

IBM often introduces new models and updates the current range of servers on a frequent

basis. For further details see the Power Systems facts and features guide:

http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html


IBM Power Systems

Overview of the POWER6 servers

Power 520• Entry/Low end• Deskside or Rack (4U)• 1,2, or 4 CPUs• 1GB-64GB memory• Max. Storage, Internal +• Expansion I/O 132TB

Power 550• Mid-range• Deskside or Rack (4U)

• 2, 4, 6 or 8 CPUs• 1GB-256GB memory• Max. Storage, Internal +• Expansion I/O 249TB

Power 595• High-end• 42U System Frame• 8 to 64 CPUs• 16GB-4TB memory• Max. Storage, Internal +• Expansion I/O 999TB

Power 575• High Performance Computing cluster • For highly-parallel, compute-intensive

HPC workloads (up to 64 nodes percluster)

• 24” System Frame, water cooled• 32 CPUs per nodes• 32GB-256GB memory per node• Max Internal storage per node 292GB

Power 560• Mid-range• Rack (4U) building block (to 8U)• 4, 8 or 16 CPUs• 8GB-384GB memory• Max. Storage, Internal +• Expansion I/O 599TB

Power 570• Mid-range• Rack (4U) building block (to 16U)• 2, 4, 8, 16 or 32 CPUs• 1GB-768GB memory• Max. Storage, Internal +• Expansion I/O 604TB

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-9. Typical Power / AIX system layout AN121.1

Notes:

The diagram above shows a typical example of a Power server set-up configuration. The

server is split into a number of Logical Partitions (LPARs) running AIX. A Network

Installation Manager (NIM) server is highly preferable to install and update the AIX LPARsover the network. There can be a maximum of 2 HMCs connected to each system and

each system has two dedicated Ethernet ports reserved for this. It is recommended that theHMC to Service Processor communication occurs through a private network reserved for

that purpose. The HMC also must have open network connectively to the LPARs if suchfeatures as Connection Monitoring and Dynamic LPAR operations are to be achieved.

It is also preferable to have a second HMC connected for availability purposes.

Note: A failure of the HMC does not interfere in any way with the running managed system.

The service processor is a separate, independent processor that provides hardware

initialization during system load, monitoring of environmental and error events, andmaintenance support.


IBM Power Systems

Typical Power / AIX system layout

• LPAR Configuration and Control is completed through theHardware Management Console (HMC).

• The HMC connects to the Service Processors and the LPARs. – Best practice: Use a private network between the HMC and

Service Processors.

PrivateNetwork

Public/OpenNetwork

LPAR 1

LPAR 2

LPAR 3

LPAR 4

LPAR 4

Primary HMC

Secondary HMC‘Backup’

NIM Server Images

ManagedSystem

ServiceProcessors

SAN

7/23/2019 AN121STUD


Student Notebook




Figure 1-10. The HMC (1 of 2) AN121.1

Notes:

The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its

main purpose is to configure and control up to 48 managed systems.

The HMC also collects diagnostic and error information from the LPARs and ManagedSystem and logs them as Serviceable events. If configured, the HMC can send these

reports to IBM through the Electronic Service Agent (ESA).

Note: On entry level machines such as the Power 520, if the system is to be used as anon-partitioned system an HMC is not required. An HMC is mandatory for Power 570 and

above. Power 550s and below can use Integrated Virtualization Manager (IVM) to createand control the managed system. IVM is available through the VIOS code.


IBM Power Systems

The HMC (1 of 2)

• Intel based server (desktop or rack mount) running a webbased application on a customized version of Linux

• Access is through https (GUI) and SSH (Command line)

• Collects status health information from the managedsystems

• Mandatory on Power 570s and above – Power 550’s and below can use Integrated Virtualization

Manager (IVM)

• Can be configured to call home to IBM

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-11. The HMC (2 of 2) AN121.1

Notes:

The diagram above shows the main view of a managed system – sys034. Operations such

as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by

selecting the LPAR itself. The view is highly customizable.

The navigation area offers the main features of the HMC, such as:

• Systems plans for producing or deploying system configuration plans done during

design

• HMC Management for configuring the HMC, users, roles, network setting, and otherHMC characteristics

• Updates, for updating the HMC and Managed System firmware

This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a

much different interface based on Java.


IBM Power Systems

The HMC (2 of 2)

Task

Pad

Proc &

MEM

resources

LPARs

running

AIXNavigation

area

Managed

Systems

7/23/2019 AN121STUD


Student Notebook




Figure 1-12. LPAR virtualization overview (1 of 2) AN121.1

Notes:

Virtualizing LPARs

The main benefits of virtualized I/O are as follows:

• Partitions can be created without requiring additional physical I/O resources. The new

partitions can be configured to use virtualized I/O resources, which allows them to beconfigured in a timely manner, since no physical reconfiguration of the system, that is,

moving adapter cards and cables, is required.

• Virtualized I/O allows an economical I/O model, since it allows multiple partitions toshare common resources. For example, multiple partitions can share a single physical

adapter. Without virtualized I/O, each partition would require its own adapter, even if thefull capacity of the adapter was not being utilized.

• The use of virtualized I/O facilitates server consolidation. It permits multiple client

partitions to reside on a single machine, and make efficient use of shared resources.


IBM Power Systems

LPAR virtualization overview (1 of 2)

• An AIX client partition can : – Be virtual, have no real devices – Use fractions of CPUs (Micro-Partitioning)

• Virtualizing LPARs has many advantages – Flexibility in allocating resources – More efficient use of system resources through sharing – Consolidation (H/W, floor space, merge production and test

environments) – Relocating partitions using Live Partition Mobility

• A key component of virtualization is the Virtual I/O Server

(VIOS) – Implemented as special customized version of AIX

– It is not AIX. It is PowerVM software! – Requires at minimum a PowerVM standard license

• Included on some high-end systems

7/23/2019 AN121STUD


Student Notebook




5.2

empty Virtual I/O Server (VIOS)

The IBM Virtual I/O Server software enables the creation of partitions that use the I/Oresources of another partition. In this way, it helps to maximize the utilization of physical

resources on POWER5 and POWER6 systems. Partitions can have dedicated I/O,virtual I/O, or both. Physical resources are assigned to the Virtual I/O Server partition in

the same way physical resources are assigned to other partitions. The virtual I/O server

then provides access to these physical resources from the virtual client LPARs.

Virtual I/O Server is a separate software product, and is included as part of the standard

PowerVM feature. It supports AIX Version 5.3, 6.1 and Linux partitions as virtual I/Oclients.

7/23/2019 AN121STUD


Student Notebook




Figure 1-13. LPAR virtualization overview (2 of 2) AN121.1

Notes:

Virtual Ethernet Introduction

Virtual Ethernet adapters enable inter-partition communication without the need for

physical network adapters assigned to each partition. It can be used in both shared anddedicated POWER5 or POWER6 processor partitions provided the partition is running

AIX V5.3, AIX V6.1, or Linux. This technology enables IP-based communicationbetween logical partitions on the same system using a VLAN Ethernet switch (POWER

Hypervisor) in POWER5 and POWER6 processor-based managed systems.

The number of partitions possible on many systems is greater than the number of I/Oslots. Therefore, virtual Ethernet is a convenient and cost saving option to enable

partitions within a single system to communicate with one another through a virtualEthernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and

IPv6 protocols.

Virtual SCSI Introduction


IBM Power Systems

LPAR virtualization overview (2 of 2)

• The two key functions of virtualization are: – Virtual Ethernet is a standard feature of POWER5 and POWER6.

• AIX can have up to 256 virtual adapters per LPAR.• Does not require a VIOS, unless a bridged connection to the outside

world is required – Virtual SCSI is way of providing virtual disks to clients.

• The backend storage can be Internal disk (SCSI/SAS) or SANstorage.

• This is a feature of the VIOS.

• Note: There are many other virtualization features which are covered in moredepth in the LPAR & virtualization curriculum / roadmap.

7/23/2019 AN121STUD


Student Notebook




5.2

empty The Virtual I/O server supports exporting disks as virtual devices. The Virtual I/O serversupports the exporting of three types of virtual SCSI disks: virtual SCSI disk backed by

a whole physical volume, virtual SCSI disk backed by a logical volume, and virtual SCSIdisk backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole

physical disk, a logical volume, or a file, all standard SCSI conventional rules apply tothe device. The device will behave as a standard SCSI compliant device. The logical

volumes and files appear as real devices, hdisks, in the client partitions and can beused as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O

Server must be available before the client partitions are able to access it.

7/23/2019 AN121STUD


Student Notebook




Figure 1-14. Virtual I/O server overview AN121.1

Notes:

Virtual I/O Server (VIOS) description

VIOS provides virtual storage and shared Ethernet capability to client logical partitions

on the system. It allows physical adapters with attached disks and optical devices onthe VIOS to be shared by one or more client partitions.

VIOS partitions are not intended to run applications or to have general user logins.

VIOS is installed in its own partition. Using VIOS facilitates the following functions:

• Sharing of physical resources between partitions on the system

• Creation of partitions without requiring additional physical I/O resources

• Creation of more partitions than I/O slots or physical devices, by allowing partitions tohave dedicated I/O, virtual I/O, or both

• Maximization of physical resource utilization on the system


IBM Power Systems

Virtual I/O server (VIOS) overview

• The VIOS partition is allocated physical I/O slots containingreal adapters. – These are used for the virtual adapters (SCSI or Ethernet) to share

amongst the client partitions

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-15. Virtualization example AN121.1

Notes:

VLAN

A Virtual Local Area Network (VLAN) enables an ethernet switch to create sub-groups

within a single physical network where the members of different subgroups are isolatedfrom each other.

Virtual Ethernet

There are two main features of virtual Ethernet. One is the inter-partition virtual switch

to provide support for connecting up to 4096 LANs. LAN IDs are used to configurevirtual Ethernet LANs and all partitions using a particular LAN ID can communicate with

each other. The other feature is a function called Shared Ethernet Adapter that bridgesnetworks together without using TCP/IP routing. This function enables the partition to

appear to be connected directly to an external network. The main benefit of using thisfeature is that each partition need not have its own physical network adapter.


IBM Power Systems

Virtualization example

Hypervisor

Virtual

Ethernet

ent0

Physical

Ethernet

ent0

SEA

Layer 2

Bridge

ent2

Virtual I/O Server

LPAR

AIX

LPAR

Virtual

ServerAdapter

vhost0

Device

Mapping

SCSI, SAS, FC Physical Disks

or Logical Volumes

Virtual

Client

Adapter

vtscsi0

Virtual

Ethernet

ent1

Virtual

Ethernet

ent1

PhysicalNetwork

Virtual

Ethernet

Switch

vSCSI

Physical

Storage

Adapter fcs0

7/23/2019 AN121STUD


Student Notebook




Virtual SCSI adapters

Virtual SCSI adapters provide the ability for a client partitions to see SCSI disks whichare actually SCSI, SAS, SAN disks, or logical volumes inside the VIOS.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-16. Role of the system administrator AN121.1

Notes:

Overview

There are a number of distinct tasks which the system administrator on a UNIX or AIX

system must perform. Often there is more than one system administrator in a largeorganization and the tasks can be divided between the different administrators.


IBM Power Systems

Role of the system administrator

• Pre-installation planning of: – Partitions

– User accounts/groups – Storage allocation/paging space

– Subsystems (printing, networks, and so forth)

– Standard naming conventions

– Determine system policies

– Install and configure hardware

• Network configuration

• System Backups and disaster recovery

• Create/manage user accounts

• Define and manage subsystems• Manage system resources (for example, disk space)

• Performance monitoring

• Capacity planning

• Application license management

• Documentation - system configuration, and keep it current!

Maintain application /System uptime!

7/23/2019 AN121STUD


Student Notebook




Figure 1-17. Who can perform administration tasks? AN121.1

Notes:

Limiting access to administrative tasks

AIX security permissions restrict the performance of administrative tasks to the root

user, and sometimes to other users in special groups. For example, system for generaltasks, security for user administration, printq for AIX Print Subsystem printer

management, and lp for System V Print Subsystem printer management. This meansthat the root user's password must be kept secure and only divulged to the few users

who are responsible for the system. AIX6 has a new feature called Role Based Access

Control (RBAC). This allows OS management tasks to be assigned to roles and thenassigned to users. RBAC is a large security topic and hence will be covered in detail inthe AIX Security course (AU47G).

A certain amount of discipline is also required when using the root ID, because typing

errors made as root could do catastrophic system damage. For normal use of thesystem, a non-administrative user ID should be used. The superuser (root) privilege

should only be used when that authority is necessary to complete a systemadministration task.


IBM Power Systems

Who can perform administration tasks?

• The root user

– Exercise caution when logging in directly as root, especiallyremotely.

– Keep the root password secure.

• Members of special groups such as system, or roles using the new AIX6 feature: RBAC

• The su command enables you to obtain access to the root user

$ id; pwd

uid=251(alex) gid=1(staff)

/home/alex

$ su root

root's Password:

# id; pwd

uid=0(root) gid=0(system)

/home/alex

# set |grep USER

USER=alex

or

$ id; pwd

uid=251(alex) gid=1(staff)

/home/alex

$ su - rootroot's Password:

# id; pwd


/

# set |grep USER

USER=root

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 1-18. How can we perform administration tasks? AN121.1

Notes:

There are many ways to perform administration tasks within AIX. In reality, a combination

of tools or techniques are deployed. IBM Systems Director is more flexible than the others

in the list. It supports multiple operating systems and virtualization technologies across IBMand non-IBM platforms. It is not to be confused with Systems Director for AIX which is

based upon IBM Systems Director but runs from within AIX to managed the OS as a singleinstance.


IBM Power Systems

How can we perform administration tasks?

• Command line – UNIX system administration tasks are often done from the command line,

by executing scripts, or both• Writing and executing scripts

– Typically using Korn shell scripts (ksh is the default shell on AIX)

– Perl for more advanced users

• SMIT (smit or smitty) – Text based tool (Graphical version also available – less popular)

• System Director for AIX (pconsole) – New web based GUI in AIX6

• WebSM (wsm) – Java based GUI (Requires CDE or X11 based graphics display)

– Not a popular tool to use

• IBM Systems Director – A cross platform product for managing Power systems and AIX across a

large enterprise environment

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-19. Checkpoint AN121.1

Notes:


IBM Power Systems

Checkpoint

1.What is the name of the device which creates and controlsLPARs?________.

2.True or False: An AIX operating system can have no real devices. _________________________________________

3.True or False: Virtualization features provided by the VIO Servercan be used by default on any Power system.

____________________________________

4.True or False: The su command enables you to get root authorityeven if you signed on using another user ID.

7/23/2019 AN121STUD


Student Notebook




Figure 1-20. Exercise 1 AN121.1

Notes:


IBM Power Systems

Exercise 1

Introduction toIBM Power Systems and

AIX

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 1-21. Unit summary AN121.1

Notes:


IBM Power Systems

Unit summary

Having completed this unit, you should be able to:

• Define terminology and concepts of IBM Power Systemservers, virtualization, HMC, and AIX

• Understand a typical set-up of a Power environment• Describe the roles of the system administrator • Obtain root access with the su command

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 2. AIX system management tools 2-1

5.2

empty Unit 2. AIX system management tools


This unit describes the system management tools available in AIX,

with a particular focus on SMIT and the IBM systems director console.



• Describe the benefits of the system management tools availablewith AIX version 6.1

• Discuss the functionality of SMIT, WebSM, and the new IBM

Systems Director Console for AIX

• Explain how system management activity is logged

• Look at how we can use IBM Systems Director Console to monitorsystem health and to run commands concurrently on multiple hosts


Accountability:

• Checkpoint

• Machine exercises

References

Online AIX Version 6.1 Systems Director Console for AIX

AIX Version 6.1 Operating System and Device

Management


following address:


7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives


• Describe the benefits of the system management toolsavailable with AIX version 6.1

• Discuss the functionality of SMIT, WebSM, and the new IBMSystems Director Console for AIX

• Explain how system management activity is logged

• Look at how we can use IBM Systems Director Console to

monitor system health and to run commands concurrently onmultiple hosts

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-2. UNIX System administration challenges AN121.1

Notes:

UNIX Challenges

Unfortunately, the same thing that's special about UNIX is also the source of most of what's

wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons anddifferent flavors. As a consequence, the OS has an awful lot of inconsistencies and

overlapping functions. At times, this can be confusing and challenging even forexperienced users.


IBM Power Systems

UNIX system administration challenges

• Lots of commands to remember

• Complex syntax

– Prone to error!

• Flat file configuration

– Most UNIX flat files have different layouts, syntax and options

– Again prone to error, sometimes causing bad things to happen.

# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes

Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m

Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}] [-p

{ro|rw}] [-l Logpartitions] [-n nodename] [-a

Attribute=Value]

How do I createan encryptedfilesystem?

7/23/2019 AN121STUD


Student Notebook




Figure 2-3. System management objectives AN121.1

Notes:

Minimize time and resources spent managing systems

Organizations seek to minimize the time and resources spent managing systems, that is, to

manage computer systems efficiently. AIX helps with tools such as SMIT, the Web-basedSystem Manager, and AIX 6.1 Systems Director.

Maximize reliability, performance, and productivity

Organizations also wish to maximize system reliability and performance in order to

maximize the productivity of the users of computer systems. AIX helps with features, suchas the logical volume manager, that help avoid the need for the system to be brought down

for maintenance.


IBM Power Systems

System management objectives

• Minimize time and resources spent managing systems

• Maximize reliability, performance, and productivity

• Provide remote system management solutions

7/23/2019 AN121STUD


Student Notebook




5.2

empty Provide remote system management solutions

Today's information technology environment also creates a need for remote systemmanagement solutions. AIX supports Web-based technology with the new AIX 6.1

Systems Director console. As a result, multiple systems can be managed from one singlepoint over the network. This can also be done with command-based programs such as

telnet, ssh, and SMIT.

7/23/2019 AN121STUD


Student Notebook




Figure 2-4. AIX administration AN121.1

Notes:

IBM provides users on AIX with a great deal of flexibility and choice when it comes to

administering an AIX system. SMIT is a simple, but highly effective ASCII based

management tool that has been in AIX since version 3. WebSM is a Java based GUI toolwhich was introduced in AIX 5.1. Some users will be familiar with the WebSM user

interface if they have used version three to six of an HMC. IBM Systems Director console isa new attractive web based offering in AIX6.1.

Types of commands:

Commands are classified high-, medium-, or low-level:

• High-level commands: These are standard AIX commands, either shell/perl scripts, orC programs, which can also be executed by a user. They execute multiple low-level or

intermediate-level commands to perform the system administrative functions.


IBM Power Systems

AIX administration

SystemManagementInterface Tool

(smit)

High-level commands

Low-levelcommands

Intermediate-levelcommands

IBMSystems DirectorConsole for AIX

(pconsole)

Systemcalls

Kernelservices

SystemResourceController

Object DataManager

ASCIIfiles

Web-basedSystem

Manager (WebSM)

Text based Java GUI Web Interface

Designed to make Administration on AIX simple

Newin AIX6

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Intermediate-level commands: These commands interface with special AIXcomponents such as the System Resource Controller and the Object Data Manager.

These commands are rarely executed directly by a user.

• Low-level commands: These are AIX commands which correspond to AIX system callsor kernel services. They are not normally executed directly by a user.

7/23/2019 AN121STUD


Student Notebook




Figure 2-5. SMIT AN121.1

Notes:

Overview of SMIT

The System Management Interface Tool (SMIT) provides a menu-driven interface that

provides access to most of the common system management functions, within oneconsistent environment.

SMIT is an interactive application that simplifies virtually every aspect of AIX system

administration. It is a user interface that constructs high-level commands from the user'sselections, and then executes these commands on-demand. Those commands could be

entered directly by the user to perform the same tasks, or put into scripts to run over, andover again.

Occasionally, a system administrator will run AIX commands or edit ASCII files directly to

complete a particular system administration task. However, SMIT does make the mostfrequent or complex/tedious tasks much easier with a greater degree of reliability.


IBM Power Systems

SMIT

• An interactive application that simplifies virtually every aspect of AIXsystem administration

• Part of AIX, available by default

• SMIT doesn't use any special hooks. Everything is based on standard AIX commands and Korn shell functions.

– You can see exactly what commands it performs either before or afterexecution.

– This is especially useful when you need to automate a repetitive task. Youcan then use these commands in your own scripts.

• Text / ASCII based by default.

– If on a graphical display, such as the Virtual Network Computing (VNC)viewer, and the DISPLAY variable is set, a Motif GUI version is displayed.

– Most users prefer the text based version called smitty

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-6. SMIT main menu (text based) AN121.1

Notes:

Main menu selections

The SMIT main menu enables you to select the administrative functions to be performed.

You can also select online help on how to use SMIT.

Use of keys

In the ASCII mode, in order to select from the menus, you have to use the up and downarrow keys. This moves a highlighted bar over the menu items. Press Enter to select the

highlighted item. You can also use some of the keyboard function keys to perform otherfunctions, such as exiting SMIT or starting a shell.

Importance of TERM environment variable

When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up

distorted. That is the result of not having an appropriate TERM variable value. Setting andexporting this variable can solve the problem. For example, executing the command

export TERM=vt320 might solve the problem.


IBM Power Systems

SMIT main menu (text based)

# smit

System Management

Move cursor to desired item and press Enter.

Software Installation and Maintenance

Software License Management

Devices

System Storage Management (Physical & Logical Storage)

Security & Users

Communications Applications and Services

Workload Partition Administration

Print Spooling

Advanced Accounting

Problem Determination

Performance & Resource Scheduling

System Environments

Processes & SubsystemsApplications

Installation Assistant

Cluster Systems Management

Using SMIT (information only)

F1=Help F2=Refresh F3=Cancel F8=Image

F9=Shell F10=Exit Enter=Do

System Management


Software Installation and Maintenance

Software License Management

Devices

System Storage Management (Physical & Logical Storage)

Security & Users

Communications Applications and Services

Workload Partition Administration

Print Spooling

Advanced Accounting

Problem Determination

Performance & Resource Scheduling

System Environments

Processes & Subsystems

Applications


Cluster Systems Management




7/23/2019 AN121STUD


Student Notebook




General syntax:

smit [-options] [ FastPath ]

Invoke ASCII version:

# smitty

or

# smit –C

Log, but do not actually run, commands:

# smit -x

Redirect the log file and script file:

# smit -s /u/team1/smit.script –l /u/team1/smit.log

# smit -s /dev/pts/1 -l /dev/pts/2

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-7. Dialog screen AN121.1

Notes:

Dialog screens and selector screens

A dialog screen allows you to enter values that are used in the operation performed. Some

fields are already completed from information held in the system. Usually, you can changethis data from the default values.

A selector screen is a dialog screen on which there is only one value to change. The value

usually indicates the object which is acted upon by the subsequent dialog and AIXcommand.

Entering data

To enter data, move the highlighted bar to the value you want to change. Then, either enter

a value or select one from a list. Fields that you can type in have square brackets [ ]. Fieldsthat have data that is larger than the field width, have angle brackets < >, to indicate that

there is data further to the left, right, or both sides of the display area.


IBM Power Systems

Dialog screen

Change / Show Day and Time

Type or select values in entry fields.

Press Enter AFTER making all desired changes.

[Entry Fields]

YEAR (00-99) [08] #

MONTH (01-12) [10] #

DAY (1-31) [08] #

HOUR (00-23) [11] #

MINUTES (00-59) [23] #

SECONDS (00-59) [06] #

F1=Help F2=Refresh F3=Cancel F4=List

F5=Reset F6=Command F7=Edit F8=Image


Change / Show Day and Time



[Entry Fields]

YEAR (00-99) [08] #

MONTH (01-12) [10] #

DAY (1-31) [08] #

HOUR (00-23) [11] #

MINUTES (00-59) [23] #

SECONDS (00-59) [06] #




# smit date

Commandpreview

Current fast path:"date"

Shell exit, very

useful to checksomething prior to

execution

7/23/2019 AN121STUD


Student Notebook




Special symbols

Special symbols on the screen are used to indicate how data is to be entered:

Asterisk (*): This is a required field.

Number sign (#): A numeric value is required for this field.

Forward slash (/): A pathname is required for this field.

X: A hexadecimal value is required for this field.

Question mark (?): The value entered is not displayed.

Plus sign (+): A pop-up list or ring is available.

An asterisk (*) in the leftmost column of a line indicates that the field is required. A value

must be entered here before you can commit the dialog and execute the command. In theASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To

access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number ofoptions are available, use the Tab key to cycle through the options.

In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> todisplay a pop-up window.

Use of particular keys

The following keys can be used while in the menus and dialog screens. Some keys are

only valid in particular screens. The keys that are only valid for the ASCII interface aremarked (A). The keys that are only valid for the Motif interface are marked (M).

F1 (or ESC-1) Help: Show contextual help information.

F2 (or ESC-2) Refresh: Redraw the display. (A)

F3 (or ESC-3) Cancel: Return to the previous screen. (A)

F4 (or ESC-4) List: Display a pop-up list of possible values. (A)

F5 (or ESC-5) Reset: Restore the original value of an entry field.

F6 (or ESC-6) Command: Show the AIX command that is executed.

F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up list.

F8 (or ESC-8) Image: Save the current screen to a file (A) and show the

current fastpath.

F9 (or ESC-9) Shell: Start a sub-shell. (A)

F9 Reset: all fields. (M)

F10 (or ESC-0): Exit: Exit SMIT immediately. (A)

F10: Go to the command bar. (M)

F12 Exit: Exit SMIT immediately. (M)

Ctrl-l List: Give a pop-up list of possible values. (M)

7/23/2019 AN121STUD


Student Notebook




5.2

empty PgDn (or Ctrl-v): Scroll down one page.

PgUp (or ESC-v): Scroll up one page.

Home (or ESC-<): Go to the top of the scrolling region.

End (or ESC->): Go to the bottom of the scrolling region.

Enter: Do the current command or select from a single-selection pop-up list.

/text: Finds the text in the output.

n: Finds the next occurrence of the text.

7/23/2019 AN121STUD


Student Notebook




Figure 2-8. Output screen AN121.1

Notes:

Fields on first line of output

The Command field can have the following values: OK, RUNNING, and FAILED.

The value of the stdout field indicates whether there is standard output, that is, whether

there is output produced as a result of running the command. The output is displayed in thebody section of this screen.

The value of the stderr field indicates whether there are error messages. In this case, there

are no error messages.

Note that, in the Motif version of SMIT, a representation of a person in the top right-handcorner of the screen is used to indicate the values of the Command field.

Body of the screen

The body of the screen holds the output or error messages from the command. In thisexample, there is output, but there are no error messages.


IBM Power Systems

Output screen

COMMAND STATUS

Command: OK stdout: yes stderr: no

Before command completion, additional instructions may appear below.

Wed 8 Oct 11:23:06 2008

F1=Help F2=Refresh F3=Cancel F6=Command

F8=Image F9=Shell F10=Exit /=Find

n=Find Next

COMMAND STATUS


Before command completion, additional instructions may appear below.

Wed 8 Oct 11:23:06 2008

F1=Help F2=Refresh F3=Cancel F6=Command

F8=Image F9=Shell F10=Exit /=Find

n=Find Next

Commandcompleted

successfully

Standard Outputfollowing command

execution(Stdout)

NoStandard

error

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-9. SMIT log and script files AN121.1

Notes:

Overview

SMIT creates three files in the $HOME directory of the user running SMIT. If these files

already exist, then SMIT appends to them. These files can grow quite large over time,especially during installations. The user must maintain and truncate these files, when

appropriate.

The smit.log file

The smit.log file contains a record of every SMIT screen, menu, selector, and dialogvisited, the AIX commands executed, and the output from these commands. When the

image key is pressed, the screen image is placed in the smit.log file. If there are error orwarning messages, or diagnostic or debugging messages from SMIT, then these are also

appended to the smit.log file.

The smit.script file


IBM Power Systems

SMIT log and script files

• $HOME/smit.logRecords a log of all menu and dialog screens visited, all commands executed,

and their output.

Records any errors during the SMIT session.

• $HOME/smit.script

Shell script containing all AIX commands executed by SMIT

• $HOME/smit.transactionSMIT transactions log

Records date, description and command script output of the commandsexecuted

smit.log

smit.script

smit.transaction

smitCommandexecution

SMIT output will beredirected to file: /tmp/new-script. No commands will be

run.# smitty –xs /tmp/new-script

7/23/2019 AN121STUD


Student Notebook




The smit.script file contains the AIX commands executed by SMIT, preceded by the dateand time of execution. This file can be used directly as a shell script to perform tasks

multiple times, or it can be used as the basis for more complex operations.

The smit.transaction file

SMIT since AIX 5.2 has a relatively new file, smit.transaction. This file logs all theexecuted commands similar to smit.script. The difference being smit.script logs all

commands, while smit.transaction only logs command_to_executes, see smit.log file.

For example, the user backs up the system using smit.

smit.script file

#

# [Oct 13 2008, 20:00:19]

#

/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08

smit.transaction file

#=--------------------------------------------

# DATE: Oct 13 2008, 20:00:19

# DESCRIPTION: Back Up the System

#=--------------------------------------------

/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-10. Web-Based System Manager AN121.1

Notes:

Web-based System Manager, offers a comprehensive suite of system management tools

for the AIX operating system. Its main aim was to allow administrators with Microsoft

Windows system administration skills to easily manage an AIX operating system. However,because it is Java based it is more cumbersome to use than SMIT and apart from HMC

usage, never really grew in popularity.

Now with AIX6, users should consider using IBM Systems Director Console for AIX.


IBM Power Systems

Web-Based System Manager

• A Java based GUI, similar to SMIT in functionality

• Part of AIX (available by default), based on a client/server model• Resource intensive and more cumbersome to use than SMIT

• For AIX6, users should consider using IBM Systems Director Consolefor AIX

7/23/2019 AN121STUD


Student Notebook




Figure 2-11. IBM Systems Director Console for AIX AN121.1

Notes:

IBM Systems Director Console for AIX

The IBM Systems Director Console for AIX, also known as the Console, is a new

management interface that allows administrators to manage AIX 6.1 remotely through abrowser. It provides web access to common systems management tasks. The console is

included as part of AIX 6.1. The only additional component required is a web browser.

The Console is named after the IBM Systems Director because it is built on the samegraphical user interface as the IBM Systems Director. Although the Console is named after

the IBM Systems Director, it is not a prerequisite. All components necessary to run theConsole are included in AIX 6.1.

The Console also includes menu links to the Systems Management Interface Tool (SMIT),

Web-based System Manager, and Distributed Command Execution Manager (DCEM).DCEM is a new facility to securely execute SMIT operations or other commands on

multiple machines at one time. This can improve administrator efficiency by reducing theneed to log in to multiple systems to run the same systems management task.


IBM Power Systems

IBM Systems Director Console for AIX

• New web based management interface in AIX 6.1• Enables converged consoles

– Integrated solutions console – Lightweight infrastructure

• Includes links to SMIT and WebSM tasks• Requires Java v5• Installed by default

– sysmgt.pconsole.rte – sysmgt.pconsole.apps.wdcem – sysmgt.pconsole.apps.websm

– sysmgt.pconsole.apps.wrbac – sysmgt.pconsole.apps.wsmit – lwi.runtime

# lssrc -s pconsole

Subsystem Group PID Status

pconsole pconsole 737388 active

# netstat -a |grep 5336

tcp 0 0 *.5336 *.* LISTEN

# lssrc -s pconsole


pconsole pconsole 737388 active

# netstat -a |grep 5336

tcp 0 0 *.5336 *.* LISTEN

How to checkthat it is

running

7/23/2019 AN121STUD


Student Notebook




5.2

empty Lightweight Infrastructure (lwi.runtime)

The Lightweight Infrastructure (LWI) is a small footprint, simple to configure, a secureinfrastructure for hosting web applications, web services, and other application related

components. The LWI is based on Open Services Gateway Initiative (OSGi) architectureand is derived from WebSphere Everyplace Deployment 6.0 (WED). The LWI is comprised

of the base OSGi/Eclipse service platform plus additional custom components and bundles

which support web applications, web services, and the building of components.

7/23/2019 AN121STUD


Student Notebook




Figure 2-12. Console interface AN121.1

Notes:

Logging into the console

IBM Systems Director Console for AIX relies on your AIX user account for user-logon

security. If the user ID that you provide is already logged into the console, the consoleprompts you to choose between logging out from the other session or returning to the login

page. If you choose to log out from the other session, the console will not recover anyunsaved changes that were made by that user.

Use the Logout link in the console toolbar when you are finished using the console to

prevent unauthorized access. If there is no activity during the login session for an extendedperiod of time, the session expires and you must log in again to access the console. The

default session timeout period is 30 minutes.

If you encountered the login problem, please check the following items:

• No user account on the target server?

• Have the administrator create an account.

• Password expired or not set (new user account)?


IBM Power Systems

Console interface

• Web browser-based access – https://<hostname (or IP)>:5336/ibm/console (Defaults to SSL. Use 5335 for non-SSL)

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Log in through local terminal or telnet, and set the password.

• Already logged into console?

• Look for a warning message which gives you the option to terminate the previoussession.

You can log into the console as root, which gives you the authority to perform all tasks, or

you can delegate certain tasks to non-root users. If the only user that you want to authorizeas a console user is root, no further set up is required.

The root id has console administrator authorization, which authorizes them to launch anyconsole task. By default, console tasks are visible only to root. If you want to authorize

non-root users to perform console tasks, additional setup is required. You must authorizeeach user to access one or more tasks that appear in the console navigation area and you

must assign each user the AIX authorizations (RBAC) for the actions performed by thesetasks.

Changing port values

IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If youneed to change the port numbers, modify the following properties in the

/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change

these ports:

• com.ibm.pvc.webcontainer.port=5335

• com.ibm.pvc.webcontainer.port.secure=5336

In addition, modify /pconsole/lwi/conf/webcontainer.properties. Change all occurrences

of 5336 to the secure port you wish to use.

Console securityBy default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer(SSL) certificate that enables HTTPS connections between the IBM Systems Director

Console for AIX and the Web browser client.

7/23/2019 AN121STUD


Student Notebook




Figure 2-13. Console applications AN121.1

Notes:

Within pconsole exists a number of applications:

• OS management

This is the core of the application. Menu options are similar to SMIT but in a redesigned

new layout.

• Portlets/Modules

Are facilities within pconsole which provide system information and health details

• Classical SMIT

Very useful for those who still prefer the look and feel of traditional SMIT.

• Distributed Command Execution Manager (DCEM)

This is a graphical wrapper around an existing UNIX ‘dsh' utility. It allows commands and

scripts to be executed on multiple hosts.


IBM Power Systems

Console applications

• OS Management (new SMIT-based tasks)• Portlets/Modules

– For example, System Health

• Classical SMIT – Classic-style smit menus for those who prefer a more traditional look

and feel

• Distributed Command Execution Manager (DCEM) – Is used to execute commands on multiple systems in parallel. – Is based on the standard UNIX dsh function

• On AIX, this is part of the Cluster Systems Management (CSM) product,

csm.dsh which is installed as part of a base AIX install. – Supports groups of systems – Supports rsh and ssh authentication

7/23/2019 AN121STUD


Student Notebook




5.2

empty For further information on dsh, see the AIX man page or the CSM documentation:http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm

.doc/csm141/am7cm11052.html

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 2-15. System health (1 of 3) AN121.1

Notes:

IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after

a certain time interval to ensure the information is always consistent and up-to-date. The

example above is the system health portal. This shows detailed system and performanceinformation for the host running pconsole.

Metrics

The metrics feature of IBM Systems Director Console for AIX, provides the overall health ofthe monitored metrics for the managed server. The window provides common status

information about the memory and CPUs. The main page provides a description of themonitored metrics with separate rows for summary information on each metric. These

include the following:

• Select: Click to determine the metric displayed in the Metric Detail feature

• Metric: Displays the name of the metric being monitored

• Trend: Displays a graphic to indicate the recent changes to the metric

• Previous: Displays the prior value for the metric

• Latest: Displays the last monitored value for the metric


IBM Power Systems

System health (1 of 3)

• Portlets: System summary and Metric DetailsTime to

refresh

Refreshimmediately

Section-specific

help

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

Summary Information

The summary feature provides the overall health status of the managed server. The

window provides common status information about the overall system, network, andpaging space configuration.

System Configuration

This expanded section displays information regarding the System p hardware and AIX

settings including such information as the model and serial number, processor type,number and speed, memory size and status, and system recovery settings, like the auto

restart setting. All these values are related to the overall health and status of the server.Some of these values may be changed in the System Environment area of the console.

Network Configuration

This expanded section displays information regarding the network settings including such

information as IP address, hostname, subnet mask, domain name, gateway, and nameserver. All these values are related to the overall health and status of the network


IBM Power Systems


• Configuration Information

7/23/2019 AN121STUD


Student Notebook




connections for the server. Some of these values may be changed in the Communicationsarea of the console.

Paging Space Configuration

This expanded section displays information regarding the operating system paging space

setting which indicates the total paging space available. This value is related to the overallhealth and status of the server. The value may be changed in the System Storage

Management area of the console.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

Top Processes

The process feature provides a list of the running processes in a table view. The window

provides common status information about each individual process. A table describes eachprocess with separate columns to view detailed information. The table is initially sorted by

the parent ID. These columns include the following:

• Process Name displays the command that initiated the process.

• Process ID displays the ID number for the process.

• Parent ID displays the process ID number for the parent process that started theprocess.

• CPU % displays the percent of the total CPU available used by the process in the cycle

before the last refresh.

• Time displays the total CPU time the process has been running before the last refresh.

• User displays the user ID under which the process is running.


IBM Power Systems


• Portlets: Top Processes and File Systems

7/23/2019 AN121STUD


Student Notebook




File System

The file system feature provides a list of the defined file systems in a table view. Thewindow provides common status information about each individual file system. The table

describes each individual file system with separate columns to view detailed information.The table is sorted by the file system name. These columns include the file system name,

mount point, size, and free area.

• File System displays the file system name.

• Mount Point displays the current mount location for the file system.

• Size displays the size of the file system in Mbytes.

• Free Space displays the size of the free space available in the file system in Mbytes.

• Free % displays the percentage of the total space not in use.

• Page indicates the current page and total number of pages of file system information.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 2-18. Classical SMIT AN121.1

Notes:

IBM Systems Director Console for AIX provides a web interface for classical SMIT. The

classical SMIT interface features the same menu structures and dialog panels as the ASCII

SMIT.


IBM Power Systems

Classical SMIT

7/23/2019 AN121STUD


Student Notebook




Figure 2-19. DCEM portlet (1 of 5) AN121.1

Notes:

DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is

based on the standard UNIX dsh (distributed shell) command.


IBM Power Systems

DCEM portlet (1 of 5)

Graphical drivenUNIX dsh

functionality

L P A R :

A I X 2

L P A R :

A I X 3

L P A R :

A I X 4

L P A R :

A I X 1

Commands

dsh

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook





Notes:

Moving to the Target Specification tab, create a set of targets on which the command will

run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and

NIM hosts and groups.

CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed

over a network. Both CSM and NIM hosts can be grouped together for ease ofmanagement. For these fields to be used, the IBM Systems Director Console must be

running directly on either a CSM or NIM server respectively.

Groups, CSM, and NIM are concepts beyond the scope of this course.


IBM Power Systems


Specifytarget

machines.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

Moving to the Options Tab, specify:

• Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you

want to make the remote execution secure. Either way, the pconsole server must beable to execute commands on the remote hosts without entering a password.

Otherwise, dsh commands will fail.

• Verify targets are responding: Select this check box to verify that targets areresponding before running the command.

The following options may be used when running the command:

• Run: This option runs the command on the specified targets.

• Run and Save: This option runs the command on the specified targets and saves the

current command specification as a script.

• Save: This option saves the current command specification as a script. All information

specified in the command specification tab, targets tab, and options tab will be saved.


IBM Power Systems


Defaults torsh, ssh isoptional

Confirmationthat job isrunning

7/23/2019 AN121STUD


Student Notebook




The Generate Script button will produce a perl command script in the /dcem/scripts directory on the pconsole server.

The submission report, will only confirm that the job is running. To see wether the job has

completed successfully, click the View Status button.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

After selecting view status, as shown on the previous visual, the Job Status window will

appear. In the example shown above, the DCEM job was completed successfully. To obtain

further information, click the View Report button.


IBM Power Systems


Status:Completed OK

or failure!

Report output.Further host output

can be seen byselecting the links

below.

7/23/2019 AN121STUD


Student Notebook




Figure 2-24. Console logging and tracing AN121.1

Notes:

The Systems Director Console log file are stored in XML format in the

/var/log/pconsole/logs directory.

Console Logging and Tracing

• Error log file

The system appends log messages to a single log file. A new log file is created each timeyou start Integrated Solutions Console. Logging messages are written to the file

error-log-0.xml of the /logs subdirectory of the console installation. This file is alwayslocked by the console to write log messages.

• Trace log file

The system appends traces messages to a single log file. A new trace file is created each

time you start Integrated Solutions Console. Trace messages are written to the filetrace-log-0.xml of the /logs subdirectory of the console installation. This file is always

locked by the console to write trace messages.


IBM Power Systems

Console logging and tracing

• Console Logs – Location: /var/log/pconsole/logs

• Formatted using XML – Rotated using filenames error-log-#.xml and trace-log-#.xml

• Classical SMIT logs – Location: $HOME/wsmit.log & wsmit.script

• DCEM log – Location: $HOME/dcem/logs/dcem.log

# ls /var/log/pconsole/logs

error-log-0.xml error-log-5.xml trace-log-3.xml

error-log-0.xml.lck Log_Viewer.xml trace-log-4.xml

error-log-1.xml trace-log-0.xml trace-log-5.xml

error-log-2.xml trace-log-0.xml.lck

error-log-3.xml trace-log-1.xml


# ls /var/log/pconsole/logs

error-log-0.xml error-log-5.xml trace-log-3.xml

error-log-0.xml.lck Log_Viewer.xml trace-log-4.xml

error-log-1.xml trace-log-0.xml trace-log-5.xml

error-log-2.xml trace-log-0.xml.lck



7/23/2019 AN121STUD


Student Notebook




5.2

empty Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to thestandard SMIT log file names, to differentiate these pconsole logs from the standard AIX

SMIT logs. There is no equivalent smit.transaction log produced through pconsole.

An example DCEM.log:

------------------------------------------------------------

Command name: UnspecifiedDefault user: root

Command definition:

export PATH=\$PATH;uname -a

Started: Tue Oct 14 17:06:34 2008

Ended: Tue Oct 14 17:06:35 2008

Successful targets:

DSH nodes: statler.lpar.co.uk

waldorf.lpar.co.uk

Failed targets:

none

Targets not run:

none

Status: Command execution completed.

-----------------------------------------------------------

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint

1. List the three main system management tools available on AIX.1. ______________

2. ______________

3. ______________

2. What is the purpose of the smit.script file? _______________________________

_______________________________

3. What information can one get from looking at the

system configuration details in IBM Systems DirectorConsole? ________________________________

________________________________

________________________________

________________________________

________________________________

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Exercise 2

AIX systemmanagement

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit summary


• Describe the benefits of the system managementtools available with AIX version 6.1

• Understand the functionality of SMIT, WebSM, andthe new IBM Systems Director Console for AIX

• Explain how system management activity is logged• Look at how we can use IBM Systems Director

Console to monitor system health and to runcommands concurrently on multiple hosts

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 3. System startup and shutdown 3-1

5.2

empty Unit 3. System startup and shutdown


This unit describes how to start up and shut down the managed

system and AIX partitions.



• Describe the System and AIX startup process

• Activate the System and AIX partitions

• Understand the AIX startup modes

• Describe the contents of the /etc/inittab file • Understand the role of the System Resource Controller and how to

manage subsystems

• Explain how to shut down the system and AIX partitions


Accountability:

• Checkpoint


References

Online AIX Version 6.1 Operating System and Device

Management


following address:


7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Level 2: Standby state

To advance to the second power on level, a power on command must be issued to themanaged system. At this point, all devices are initialized and ready to use. However, no

partitions are running yet, so their devices are not yet in use. Do not attempt to removehardware from the system at this level. The HMC will report that the managed system is

in the Standby state.

Level 3: Operating state

Once you start the first partition on the system, your managed system will be at the third

and highest power on level. The HMC will report the state of the managed system asOperating. This means it has been fully powered on, initialized, and is running at least

one partition. With the proper procedures and commands, hot-pluggable devices may

be physically removed from the partitions. Once your managed system is in theOperating state, it remains there until you issue a power off command or a system error

changes the state. If you shut down all of the partitions, but do not power off themanaged system, the HMC will still report the Operating state. However, at this point,

the system is in a state functionally equivalent to the Standby state.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-3. Managed system activation AN121.1

Notes:

Introduction

The visual above shows a managed system in the Power Off state. The HMC menu is

shown where you can choose to power on the system. This is the selected menu whenthe managed system is selected. The next visual shows you the screen that appears

after choosing Power On from the menu.

HMC command for managed system power on

The chsysstate HMC command can also be used in an SSH session to change thestate of the managed system or partitions. Specific examples of power on commands

will be shown on the following pages.

Scheduling the managed system power on

You can schedule an automatic managed system power on for a particular date andtime, and it can be scheduled to repeat. This application is found under HMC

Management > HMC Configuration > Schedule Operations.


IBM Power Systems

Managed system activation

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o on

7/23/2019 AN121STUD


Student Notebook




Figure 3-4. Start-up modes for AIX (1 of 2) AN121.1

Notes:

System Management Services

To boot into SMS, either press the 1 key shortly after partition activation, or set the

partition to specifically SMS boot. To do this, click the Advanced button on activationand set the boot mode to SMS.

SMS is the Power System firmware menu. The code is shipped with the hardware. This

resource can be used to select the boot device, or change the order of the bootlist andboot the system into Service mode, if maintenance is required.

Service mode enables the user to run diagnostics or access the system in single-user

mode.


IBM Power Systems

Start-up modes for AIX (1 of 2)

• The two most popular start-up modes are: – SMS mode (the firmware menu)

– Normal mode

• SMS mode is used for : – Selecting the boot device, for example: Network and IPL parameters

– Booting into Service (Maintenance) mode, examples:• To fix a machine that will not boot• Recover root password

PowerPC Firmware

Version EL320_083

SMS 1.7 (c) Copyright IBM Corp. 2000,2008 All rights reserved.

----------------------------------------------------------------

Main Menu

1. Select Language

2. Setup Remote IPL (Initial Program Load)

3. Change SCSI Settings

4. Select Console

5. Select Boot Options

SMS TopLevel

Firmware

Menu

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-5. Start-up modes for AIX (2 of 2) AN121.1

Notes:

Start-up modes:

• Normal: The logical partition starts up as normal. This is the mode that you use to

perform most everyday tasks. When the machine does a normal boot, it completes thefull AIX boot sequence and start processes, enables terminals and generates a login

prompt, to make it available for multi-user access. It also activates the disks, sets upaccess to the files and directories, starts networking, and completes other machine

specific configurations.

• Diagnostic with default boot list: The logical partition boots using the default boot listthat is stored in the system firmware. This mode is normally used to boot diagnosticsfrom the CD/DVD drive. Use this boot mode to run standalone diagnostics. The

diagnostic CD is delivered with the Power H/W.

• Diagnostic with stored boot list: The logical partition performs a service mode boot

using the service mode boot list saved in NVRAM. Use this boot mode to run onlinediagnostics.

• Open Firmware OK prompt: The logical partition boots to the open firmware prompt.This option is used by service personnel to obtain additional debug information.


IBM Power Systems

Start-up modes for AIX (2 of 2)

• Normal mode

– AIX boots into multi-user mode (run level 2). – Users can log in, the system can be configured, and applications can start. – The bootlist command can set/change the start-up boot device.

• Other less common start-up modes:

– Diagnostic with default boot list• Used to run diagnostics using diagnostic CD

– Diagnostic with stored boot list• Used to run online diagnostics

– Open firmware• Open firmware prompt. Use by service/support personnel to obtain low level

debug information

# bootlist -m normal -o

hdisk0 blv=hd5

# bootlist -m normal ent0 bserver=10.47.1.33 client=10.47.1.101

# bootlist -m normal -o

hdisk0 blv=hd5

# bootlist -m normal ent0 bserver=10.47.1.33 client=10.47.1.101

Displays the currentboot device (hdisk0)

Changes the currentnormal bootlist to boot over

the network through deviceent0 to a network installserver 10.47.1.33

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-7. AIX partition activation (1 of 2) AN121.1

Notes:

Activating a partition

To activate a partition from the HMC Server Management application, select the

partition name and choose Activate from the menu. An Activate Logical Partitionscreen will appear from which the user can select the start-up profile.


IBM Power Systems

AIX partition activation (1 of 2)

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r lpar \

-o on -n <lpar> -f <profile name> -b sms

To activateinto SMS

7/23/2019 AN121STUD


Student Notebook




Figure 3-8. AIX partition activation (2 of 2) AN121.1

Notes:

Activating a partition (continued)

Partitions can have one or many profiles assigned, one of which will be the default.

Profiles contain the attributes of the partition such as process and memoryrequirements, and assigned devices. At the time of starting the profile a virtual console

session can be optionally started. The Advanced button enables users to set thestart-up mode. A default start-up mode will be contained within the profile.


IBM Power Systems

AIX partition activation (2 of 2)

AIX Version 6

Copyright IBM Corporation, 1982, 2007

Console login:

AIX Version 6

Copyright IBM Corporation, 1982, 2007

Console login:

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-9. The alog command AN121.1

Notes:

Overview

The alog command is a BOS feature that provides a general-purpose logging facility

that can be used by any application or user to manage a log. The alog command readsstandard input, writes the output to standard out, and copies it to a fixed size file at the

same time.

The log file

The file is treated as a circular log. This means that when it is filled, new entries arewritten over the oldest entries. Log files used by alog are specified on the command

line or defined in the alog configuration database maintained by the ODM. Thesystem-supported log types are boot, bosinst, nim, and console.

Use in boot process

Many system administrators start the boot process, and then go and get a cup of coffee.

Unfortunately, boot messages may appear on the screen, only to be scrolled and lost,never to be seen by the user. In some instances, these messages may be important,


IBM Power Systems

alog program

/var/adm/ras/bootlog

/var/adm/ras/BosMenus.log

/var/adm/ras/bosinst.log/var/adm/ras/nimlog

/var/adm/ras/conslog

/var/adm/ras/errlog

NIM Install

Process

Boot

Process

User

Applications

To view the boot log:

Use the

alog

command

to view

logs

The alog command

# alog –o –t boot# alog –o –t boot

7/23/2019 AN121STUD


Student Notebook




particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot

script and the configuration manager during the boot process to log important events.

To view the boot information, the command alog –o -t boot may be used. If themachine does not boot, boot the machine into maintenance mode and view the boot

log contents.

Viewing logs with SMIT

You can also use SMIT to view the different system-supported logs. Use the followingcommand:

# smit alog

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Format of entries

The individual line entries in /etc/inittab contain the following fields:

• Id: Up to 14 characters that identify the process.

• Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of

0-9. If the telinit command is used to change the run level, a SIGTERM signal is sent to

all processes that are not defined for the new run level. If, after 20 seconds, a processhas not terminated, a SIGKILL signal is sent. The default run level for the system is 2,which is AIX multiuser mode.

• Action: How to treat the process. Valid actions are:

- respawn: If the process does not exist, start it. If the process dies then restart it.

- wait: Start the process and wait for it to finish before reading the next line.

- once: Start the process and immediately read the next line. Do not restart it if it

stops.

- sysinit: Commands to be run before trying to access the console - off: Do not run the command.

- Command. Use the AIX command to run to start the process.

Run levels

AIX uses a default run level of 2. This is the normal multi-user mode. You may want to

perform maintenance on your system without having other users logged in. Thecommand shutdown -m places your machine into a single user mode terminating all

logins. Once the machine reaches the single user mode, you are prompted to enter the

root password. When you are ready to return to normal mode, type telinit 2.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-12. Directory and script control AN121.1

Notes:

Run level control scripts

Run level scripts enable system administrators to start and stop selected applications

and services, or perform tasks during system start-up, shutdown or during run levelchange. Run level scripts need to be created in the subdirectory of /etc/rc.d that is

specific to the run level. Scripts beginning with K are stop scripts, while scriptsbeginning with S are start scripts.


IBM Power Systems

Directory and script control

/etc/rc.d # ls –R

init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d

./init.d:

./rc2.d:

Ksshd Kwpars Ssshd

./rc3.d:

./rc4.d:

./rc5.d:

./rc6.d:

./rc7.d:

./rc8.d:

./rc9.d:

/etc/rc.d # ls –R

init.d rc rc2.d rc3.d rc4.d rc5.d rc6.d rc7.d rc8.d rc9.d

./init.d:

./rc2.d:

Ksshd Kwpars Ssshd

./rc3.d:

./rc4.d:

./rc5.d:

./rc6.d:

./rc7.d:

./rc8.d:

./rc9.d:

Scripts starting withS are invoked at

boot time by /etc/rc.d/rc

Scripts starting with K areinvoked synchronously by

shutdown with one argument:'stop'. They are also called on

start-up prior to invoking the startscripts.

• Start-up and stops scripts can be defined for each run levelwhich are automatically invoked at entry and exit.

7/23/2019 AN121STUD


Student Notebook




Figure 3-13. System resource controller AN121.1

Notes:

Purpose of the System Resource Controller

The System Resource Controller (SRC) provides a set of commands to make it easier

for the administrator to control subsystems. A subsystem is a daemon, or server, that iscontrolled by the SRC. A subserver is a daemon that is controlled by a subsystem.

Daemon commands and daemon names are usually denoted by a d at the end of thename. For example, inetd is a subsystem and can be controlled through SRC

commands. rlogind is a subserver which is started by the inetd subsystem as shown in

the visual.


IBM Power Systems

System resource controller

• Provides a single interface to control subsystems

• Controls individual subsystems or groups of subsystems

# ps -ef |grep src

UID PID PPID C STIME TTY TIME CMD

root 172178 1 0 18 Sep - 0:00 /usr/sbin/srcmstr

# ps -T 172178

PID TTY TIME CMD

172178 - 0:00 srcmstr

151672 - 0:01 |\--syslogd

163968 - 0:00 |\--inetd

303160 - 0:00 | \--rlogind

512170 pts/0 0:00 | \--ksh

463024 pts/0 0:00 | \--ps

168088 - 0:00 |\--portmap180418 - 0:00 |\--IBM.ServiceRMd

188650 - 1:24 |\--rmcd

200856 - 3:47 |\--clstrmgr

204904 - 0:00 |\--tftpd

176288 - 0:00 | \--tftpd

213102 - 0:00 |\--sshd

221334 - 0:00 |\--snmpdv3ne

254124 - 0:00 |\--IBM.DRMd

262276 - 0:59 |\--IBM.CSMAgentRMd

417800 - 0:00 \--ctcasd

# ps -ef |grep src


root 172178 1 0 18 Sep - 0:00 /usr/sbin/srcmstr

# ps -T 172178

PID TTY TIME CMD

172178 - 0:00 srcmstr

151672 - 0:01 |\--syslogd

163968 - 0:00 |\--inetd

303160 - 0:00 | \--rlogind

512170 pts/0 0:00 | \--ksh

463024 pts/0 0:00 | \--ps

168088 - 0:00 |\--portmap180418 - 0:00 |\--IBM.ServiceRMd

188650 - 1:24 |\--rmcd

200856 - 3:47 |\--clstrmgr

204904 - 0:00 |\--tftpd

176288 - 0:00 | \--tftpd

213102 - 0:00 |\--sshd

221334 - 0:00 |\--snmpdv3ne

254124 - 0:00 |\--IBM.DRMd

262276 - 0:59 |\--IBM.CSMAgentRMd

417800 - 0:00 \--ctcasd

SRCMaster

process

ParentPID = init

Subsystem

Subserver

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-14. Listing subsystems AN121.1

Notes:

Introduction

In this section, we discuss some examples of SRC commands.

Listing SRC status

The lssrc command is used to show the status of the SRC subsystems. In the example

shown on the visual, we are checking the status of all subsystems using the -a flag andthe TCP/IP group using the -g flag.

Specifying a subsystem or subsystem groupThe -s and -g flags are used to specify subsystems or subsystem groups, respectively.


IBM Power Systems

Listing subsystems

• The lssrc command is used to list subsystems

# lssrc -a


syslogd ras 151672 active

portmap portmap 168088 active

inetd tcpip 163968 active

tftpd tcpip 204904 active

sshd ssh 213102 active

ctrmc rsct 188650 active

snmpd tcpip 221334 active

clcomdES clcomdES 225414 active

clstrmgrES cluster 200856 active

ctcas rsct 417800 active

qdaemon spooler inoperative

writesrv spooler inoperative

lpd spooler inoperative

…. Removed for clarity …..

# lssrc –g tcpip |grep activeSubsystem Group PID Status




# lssrc -a


syslogd ras 151672 active

portmap portmap 168088 active



sshd ssh 213102 active

ctrmc rsct 188650 active


clcomdES clcomdES 225414 active

clstrmgrES cluster 200856 active

ctcas rsct 417800 active

qdaemon spooler inoperative

writesrv spooler inoperative

lpd spooler inoperative

…. Removed for clarity …..

# lssrc –g tcpip |grep activeSubsystem Group PID Status




7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-16. AIX partition shutdown (1 of 2) AN121.1

Notes:

Introduction

The SMIT shutdown fastpath or the shutdown command is used to shut the system

down cleanly. If used with no options, shutdown displays a message on all enabledterminals (using the wall command), then (after one minute) disables all terminals, kills

all processes on the system, syncs the disks, unmounts all file systems, and then haltsthe system.

Some commonly used options

You can also use shutdown with the -F option for a fast immediate shutdown (no

warning), -r to reboot after the shutdown or -m to bring the system down intomaintenance mode. The -k flag specifies a “pretend” shutdown. It appears to all users

that the machine is about to shut down, but no shutdown actually occurs.

Shutting down to single-user mode

Use the following command to shut down the system to single-user mode: # shutdown-m


IBM Power Systems

AIX partition shutdown (1 of 2)

• The shutdown command, by default

– Gracefully stops all activity on the system – Warns users of an impending shutdown

# shutdown -Fr

SHUTDOWN PROGRAM

Thu 9 Oct 20:15:49 2008

0513-044 The sshd Subsystem was requested to stop.

Wait for 'Rebooting...' before stopping.

Oct 9 2008 20:15:50 /usr/es/sbin/cluster/utilities/clstop: called with

flags -f -y -s -N -S

0513-004 The Subsystem or Group, clinfoES, is currently inoperative.

Error logging stopped...

Advanced Accounting has stopped...

Process accounting stopped...

Stopping NFS/NIS Daemons

Connection closed.

# shutdown -Fr

SHUTDOWN PROGRAM

Thu 9 Oct 20:15:49 2008

0513-044 The sshd Subsystem was requested to stop.

Wait for 'Rebooting...' before stopping.

Oct 9 2008 20:15:50 /usr/es/sbin/cluster/utilities/clstop: called with

flags -f -y -s -N -S

0513-004 The Subsystem or Group, clinfoES, is currently inoperative.

Error logging stopped...Advanced Accounting has stopped...

Process accounting stopped...

Stopping NFS/NIS Daemons

Connection closed.

Do a fast shutdown,bypassing the

messages to users,and reboot the system.

7/23/2019 AN121STUD


Student Notebook




Creating a customized shutdown sequence

If you need a customized shutdown sequence, you can create a file called

/etc/rc.shutdown. If this file exists, it is called by the shutdown command and is

executed first, “that is, before normal shutdown processing begins”. This is useful if, forexample, you need to close a database prior to a shutdown. If rc.shutdown fails

(non-zero return code value), the shutdown is terminated.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-17. AIX partition shutdown (2 of 2) AN121.1

Notes:

From the HMC, the following shutdown options are supported. Generally, best practice is to

shutdown AIX from within the partition.

• Delayed: The HMC shuts down the logical partition using the delayed power-offsequence. This allows the logical partition time to end jobs and write data to disks. If the

logical partition is unable to shut down within the predetermined amount of time, it willend abnormally and the next restart may be longer than normal.

• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all

active jobs immediately. The programs running in those jobs are not allowed to performany job cleanup. This option might cause undesirable results if data has been partially

updated. Use this option only after a controlled shutdown has been unsuccessfullyattempted.

• Operating System: The HMC shuts down the logical partition normally by issuing a

shutdown command to the logical partition. During this operation, the logical partitionperforms any necessary shutdown activities. This option is only available for AIX logical

partitions.


IBM Power Systems

AIX partition shutdown (2 of 2)

• AIX shutdown can also be initiated from the HMC.

Do a fastshutdown,

shutdown -F

# ssh hscroot@<hmc> chsysstate -o osshutdown

7/23/2019 AN121STUD


Student Notebook




• Operating System Immediate: The HMC shuts down the logical partition immediatelyby issuing a shutdown -F command to the logical partition. During this operation, the

logical partition bypasses messages to other users and other shutdown activities. Thisoption is only available for AIX logical partitions.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 3-18. Managed system shutdown AN121.1

Notes:

Power down partitions first

Before you power off the managed system, you must first shut down the operating systems

in each of the running partitions. Otherwise, they will terminate abnormally which may leadto file system corruption.

After selecting the Power Off item from the Managed System's Operations task menu, you

must choose between the Normal power off procedure and the Fast power off procedure.

• Normal power off: The system ends all active tasks in a controlled manner. During thattime, the service processor and the POWER Hypervisor are allowed to perform cleanup

(end-of-job-processing).

• Fast power-off: The system ends all active tasks immediately. The programs running inthe service processor and the POWER Hypervisor are not allowed to perform any

cleanup.


IBM Power Systems

Managed system shutdown

• Ensure all partitions have been shutdown first!

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o off

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint

1. What is the first process that is created on the system

and which file does it reference to initiate all the otherprocesses that have to be started? ____________________________________________ ____________________________________________

2. Which AIX feature can be used to stop and startsubsystems and groups of daemons ?

____________________________________________

3. True or False: You can only execute the shutdowncommand from the console.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit summary


• Describe the System and AIX startup process

• Activate the System and AIX partitions

• Understand the AIX startup modes

• Describe the contents of the /etc/inittab file

• Understand the role of the System Resource Controllerand how to manage subsystems

• Explain how to shut down the system and AIX partitions

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 4. AIX installation 4-1

5.2

empty Unit 4. AIX installation


This unit describes the process of installing the AIX 6.1 operating

system.



• List the installation methods for AIX 6

• List the steps necessary to install the AIX version 6.1 baseoperating system

• Install and understand all the options when installing AIX 6.1 from

optical media

• Carry out post installation tasks


Accountability:

• Checkpoint


References

Online AIX Version 6.1 Installation and migration

SG25-7559 IBM AIX Version 6.1 Difference Guide (redbook)

SC23-6629 AIX Version 6.1 Release Notes

SC23-6630 AIX Version 6.1 Expansion Pack Release Notes


following address:http://publib.boulder.ibm.com/infocenter/systems/index.jsp

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives



• List the steps necessary to install the AIX version 6.1 baseoperating system

• Install and understand all the options when installing AIX 6.1from optical media

• Execute a network boot to use a configured NIM server


7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 4-3. AIX installation in a partition (DVD or CD) AN121.1

Notes:

To install AIX into a partition, the partition and profile must first be created through the

HMC. The partition must have access to a device slot which contains the optical media

drawer. If a virtualized environment is to be deployed, then the VIOS partition will probablyown the optical device. In that case, it is still possible to make this CD available to a

partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was addedwhich allows a media ISO image to be allocated to multiple partitions, through the

file-backed virtual optical device feature.

To install AIX from the optical drive, either boot into SMS mode and choose to boot from theoptical media device, or start the partition with the “Diagnostic with default boot list”. Thenfollow and interact with the menus.


IBM Power Systems

AIX installation in a partition (DVD or CD)

• Steps: Assume a partition and partition profile has already been created.1. Place the AIX DVD or CD in the drive.2. Activate the partition to SMS and open terminal window.3. Select boot device using SMS menus in the terminal window.4. Interact with the AIX install menus.

• Note, the partition must either: – Have PCI slot which controls a drive which will read CD-ROMsOR

– Be allocated a CD-ROM device though a VIOS server (as avirtual optical SCSI device)

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 4-4. Installing AIX from CD/DVD (1 of 2) AN121.1

Notes:

When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The

system will then display all devices of this type. In the visual, there is only one such device.

Select this device number and then press Enter.


IBM Power Systems

Select Media Type

9. List All Devices

Select Media Type

9. List All Devices

Select Device Type3. CD/DVD

Select Device Type

3. CD/DVD

Multiboot

1. Select Install/Boot Device

Multiboot

1. Select Install/Boot Device

Installing AIX from CD/DVD (1 of 2)

• Boot partition into SMS mode and select CD/DVD.

PowerPC Firmware

Version SF240_338


-------------------------------------------------------------------------------

Main Menu

1. Select Language

2. Setup Remote IPL (Initial Program Load) #then select the adapter & IP Parameters


4. Select Console


PowerPC FirmwareVersion SF240_338


-------------------------------------------------------------------------------

Main Menu

1. Select Language



4. Select Console


Select Device

Device Current Device

Number Position Name

1. - SCSI CD-ROM

( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )

Select Device

Device Current Device

Number Position Name

1. - SCSI CD-ROM

( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )

Select theCD/DVD drivefrom the list.

7/23/2019 AN121STUD


Student Notebook




Figure 4-5. Installing AIX from CD/DVD (2 of 2) AN121.1

Notes:

Once the optical media device is selected, we need to perform a normal boot and exit SMS

as shown in the visual. The partition will then proceed and boot from the optical media

drive. The first interactive step is to type <1>, and then press Enter to use the terminal asthe system console.


IBM Power Systems

Installing AIX from CD/DVD (2 of 2)

• The system will now boot from the CD/DVD.

Select Task

SCSI CD-ROM( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )

1. Information

2. Normal Mode Boot

3. Service Mode Boot

Select Task

SCSI CD-ROM

( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )

1. Information

2. Normal Mode Boot

3. Service Mode Boot

******* Please define the System Console. *******

Type a 1 and press Enter to use this terminal as the

system console.

>>> 1 Type 1 and press Enter to have English during install.

******* Please define the System Console. *******

Type a 1 and press Enter to use this terminal as the

system console.

>>> 1 Type 1 and press Enter to have English during install.

Are you sure you want to exit System Management Services?

1. Yes

2. No

Are you sure you want to exit System Management Services?

1. Yes

2. No

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 4-6. Installation and Maintenance AN121.1

Notes:

If option 1 is selected, a default system installation will occur. However, in most cases you

may want to see and change the default settings. To do this, type a <2> and press Enter.

Select 88 to display help on this or any subsequent installation screen.


IBM Power Systems

Installation and Maintenance

• Main Installation and Maintenance menu

• Best practice, always look first at the install options (2)

Welcome to Base Operating System


Type the number of your choice and press Enter. Choice is indicated by >>>.

>>> 1 Start Install Now with Default Settings

2 Change/Show Installation Settings and Install

3 Start Maintenance Mode for System Recovery

4 Configure Network Disks (iSCSI)

88 Help ?

99 Previous Menu

>>> Choice [1]: 2



Type the number of your choice and press Enter. Choice is indicated by >>>.

>>> 1 Start Install Now with Default Settings




88 Help ?

99 Previous Menu

>>> Choice [1]: 2

7/23/2019 AN121STUD


Student Notebook




Figure 4-7. Installation and Settings AN121.1

Notes:

The installation and Settings menu enables you to set the key options and configuration

settings to be deployed during installation.


IBM Power Systems

Installation and Settings

• Installation and Settings menu

• Let's explore each option in more detail.


Either type 0 and press Enter to install with current settings, or type the

number of the setting you want to change and press Enter.

1 System Settings:

Method of Installation.............New and Complete Overwrite

Disk Where You Want to Install.....hdisk0

2 Primary Language Environment Settings (AFTER Install):

Cultural Convention................English (United States)

Language ..........................English (United States)

Keyboard ..........................English (United States)

Keyboard Type......................Default

3 Security Model.......................Default

4 More Options (Software install options)

>>> 0 Install with the current settings listed above.

+-----------------------------------------------------

88 Help ? | WARNING: Base Operating System Installation will

99 Previous Menu | destroy or impair recovery of ALL data on the

| destination disk hdisk0.

>>> Choice [0]:


Either type 0 and press Enter to install with current settings, or type the

number of the setting you want to change and press Enter.

1 System Settings:

Method of Installation.............New and Complete Overwrite

Disk Where You Want to Install.....hdisk0

2 Primary Language Environment Settings (AFTER Install):

Cultural Convention................English (United States)

Language ..........................English (United States)

Keyboard ..........................English (United States)

Keyboard Type......................Default

3 Security Model.......................Default

4 More Options (Software install options)

>>> 0 Install with the current settings listed above.

+-----------------------------------------------------




>>> Choice [0]:

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




user-created file systems. System configuration has to be done after doing apreservation installation.

Migration Install

Use the Migration Install method to upgrade an AIX 5L to an AIX 6 or later version,

while preserving the existing root volume group. This method preserves all file systemsexcept /tmp, as well as the logical volumes and system configuration files. Obsolete or

selective fix files are removed.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 4-11. Security Models AN121.1

Notes:

Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables

Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based

security.

As compared to regular AIX, Trusted AIX label-based security implements labels for all

subjects and objects in the system. Access controls in the system are based on labels thatprovide for an MLS environment and include support for the following:

• Labeled objects: Files, IPC objects, network packets, and other labeled objects

• Labeled printers

• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6

Note that once you choose this mode of installation, you will not be able to go back to a

regular AIX environment without performing an overwrite install of regular AIX. Evaluateyour need for a Trusted AIX environment before choosing this mode of install.


IBM Power Systems

Security Models

• These settings are beyond the scope of this class. They arecovered in IBM training course: AIX Security (AU47G).

• Security models are all set to NO by default.

Security Models

Type the number of your choice and press Enter.

1. Trusted AIX............................................. No

2. Other Security Options (Trusted AIX and Standard)

Security options vary based on choices.

LSPP, SbD, CAP/CCEVAL, TCB

>>> 0 Continue to more software options.

88 Help ?

99 Previous Menu

>>> Choice [0]:

Security Models


1. Trusted AIX............................................. No

2. Other Security Options (Trusted AIX and Standard)

Security options vary based on choices.

LSPP, SbD, CAP/CCEVAL, TCB

>>> 0 Continue to more software options.

88 Help ?

99 Previous Menu

>>> Choice [0]:

1. Secure by Default....................................... No

2. CAPP and EAL4+ Configuration Install.................... No

3. Trusted Computing Base Install.......................... No

1. Secure by Default....................................... No

2. CAPP and EAL4+ Configuration Install.................... No

3. Trusted Computing Base Install.......................... No

7/23/2019 AN121STUD


Student Notebook




Do not forget standard AIX provides a set of security features to enable informationmanagers and administrators to provide a basic level of system and network security. The

primary AIX security features include the following:

• Login and password controlled system and network access

• User, group, and world file access permissions

• Access control lists (ACLs)• Audit subsystem

• Role Based Access Control (RBAC)

Trusted AIX builds upon these primary AIX operating system security features to further

enhance and extend AIX security into the networking subsystems.

Type <2> and press Enter to continue to other security options. For Trusted AIX, the choicewill be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,

CAPP/EAL4+, and Trusted Computing Base.

ATTENTION: Evaluate your need for any security options before making your choice.Additional information is available in your security documentation.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 4-13. Install summary and installation AN121.1

Notes:

Prior to installation, a summary page is displayed. If you are ready to proceed with your

options, select 1 to continue and the system installation will begin. It takes approximately

one hour to build the partition from DVD or CD media.


IBM Power Systems

Install summary and installation

Overwrite Installation Summary

Disks: hdisk0

Cultural Convention: en_GBLanguage: en_US

Keyboard: en_GB

JFS2 File Systems Created: Yes

Graphics Software: Yes

System Management Client Software: Yes

Enable System Backups to install any system: Yes

Optional Software being installed:

>>> 1 Continue with Install

+-----------------------------------------------------




>>> Choice [1]:

Overwrite Installation Summary

Disks: hdisk0

Cultural Convention: en_GB

Language: en_USKeyboard: en_GB

JFS2 File Systems Created: Yes

Graphics Software: Yes

System Management Client Software: Yes

Enable System Backups to install any system: Yes

Optional Software being installed:

>>> 1 Continue with Install

+-----------------------------------------------------




>>> Choice [1]:

Installing Base Operating System

Please wait...

Approximate Elapsed time

% tasks complete (in minutes)

3 0 Making logical volumes


Please wait...




7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 4-14. Accept License Agreements AN121.1

Notes:

When AIX installation is complete, the end user has to accept both Software and

Maintenance License agreements, as shown in the visual.


IBM Power Systems

Accept License Agreements

Software License Agreements

Show Installed License Agreements


Software License Agreements

Show Installed License Agreements





[Entry Fields]

ACCEPT Installed License Agreements yes +




[Entry Fields]

ACCEPT Installed License Agreements yes +

Software Maintenance Agreement

View Software Maintenance Terms and Conditions

Accept Software Maintenance Terms and Conditions

Software Maintenance Agreement

View Software Maintenance Terms and Conditions





[Entry Fields]

ACCEPT Software Maintenance Agreements? yes +




[Entry Fields]

ACCEPT Software Maintenance Agreements? yes +

7/23/2019 AN121STUD


Student Notebook




Figure 4-15. AIX installation: Post steps AN121.1

Notes:

The installation is not finished until you complete the post setup in the operating system.

Once AIX has installed, the system will reboot. Several post installation steps are required.

Firstly, you have to accept both the software and maintenance license agreements. Finally,the installation assistant will start. Although optional, it is recommended that you use the

installation assistant at a minimum to set the root password, date, and time, and configurethe network parameters accordingly.

One AIX is installed, you should update it to the latest technology level and service pack.

These can be downloaded from fix central: http://www.ibm.com/support/fixcentral


IBM Power Systems

AIX installation: Post steps

• Post-install tasks:

– Accept the license agreement. – Optional. Using the installation assistant:

• Set root password• Set date and time• Configure network

– Exit from installation assistant – Update for the operating system to the latest TL and SP level

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 4-16. Installation assistant and login AN121.1

Notes:

After the license agreements have been accepted, the installation assistant (ASCII

console) or configuration assistant (Graphical console) will be displayed. The install

assistant is similar to a mini version of SMIT. As mentioned earlier in the UNIT, it isrecommended that one uses the installation assistant at a minimum to set the root

password, date, and time and to configure the network parameters accordingly. Anotherapproach, would be to exit the installation assistant immediately and use smit, command

line, or scripts to configure the system.

The installation assistance can be invoked at any time using the install_assist command. On a graphical console, either the install_assist or configassist commands can be used to launch the configuration assistant.


IBM Power Systems

Installation assistant and login



Set Date and Time

Set root Password

Configure Network Communications

Install Software Applications


Tasks Completed - Exit to Login



Set Date and TimeSet root Password

Configure Network Communications

Install Software Applications


Tasks Completed - Exit to Login

AIX Version 6

Copyright IBM Corporation, 1982, 2008.

Console login: root

******************************************************************************** *

* *

* Welcome to AIX Version 6.1! *

* *

* *

* Please see the README file in /usr/lpp/bos for information pertinent to *

* this release of the AIX Operating System. *

* *

* *

*******************************************************************************

#

AIX Version 6

Copyright IBM Corporation, 1982, 2008.

Console login: root

******************************************************************************** *

* *

* Welcome to AIX Version 6.1! *

* *

* *

* Please see the README file in /usr/lpp/bos for information pertinent to *

* this release of the AIX Operating System. *

* *

* *

*******************************************************************************

#

Note: No root passwordis set by default, if it is

not set using the

Installation Assistantabove.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty NIM Resources

All operations on clients in the NIM environment require one or more resources. At aminimum, in order to perform a BOS installation on a client there must be two resources

defined:

• SPOT includes everything that a client machine requires in a /usr file system, such asthe AIX kernel, executable commands, libraries, and applications. The SPOT is

created, controlled, and maintained from the master, even though the SPOT can belocated on another system.

• An lpp_source resource represents a directory in which software installation imagesare stored. NIM uses an lpp_source for an installation operation by first mounting the

lpp_source on the client machine. The installp commands are then started on the

client using the mounted lpp_source as the source for installation images. When theinstallation operation has completed, NIM automatically unmounts the resource. In

addition to providing images to install machines, lpp_source resources can also beused to create and update SPOT resources.

7/23/2019 AN121STUD


Student Notebook




Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN121.1

Notes:

To install a partition from a NIM server, you will need to create the partition and partition

profile, for the partition where AIX will be installed. You would complete this step if you were

installing from optical media, except that you would not have to allocate the slot for the CDor DVD device. The partition will need to be activated in SMS boot mode. From SMS, the

NIM server network details can be entered, which will cause the client to issue a bootrequest over the network. From this point, the menu steps are identical to using optical

media.


IBM Power Systems

AIX installation in a partition using NIM:Configuration steps

Assume a partition and partition profile have been created.• Setup and configure the NIM master to support a BOS

installation of your machine.• Activate the partition using SMS boot mode.• Specify the IP parameters for a network boot.• Configure the partition to boot from the network adapter.• Interact with AIX installation menus, if required (depends on

NIM configuration).

• Note: – Subsequent installs and updates for the same partition can be initiatedfrom the NIM master.

– A mksysb restore example is provided in a later unit (Backup andRestore).

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 4-20. Network boot (2 of 7) AN121.1

Notes:

NIC adapter

Select which network interface to use. The example in the visual shows two ports on theintegrated Ethernet controller.


IBM Power Systems

Network boot (2 of 7)

Choose the network adapter:

NIC Adapters

Device Location Code

1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-

T1

2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-

T2

----------------------------------------------------------Navigation Keys:

PowerPC Firmware

Version EL320_040

SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights----------------------------------------------------------

---------------------------------------------------------X = eXit System Management Services

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

Select the Network service: BOOTP.


IBM Power Systems


Select the Network service

PowerPC Firmware

Version EL320_040

SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights---------------------------------------------------------Select Network ServicePort 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-

1. BOOTP

2. ISCSI

---------------------------------------------------------

Navigation Keys:


7/23/2019 AN121STUD


Student Notebook





Notes:

Network parameters

Choose option 1 and configure the IP parameters. This screen is shown in the nextvisual.

Then choose option 2 and configure the adapter settings, such as media speed and

duplex setting.

When everything is configured properly, run the ping test and it should be successful.

When the ping test is successful, return to the SMS main menu, select the networkadapter as a boot device, and exit the SMS menu. This will start the network boot

process.


IBM Power Systems


Set up the IP parameters, the adapter configurationoptions, then perform the ping test:

PowerPC Firmware

Version EL320_040

SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights---------------------------------------------------------Network ParametersPort 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-

1. IP Parameters2. Adapter Configuration

3. Ping Test

4. Advanced Setup: BOOTP

---------------------------------------------------------

Navigation Keys:


7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

IP parameters

Enter the IP address of the client, which is the partition.

Enter the IP address of the server, which is the NIM server.

Enter the IP address of the gateway . This is the partition’s gateway system; so it mustbe local on the partition’s subnet. This value can be a valid route on the same subnet as

the client partition or the IP address of the NIM server. Ask your network administratorwhich system to use.

Enter the subnet mask that the partition is using.

Adapter configuration

Once you’ve entered this information, return to the previous screen and choose the

Adapter Configuration option. Here you will need to specify the media speed and theduplex setting.


IBM Power Systems


IP parameters:

IP Parameters

Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-

---------------------------------------------------------

Navigation Keys:

1. Client IP Address [10.6.103.64]

2. Server IP Address [10.6.103.1]

3. Gateway IP Address [10.6.103.254]

4. Subnet Mask [255.255.255.0]

PowerPC Firmware

Version EL320_040

SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights---------------------------------------------------------


7/23/2019 AN121STUD


Student Notebook




Ping test and network boot

After you have configured the adapter parameters, return to the main SMS menu. Run

the ping test, and if successful, select the network adapter as a boot device, then exitthe SMS menus to begin the boot process and the installation.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

Overview

The adapter configuration screen allows you to set parameters for the adapter itself.Typically, you can leave it alone with the exception of optionally disabling spanning tree.

This will make the boot go much faster.

The value for option 2 will not change, that is, from Enabled to Disabled. The optionshould have a question mark next to it that is answered when you choose the option.


IBM Power Systems


Adapter configuration:

IP ParametersPort 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4

---------------------------------------------------------

Navigation Keys:

1. Speed,Duplex

2. Spanning Tree Enabled

3. Protocol

Disable Spanning Tree

for faster operation


PowerPC Firmware

Version EL320_040

SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights---------------------------------------------------------

7/23/2019 AN121STUD


Student Notebook





Notes:

Ping test

This option pings the NIM server. If it fails, suspect your IP configuration or the network.


IBM Power Systems


• When remote IPL is configured, perform the ping test

– If ping is unsuccessful:• Is NIM server on network?

• Check IP Parameters screen for mistakes

– Is gateway correct and available?

• Try again

• Return to SMS Select Boot Options menu

– Select the network adapter as the Install/Boot Device

• Exit from SMS initiates network boot.

• AIX Install and Maintenance menu processing is the same aspreviously described.

• NIM can have unattended install with no console interaction

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. AIX 6 can be installed from which of the following?

(Select all that are correct)a. 8 mm tape

b. optical media-ROM

c. Diskette

d. NIM Server

2. True or False: A Preservation install preserves all dataon the disks.

3. What is the console used for during the installationprocess?

_____________________________________________

_____________________________________________

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 4

AIXinstallation

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary



• List the steps necessary to install the AIX version 6.1base operating system

• Install and understand all the options when installing AIX6.1 from optical media

• Execute a network boot to use a configured NIM server


7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 5. AIX software installation and maintenance 5-1

5.2

empty Unit 5. AIX software installation and maintenance


This unit describes how to perform software installation and

maintenance.



• Define the package definitions and naming conventions

• Understand AIX software levels and states

• Identify how software products and updates are installed andmanaged on the system

• Recover from broken and inconsistent software states

• How to download fixes using Fix Central and SUMA

• Identify if all the components in the Power and AIX environment

are compatible and supported


Accountability:

• Checkpoint


References


SG24-7463 AIX 5L Differences Guide: Version 5.3 Edition

(redbook)

Note: References listed as “Online” above are available at thefollowing address:


7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives




– Determine the current installed level of the OS and individual filesets




• Identify if all the components in the Power and AIXenvironment are compatible and supported

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-2. AIX media AN121.1

Notes:

Each of the products listed above has a separate order number and feature code. At the

time of publication they were:

AIX V6.1 standard edition, feature code: 5692-A6P, order number: 0967

• AIX v6.1 Base

• AIX v6.1 Expansion Pack

• AIX v6.1 InfoCenter (DVD)

• AIX Toolbox for Linux

• Mozilla Firefox Browser

For virtual environments, a PowerVM license is required. The following software is

supplied:

• Virtual I/O Server V2.1

• Virtual I/O Server Expansion Pack


IBM Power Systems

AIX media

AIX 6.1 Base (DVD or CD)+ update CDs

AIX 6.1 Expansion Pack

AIX 6.1 Infocenter

AIX Toolbox for LinuxA IX

A I X

A IX

A IX

A I X

A IX

A IX

A I X

A IX

Mozilla Firefox Browser A IX

7/23/2019 AN121STUD


Student Notebook




The AIX Expansion Pack is a collection of extra software that extends the base operatingsystem capabilities. It contains filesets such as:

• Open Secure Sockets Layer (OpenSSL)

• Java 6 32- and 64-Bit

• iSCSI Target Device Driver

• List of Open Files (LSOF) and many more

The AIX Infocenter contains a list of support guides and help documentation. It is alsoavailable online: http://publib.boulder.ibm.com/infocenter/system

Also available on-line is the AIX toolbox (open source) filesets

http://www-03.ibm.com/systems/p/os/aix/linux/toolbox/download.html.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-3. Software packaging definitions AN121.1

Notes:

Licensed Program Product (LPP)

A collection of packages that form an installable product.

Package

A package contains a group of filesets with a common function. It is a single, installable

image. AIX packages are a bundle of binaries glued together with the meta-information(name, version, dependencies).

FilesetA fileset is the smallest, individually installable unit. Generally, it is a single subsystem.

For example, bos.net.tcp.server is a fileset in the bos.net package. This image is aUnix Backup File Format file (BFF), created with the backup command. Files in an LPP

can be listed with: restore –Tvf <package> or extracted with restore –xvf <package>.

For example: To list the contents of bos.rte.control fileset contained in TL02 SP01:

# restore -Tvf U814098.bff


IBM Power Systems

bos

bos.net

bos.net.tcp

bos.net.tcp.server

Software packaging definitions

LPP

Base OperatingSystem Component

PackageBase Networking

package

TCP/IP collectionof filesets

FilesetTCP/IP Server fileset

‘the smallest unit’

7/23/2019 AN121STUD


Student Notebook




Please mount volume 1 on U814098.bff.

Press Enter to continue.

New volume on U814098.bff:

Cluster size is 51200 bytes (100 blocks).

The volume number is 1.

The backup date is: Wed 1 Oct 21:08:15 2008

Files are backed up by name.

The user is BUILD.

0 ./

6036 ./lpp_name

0 ./usr

0 ./usr/lpp

0 ./usr/lpp/bos/bos.rte.control/6.1.2.0

69252 ./usr/lpp/bos/bos.rte.control/6.1.2.0/liblpp.a

0 ./usr/lpp/bos/bos.rte.control/6.1.2.0/inst_root

14040 ./usr/lpp/bos/bos.rte.control/6.1.2.0/inst_root/liblpp.a

….note, some items removed for clarity…………..

232871 ./usr/lib/inst_updt/libwlm.a/shr_64.o

109698 ./usr/sbin/armsrvconv

43889 ./usr/sbin/shutdown

12712 ./usr/sbin/swapoff

17876 ./usr/sbin/swapon

16724 ./usr/sbin/mkitab

83954 ./usr/sbin/rsct/bin/IBM.WLMRMd

6198 ./usr/sbin/wlmassign

24462 ./usr/sbin/wlmcntrl

The total size is 25207820 bytes.

The number of archived files is 41.

Note: This is the only way, in AIX, to see which files are located within an LPP fileset,

prior to install.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-4. Software bundles AN121.1

Notes:

Since there are thousands of filesets, having to determine which individual fileset you want

on your machine could be a time-consuming task. AIX has bundles which offer a collection

of filesets that suit a particular purpose. For example, if you are developing applications,the App-Dev bundle would be the logical choice to install.

Some filesets within a bundle are only installed if the prerequisite hardware is available. Forexample, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are

equivalent to product offerings. Often, however, they are a subset of a product offering or a

separate customized bundle. The bundles available may vary from AIX version to AIXversion.


IBM Power Systems

Software bundles

• A bundle is a collection of packages and filesets suited for a particularenvironment

• There are many predefined system bundles in AIX which include: – AllDevicesKernels

– Alt_Disk_Install

– openssh_client and openssh_server

• Full list in /usr/sys/inst.data/sys_bundles. Example:

# /usr/sys/inst.data/sys_bundles # cat openssh_server.bnd

# MEDIA="Expansion Pack"

I:openssl.base

I:openssl.man.en_US

I:openssh.base.server

I:openssh.man.en_US

# /usr/sys/inst.data/sys_bundles # cat openssh_server.bnd

# MEDIA="Expansion Pack"I:openssl.base

I:openssl.man.en_US

I:openssh.base.server

I:openssh.man.en_US

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 5-6. What is my AIX version? AN121.1

Notes:

The oslevel command reports the latest installed maintenance, technology level, and

service pack on the system.

The visual above shows the system is level AIX 6.1, technology level 2, service pack 1.Service packs and technology level fixes are applied to the running system. To update the

system with a new level, for example, from AIX 5.3 to 6.1, a new migration update musttake place. This involves system downtime.


IBM Power Systems

What is my AIX version?

• To obtain the AIX level, use the oslevel command.

• To upgrade from one AIX version and release to another, for example, AIX 5.3 to AIX 6.1, a migration must be performed.

• New TLs or SPs are applied through updates.

# oslevel -s

6100-02-01-0847

# oslevel -s

6100-02-01-0847

Service PackRelease date

for example, 47th weekin 2008

AIX LevelVRMF

Technology

Level

Service Pack

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-7. Software installation and maintenance AN121.1

Notes:

The lslpp and installp commands are vital for interacting, installing, and maintaining

software on AIX.

The rpm and geninstall commands are relatively new. These commands wereintroduced in AIX5L as a result of the AIX / Linux affinity and support for other software

formats like RPM and ISMP (InstallShield MultiPlatform).


IBM Power Systems

Software installation and maintenance

• All aspects of software installation and maintenance can beperformed from SMIT, the command line, or systems directorconsole.

• Command line interaction:

– lslpp: lists installed software

– installp: traditional AIX command for installing and maintainingLPP packages

– rpm: redhat Linux command for installing and maintaining rpm

filesets (part of the AIX Linux affinity introduced in AIX 5L)

– geninstall: a generic installer that installs software of variouspackage formats: LPP, RPM, and ISMP.

7/23/2019 AN121STUD


Student Notebook




Figure 5-8. Software repository AN121.1

Notes:

Generally, it is useful and sometimes necessary, for example when building and managing

a NIM server to store software to disk. AIX refers to this as a software repository. The

default software repository is sometimes referred to as the default installation imagedirectory. Its location on AIX is /usr/sys/inst.images. However, it is advisable to create and

manage a repository in a separate file system that is not contained in the AIX root volumegroup.

The tables of contents (.toc) file

This is a mandatory file required for installing and updating packages on AIX. If thecommand line is used (installp), then the user has to manually create the .toc file. This is

done using the inutoc command. To create a .toc file in the current directory, type:

<inutoc>. SMIT automatically creates a .toc file when copying software files to disk and

prior to installing LPPs.


IBM Power Systems

Software repository

• A location on disk which contains AIX software

– Default image directory is: /usr/sys/inst.images – AIX filesets require a .toc file

• To copy software, for example from an AIX CD to disk, use theSMIT facility, copy software to hard disk for future installation (or the AIX command, bffcreate)

Copy Software to Hard Disk for Future Installation

[Entry Fields]

* INPUT device / directory for software /dev/cd0* SOFTWARE package to copy [all] +

* DIRECTORY for storing software package

[/usr/sys/inst.images]

DIRECTORY for temporary storage during copying [/tmp]

EXTEND file systems if space needed? yes +

Process multiple volumes? yes

Copy Software to Hard Disk for Future Installation

[Entry Fields]

* INPUT device / directory for software /dev/cd0

* SOFTWARE package to copy [all] +

* DIRECTORY for storing software package

[/usr/sys/inst.images]

DIRECTORY for temporary storage during copying [/tmp]


Process multiple volumes? yes

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-9. Software states AN121.1

Notes:

Committed state and the initial install

AIX has a number of software states. When you are installing software for the first time,

the software automatically installs to a committed state. This means there is only onelevel of that software product installed on your system.

Applied state versus committed state for maintenance

When you are installing a set of fixes or upgrading to a new technology level on your

system, you have the option of installing the software either in the committed state orthe applied state. The applied state allows you to maintain two levels of the software on

your system. When software is installed in the applied state, the older version is savedon the disk and is deactivated, while the newer version is installed and becomes the

active version.


IBM Power Systems

Software states

• The base installation of software is always in a committedstate. – Committed is a permanent state

• When updates are installed, they can be either applied orcommitted. – Applied software can later be rejected or committed.

bos.net.tcp.adt6.1.1.1

bos.net.tcp.adt6.1.1.2

Action: Apply

6.1.1.1 Saved

6.1.1.2 Applied

Rejector

Commit

6.1.1.1Committed

6.1.1.2Committed

A IX

A IX

Action: Install & Commit6.1.1.1

Committed

7/23/2019 AN121STUD


Student Notebook




The applied state gives you the opportunity to test the newer software beforecommitting to its use. If it works as expected, then you can commit the software, which

removes the old version from the disk. If the newer version is causing a problem, youcan reject, it which removes the newer version and reverts back to the old version.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-10. Software listing and versioning AN121.1

Notes:

The lslpp command displays information about installed filesets or fileset updates. Each

fileset has a version number associated with it (in the format of

Version.Release.Modification.Fix, a state code, and a type code as shown above.


IBM Power Systems

# lslpp -L |grep bos.net.tcp.server

bos.net.tcp.server 6.1.1.1 C F TCP/IP Server

State codes:

A -- Applied.

B -- Broken.

C -- Committed.

E -- EFIX Locked.

O -- Obsolete. (partially migrated to newer version)

? -- Inconsistent State...Run lppchk -v.

Type codes:

F -- Installp Fileset

P -- Product

C -- Component

T -- Feature

R -- RPM Package

E -- Interim Fix

# lslpp -L |grep bos.net.tcp.server

bos.net.tcp.server 6.1.1.1 C F TCP/IP Server

State codes:

A -- Applied.

B -- Broken.

C -- Committed.

E -- EFIX Locked.

O -- Obsolete. (partially migrated to newer version)

? -- Inconsistent State...Run lppchk -v.

Type codes:

F -- Installp Fileset

P -- Product

C -- Component

T -- Feature

R -- RPM Package

E -- Interim Fix

Software listing and versioning

C & F are Stateand Type codes.

• Software listing is done with the lslpp command.

Version Release Modification Fix

AIX Migration smit update_all

7/23/2019 AN121STUD


Student Notebook




Figure 5-11. lslpp, filesets and files AN121.1

Notes:

The lslpp command has many useful flags associated with it. It is also possible to see when

a particular LPP was installed using the –h flag. See lslpp man page for more information.

A situation may arise where you want to use a particular command but it is not installed onthe system and you are not sure what LPP fileset to install to be able to use the binary. To

help with this problem you can use the which_fileset command. The which_filesetcommand searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command

name, and prints out the name of the fileset that the file or command is shipped in. The

/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install thebos.content_list fileset to receive this file.

Example:

# which_fileset shutdown

/usr/sbin/shutdownbos.rte.control 6.1.2.0


IBM Power Systems

# lslpp -f alex.grumpy.rte

Fileset File

---------------------------------------------------------

Path: /usr/lib/objrepos

alex.grumpy.rte 1.0.0.5

/usr/local/grumpy/grumpyrecovery

/usr/local/grumpy/README

/usr/local/grumpy/grumpystart

/usr/sbin/gfunctions

/usr/local/grumpy/grumpycheck

/usr/local/grumpy/grumpystop

# lslpp -w /usr/local/grumpy/grumpystartFile Fileset Type

-----------------------------------------------------------

/usr/local/grumpy/grumpystart alex.grumpy.rte File

# lslpp -f alex.grumpy.rte

Fileset File

---------------------------------------------------------

Path: /usr/lib/objrepos

alex.grumpy.rte 1.0.0.5

/usr/local/grumpy/grumpyrecovery

/usr/local/grumpy/README

/usr/local/grumpy/grumpystart

/usr/sbin/gfunctions

/usr/local/grumpy/grumpycheck

/usr/local/grumpy/grumpystop

# lslpp -w /usr/local/grumpy/grumpystartFile Fileset Type

-----------------------------------------------------------

/usr/local/grumpy/grumpystart alex.grumpy.rte File

lslpp, filesets and files

List files in anLPP fileset.

To whichfileset does afile belong?

• Switches -f and -w are very useful lslpp flags.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-12. Installing new software using SMIT AN121.1

Notes:

There are two fast paths worth remembering when it comes to software and SMIT:

• install_all – to install new software

• update_all – to update current software

Prior to the screen shown in the visual, you will be asked to select the “INPUT device /

directory for software”. The input device could be tape (/dev/rmt0), optical media(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently

reside in.

The default behavior when installing new software is to commit. To first apply softwarerather than commit, change the COMMIT software updates field to No.


IBM Power Systems

Installing new software using SMIT

Install and Update from ALL Available Software



[Entry Fields]

* INPUT device / directory for software .

* SOFTWARE to install [] +

PREVIEW only? (install operation will NOT occur) no +

COMMIT software updates? yes +

SAVE replaced files? no +

AUTOMATICALLY install requisite software? yes +


OVERWRITE same or newer versions? no +

VERIFY install and check file sizes? no +DETAILED output? no +

Process multiple volumes? yes +

ACCEPT new license agreements? no +

Preview new LICENSE agreements? no +

Install and Update from ALL Available Software



[Entry Fields]


* SOFTWARE to install [] +



SAVE replaced files? no +

AUTOMATICALLY install requisite software? yes +


OVERWRITE same or newer versions? no +

VERIFY install and check file sizes? no +

DETAILED output? no +

Process multiple volumes? yes +

ACCEPT new license agreements? no +

Preview new LICENSE agreements? no +

• smit install_all

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-14. Red Hat Package Manager filesets AN121.1

Notes:

In addition to providing the ability to run a Linux operating system on IBM Power

Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity

enables faster and less costly deployment of multi-platform, integrated solutions acrossAIX and Linux platforms. Linux packages can be installed and manipulated on AIX using

the Redhat Package Manager as shown in the visual.

AIX affinity with Linux includes Linux application source compatibility, compliance with

emerging Linux standards, and a GNU Linux build-time environment with GNU and other

open source tools and utilities that combine to facilitate the development and deploymentof Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs tobe easily recompiled for native execution on the AIX OS. This approach allows you to

benefit from the capabilities of Linux applications combined with the industrial strengthfoundation and performance advantages afforded to native AIX applications.


IBM Power Systems

Red Hat Package Manager filesets

# rpm –qa

# rpm --nodeps -e cairo-1.0.2-6

# rpm -i bash-3.2-1.aix.ppc.rpm

# rpm –qa

# rpm --nodeps -e cairo-1.0.2-6

# rpm -i bash-3.2-1.aix.ppc.rpm

• IBM provides strong Linux affinity within AIX

• Many useful packages for AIX come in RPM format – Developed by Redhat, now used in many Linux flavors

– Examples (included within the Linux Toolbox for AIX):

• cdrecord

• mkiosfs

• apache

• bashList

packages

Removepackage without

dependencies

Installpackage

7/23/2019 AN121STUD


Student Notebook




Figure 5-15. Applying patches to the system AN121.1

Notes:

In the past, AIX system administrators would often download and install individual filesets

on a system. This caused the software be at mixed levels and sometime created more

problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:

• Technology level (also known as Maintenance level in previous releases)

• Service Pack

In accordance with 'Enhanced Service Strategy Releases', these generally available

updates have been tested to operate best when all updates in a fix pack are installed. IBMrecommends installing the complete fix pack. AIX updates are provided as Technology

Level packages or Service Packs. These generally available updates have been tested tooperate best when all updates in a fix pack are installed. IBM recommends installing the

complete fix pack.


IBM Power Systems

smitty update_all

* INPUT device / directory for software /updates

* SOFTWARE to update _update_all

PREVIEW only? (update operation will NOT occur) yes +

COMMIT software updates? no +

SAVE replaced files? yes

smitty update_all

* INPUT device / directory for software /updates

* SOFTWARE to update _update_all

PREVIEW only? (update operation will NOT occur) yes +

COMMIT software updates? no +

SAVE replaced files? yes

Applying patches to the system

Some itemsremoved for

clarity

• Ideally, all systems should be at the latest fix pack (TL and SP level).

• IBM recommends installing the complete fix pack.

• System updates can be applied through smit update_all or usinggeninstall or installp commands.

• Updates can first be applied, then committed at a later time.

– This enables you to roll back if needed.

– Once software is committed there is no going back without removal and reinstall.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-16. Applying patches, apply, commit, reject AN121.1

Notes:

The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf . This

could be done with system management tools like SMIT, geninstall or installp

commands. It is often very useful to remember key installp flags. The flags, -aB mean applyand update the fileset. Once applied the update can be rejected (-r) or committed (-c).

In this example, the filesets are stored in a software repository on disk in which we arecurrently located. Hence the device location (-d) is set to “dot” (the current directory).


IBM Power Systems

Applying patches, apply, commit, reject

# lslpp -L |grep -i cluster |grep pdf

cluster.doc.en_US.es.pdf 5.4.0.0 C F HAES PDF Documentation

# installp -aB -d . cluster.doc.en_US.es.pdf


cluster.doc.en_US.es.pdf 5.4.1.0 A F HAES PDF Documentation

Note: “installp –s # will list all Applied software on the system”

# installp –r cluster.doc.en_US.es.pdf



OR –

# installp –c all

Installation Summary

--------------------

Name Level Part Event Result

-------------------------------------------------------------------------------

cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS



# installp -aB -d . cluster.doc.en_US.es.pdf


cluster.doc.en_US.es.pdf 5.4.1.0 A F HAES PDF Documentation

Note: “installp –s # will list all Applied software on the system”

# installp –r cluster.doc.en_US.es.pdf



OR –

# installp –c all


--------------------


-------------------------------------------------------------------------------

cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS

ApplyUpdate

(-aB)

Reject(-r)

Commit all

Applied

software (-c)

• installp, example:

7/23/2019 AN121STUD


Student Notebook




Figure 5-17. Listing fixes (APAR's) installed on the system AN121.1

Notes:

Fixes displayed with the instfix –i command are installed through Technology Level and

Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance

level releases, were installed through instfix itself. In AIX6, instfix is really a legacycommand. It is only useful for listing and searching through applied updates on the system.

Necessary fixes that are not part of a TL or SP, are handled through interim fixmanagement.


IBM Power Systems

Listing fixes (APARs) installed on the system

• TLs and SPs apply fixes (APARs) to AIX• You can list these fixes with the instfix command.

– instfix is useful for listing and searching through appliedupdates on the system.

• Interim fixes between services packs, including serviceadvisories, is now done through interim fix management. – emgr command

# instfix –i

All filesets for IY32852 were found.





…… 2244 lines removed for clarity ….

# instfix -i |grep IY34981


# instfix –i






…… 2244 lines removed for clarity ….

# instfix -i |grep IY34981


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-18. Interim fix management AN121.1

Notes:

The interim fix (ifix) management solution enables users to track and manage ifix packages

on a system. An ifix package might be an interim fix, debug code, or test code that contains

commands, library archive files, or scripts that run when the ifix package is installed.

The ifix management solution consists of the following commands:

• ifix packager (epkg)

• ifix manager (emgr)

The epkg command creates ifix packages that can be installed by the emgr command.The emgr command installs, removes, lists, and verifies system efixes.

It is important to examine the state field after installing an interim fix. The codes for thestate field are documented in the AIX Installation and Migration manual. In the above

example, the state value of Q means that a reboot is necessary for this fix to be effective.


IBM Power Systems

Interim fix management

# emgr -pe 744A_610.071105.epkg.Z

….lot of output is produced, removed for clarity!

EPKG NUMBER LABEL OPERATION RESULT

=========== ============== ================= ==============

1 744A_610 INSTALL PREVIEW SUCCESS

# emgr -e 744A_610.071105.epkg.Z

# emgr -l

ID STATE LABEL INSTALL TIME ABSTRACT

=== ===== ========== ================== ======================================

1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610

# emgr –r –L 744A_610

Log file is /var/adm/ras/emgr.log

EFIX NUMBER LABEL OPERATION RESULT

=========== ============== ================= ==============

1 744A_610 REMOVE SUCCESS

ATTENTION: system reboot is required. Please see the "Reboot Processing"

sections in the output above or in the /var/adm/ras/emgr.log file.

Return Status = SUCCESS

# emgr -pe 744A_610.071105.epkg.Z

….lot of output is produced, removed for clarity!

EPKG NUMBER LABEL OPERATION RESULT

=========== ============== ================= ==============

1 744A_610 INSTALL PREVIEW SUCCESS

# emgr -e 744A_610.071105.epkg.Z

# emgr -l

ID STATE LABEL INSTALL TIME ABSTRACT

=== ===== ========== ================== ======================================

1 *Q* 744A_610 10/10/08 23:30:49 Kernel fix for 0744A_610

# emgr –r –L 744A_610

Log file is /var/adm/ras/emgr.log

EFIX NUMBER LABEL OPERATION RESULT

=========== ============== ================= ==============

1 744A_610 REMOVE SUCCESS

ATTENTION: system reboot is required. Please see the "Reboot Processing"

sections in the output above or in the /var/adm/ras/emgr.log file.

Return Status = SUCCESS

PreviewInstall

Installifix

Listinstalled

efixes

Remove

ifix

7/23/2019 AN121STUD


Student Notebook




Figure 5-19. Removing installed software AN121.1

Notes:

Software can be removed by using system management tools or the command line. The

installp –u flag, removes the specified software product and any of its installed updates

from the system. The product can be in either the committed or broken state. Any softwareproducts that are dependent on the specified product must also be explicitly included in the

input list unless the -g flag is also specified. Removal of any bos.rte fileset is neverpermitted.

Note: The removal of LPP filesets does not necessarily mean the process will delete all

files included in the filesets. This is dependant on how the LPP filesets are constructed.


IBM Power Systems

Removing installed software

• smit remove

• Removing software from the command line – Remove the firefox web browser

– (Preview) Remove all X11 software with associated prerequisites

Remove Installed Software

[Entry Fields]

* SOFTWARE name [cluster.es.cspoc.cmds] +

PREVIEW only? (remove operation will NOT occur) yes +

REMOVE dependent software? yes +

EXTEND file systems if space needed? no +


Remove Installed Software

[Entry Fields]

* SOFTWARE name [cluster.es.cspoc.cmds] +

PREVIEW only? (remove operation will NOT occur) yes +

REMOVE dependent software? yes +

EXTEND file systems if space needed? no +


# installp -upg X11*# installp -upg X11*

# installp -u Firefox.base.rte# installp -u Firefox.base.rte

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-20. Recovering from broken or inconsistent states AN121.1

Notes:

If the process of installing, updating, or removing software from the system is interrupted or

fails, the outcome is likely to be either broken or inconsistent filesets on the system. To

detect this, use the lppchk command. If all is OK, the command will return null, otherwisebroken or inconsistent filesets will be displayed. To clean up from any such operation, use

the installp command with the –C option (clean-up) and then retry the original operationagain. If the failed operation was an uninstall, remove the software manually, using installp

–u <fileset>.


IBM Power Systems

Recovering from broken or inconsistent states

• To list broken or inconsistent filesets, use the lppchk

command.

# lslpp -L |grep Firefox.base.rte

Firefox.base.rte 1.5.0.12 ? F Firefox Web Browser

# lslpp -L |grep Firefox.base.rte

Firefox.base.rte 1.5.0.12 ? F Firefox Web Browser

# lppchk -v

lppchk: The following filesets need to be installed or corrected to bring

the system to a consistent state:

Firefox.base.rte 1.5.0.12 (APPLYING)

# lppchk -v

lppchk: The following filesets need to be installed or corrected to bring

the system to a consistent state:

Firefox.base.rte 1.5.0.12 (APPLYING)

# installp -C

installp: Cleaning up software for:

Firefox.base.rte 1.5.0.12


--------------------


-------------------------------------------------------------------------------

Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS

# installp -C

installp: Cleaning up software for:

Firefox.base.rte 1.5.0.12


--------------------


-------------------------------------------------------------------------------

Firefox.base.rte 1.5.0.12 USR CLEANUP SUCCESS

Look for ?or B.

Displayinconsistent

filesets.

Perform a clean-upoperation. Fileset is

removed

7/23/2019 AN121STUD


Student Notebook




Figure 5-21. Service update management assistant AN121.1

Notes:

SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an

AIX server or NIM server.

Why SUMA?

Fix automation , the ability to get maintenance fixes onto a system automatically, isbecoming a focus area for IT system administrators. As system administration becomes

more complex and time consuming, it is often a roadblock that prevents systems frombeing up to date with current software fixes. Clients want the increased security and

reliability benefits, as well as the reduced downtime and total cost of ownership that comeswith keeping current fixes on a system. To meet these client demands, SUMA has

automated the process of determining which fixes are available, discovering which of theavailable fixes a system needs, and downloading the necessary fixes onto a system,

thereby reducing both the complexity and the time spent on system administration toperform these tasks.


IBM Power Systems

Service update management assistant

• Excellent tool for downloading fixes – Optional. Tasks can be automated OR driven by ksh scripts

• Access: smit suma• Can be used to download

– By APAR Number – By Fix Type – Technology Level(s) – Service Pack(s) – All Latest Fixes – Individual Filesets

• Internet access must available from the SUMA host.

• Many configuration parameters – Fixserver protocols: http, https – Download protocol: ftp, http, https

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-22. SUMA base configuration AN121.1

Notes:

The Base Configuration menu allows SUMA global configuration settings to be viewed

or changed. These settings are used for each SUMA task that is run and allow specification

of values for items such as:

• Screen, logfile, and email verbosity levels

• Flag options for the lppmgr command to help manage the size of a download repository

• Download protocol

• Download timeout settingA clean operation will remove unnecessary files from the repository using the lppmgr

command.

The global configuration settings can be viewed from the command line, # suma -c


IBM Power Systems

SUMA base configuration

• Base configuration – # smit suma_config_base

Base Configuration

[Entry Fields]

Screen output verbosity [Info/Warnings/Errors] +

Logfile output verbosity [Verbose] +

Notification email verbosity [Info/Warnings/Errors] +

Remove superseded filesets on Clean? yes +

Remove duplicate base levels on Clean? yes +

Remove conflicting updates on Clean? yes +

Fixserver protocol http +

Download protocol ftp +

Maximum log file size (MB) [1] #

Download timeout (seconds) [180] #

Base Configuration

[Entry Fields]

Screen output verbosity [Info/Warnings/Errors] +

Logfile output verbosity [Verbose] +

Notification email verbosity [Info/Warnings/Errors] +

Remove superseded filesets on Clean? yes +

Remove duplicate base levels on Clean? yes +

Remove conflicting updates on Clean? yes +

Fixserver protocol http +

Download protocol ftp +

Maximum log file size (MB) [1] #

Download timeout (seconds) [180] #

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-24. SUMA command line execution AN121.1

Notes:

SUMA tasks can be initiated through the command line. This is most useful when

producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks

are created. In the schedule example above, the following entry will be added to root'scrontab: 0 23 * * 3 _SUMA=cron /usr/suma/bin/suma -x 1

The output of command:

# suma -l

1:

DisplayName=

Action=Download

RqType=ML

RqName=6100-02

RqLevel=


IBM Power Systems

SUMA command line execution

• SUMA command line examples: – Download latest service pack

– Download technology level 2 for AIX 6.1 on Wednesday at 11:00 PM

– Download latest security fixes

# /usr/sbin/suma -x -a RqType=SP -a Action=Download \

-a RqName=‘6100-01-01-0823'

# /usr/sbin/suma -x -a RqType=SP -a Action=Download \

-a RqName=‘6100-01-01-0823'

# /usr/sbin/suma -s “0 23 * * 3” -a RqType=ML –a Action=Download \

-a RqName='6100-02’

Task ID 1 created.

# suma -l

# /usr/sbin/suma -s “0 23 * * 3” -a RqType=ML –a Action=Download \

-a RqName='6100-02’

Task ID 1 created.

# suma -l

# /usr/sbin/suma -x -a Action=Download -a RqType=Security# /usr/sbin/suma -x -a Action=Download -a RqType=Security

List allscheduled

SUMA tasks

Request type= service

pack

7/23/2019 AN121STUD


Student Notebook




PreCoreqs=y

Ifreqs=y

Supersedes=n

ResolvePE=IfAvailable

Repeats=y

DLTarget=/aix/FIXES

NotifyEmail=root

FilterDir=/aix/FIXES

FilterML=6100-01

FilterSysFile=localhost

MaxDLSize=-1

Extend=y

MaxFSSize=-1

For further information see the SUMA main page.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 5-25. Fix Central Web site AN121.1

Notes:

AIX fixes are generally available on the internet at Fix Central. Fixes cat any level, from AIX

4.3.3 to the present version, can be downloaded.


IBM Power Systems

Fix Central Web site

• To download AIX fixes via the internet, go to:

7/23/2019 AN121STUD


Student Notebook




Figure 5-26. Fix Level Recommendation Tool AN121.1

Notes:

Today's AIX environment can be complex as lots of components are required. In addition to

AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and

more. How do you know if the levels of these products are compliant and supported? Theanswer is FLRT. FLRT is web driven tool that enables you to select your machine type and

software components and levels. It then produces an easy to read report which providesrecommendations, notices and status compliance as shown on the visual.


IBM Power Systems

Fix Level Recommendation Tool

http://www14.software.ibm.com/webapp/set2/flrt/home

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. Which of the following states must your software be in, in order for you to be ableto use it? Select all that apply.

a. Applied stateb. Removed statec. Install stated. Commit state

2. What command is used to list all installed software on your system? _______________

3. Which of the following can you install as an entity? Select all that apply.

a. ifixb. LPPc. Packaged. Bundle

4. True or False: If a problem is found with the inetd subsystem, it is possibleto download and apply a fix to bos.net.tcpip.server fileset in AIX 6.1 tocorrect the problem.

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 5

AIX softwareinstallation and

maintenance

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary




– Determine the current installed level of the OS and individual filesets




• Identify if all the components in the Power and AIX environmentare compatible and supported

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 6. System configuration and devices 6-1

5.2

empty Unit 6. System configuration and devices


This unit describes how to list and understand the system

configuration and manipulate devices.



• Understand device terminology

• Document the system configuration

• Use popular device commands

• Understand device configuration and control • Identify device locations


Accountability:


References


AIX Version 6.1 Operating System and Device

Management



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives





• Understand device configuration and control

• Identify device locations

– Interpret physical and virtual location codes

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-2. Device terminology AN121.1

Notes:

Generic Device terminology

• Physical Devices are the actual hardware that is connected in some way to the system

• Ports are the physical connectors and adapters in the system to which physical devices

or cables are attached.

• RIO is a cabling system and protocol for extending the internal buses of the systemenclosure to the I/O expansion drawers. The I/O expansion drawers have PCI buses

which can support additional adapters and disks (depending upon the type of I/Odrawer. An alternative option for connecting I/O drawers (with POWER6 servers) is 12X

(based on Infini-band).

• Logical Devices. Software interfaces (special files) that present a means of accessing aphysical device to the users and application programs. Data appended to logical devices is sentto the appropriate device driver. Data read from logical devices is read from the appropriatedevice driver.


IBM Power Systems

Device terminology

• Generic terminology – Physical devices – Ports – Device drivers – Logical devices – /dev directory – Virtual devices

• Power H/W-specific terminology – CEC

– System planar – RIO – System ports – GX+ – IVE – PCI

7/23/2019 AN121STUD


Student Notebook




• /dev is the directory which contains all of the logical devices that can be directlyaccessed by the user. Some logical devices defined are only referenced in the ODM

customized database and cannot be accessed by users.

• Virtual Devices are the Ethernet and SCSI devices which are allocated to the client fornetworking access and storage. These devices are not real.

Power H/W specific terminology

• Central electronics complex (CEC) is the main system unit that contains systemprocessors, memory, and remote I/O connections.

• System planar is the main component of the CEC. Where all processor cards, memory

dimms, and I/O attachments are interconnected together.

• RIO is a remote I/O drawer which consists of PCI slots/adapters disks, or both,depending on the type of RIO drawer. The RIO drawers connect to Power boxes

through a RIO2 Hub, which is in turn connected to the GX+ adapter bus.

• System Ports are the two serial ports on the system planar has two serial ports which

are called system ports. In an operating system environment, the two system portsbecome host virtual system ports and are only available for specific limited functions.For example, the two integrated system ports on a p550 are limited to serial connected

TTY console functionality and IBM approved call-home modems. These system portsdo not support other general serial connection uses, such as UPS, HACMP heartbeat,

printers, mice, and so on, If you need multi-purpose serial port functions, optional PCIadapters are available.

• GX+ : Each POWER6 processor provides a GX+ bus which is used to connect to an I/O

subsystem or Fabric Interface card.

• IVE: The POWER6 processor-based servers extend the virtualization technologiesintroduced in POWER5 by offering the Integrated Virtual Ethernet adapter (IVE). IVE,

also called Host Ethernet Adapter (HEA) in other documentation, enables an easy wayto manage the sharing of the integrated high-speed Ethernet adapter ports. It is a

standard set of features that are part of every POWER6 processor-based server.

• PCI which stand for Peripheral Component Interconnect, is an industry-standard bus forattaching peripherals to computers.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-3. System configuration and device overview AN121.1

Notes:

System configuration is important. We need to understand what devices we have at our

disposal and where these devices are physically located within each box or drawer. This is

important when devices fail, especially disks! Taking out the wrong disk in the system dueto failure could result in data corruption.

An AIX partition does not need to have any real devices. In today's Power p environments,virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a

separate LPAR and virtualization education track. It is beyond the scope of the course.


IBM Power Systems

System configuration and device overview

• Understanding the configuration of the system is important. – The configuration should be documented and updated on a regular

basis.

• All devices have attributes, some of which can be changed. – lsattr, lists device attributes – chdev, changes device attributes

• Most devices within AIX are self configured, through cfgmgr.• Device states can be controlled using mkdev and rmdev

commands. – Including virtual devices

• Remember! An AIX partition does not need to have anyphysical devices.

7/23/2019 AN121STUD


Student Notebook




Figure 6-4. Device commands AN121.1

Notes:


IBM Power Systems

Device commands

• prtconf – Lists major system configuration items such as system model,

firmware version, processor type, number of processors, processorclock speed, cpu type, total memory size, network, filesystem, pagingspace, and devices information

• lscfg – Lists device information including physical location codes

• lsdev – Lists device information including the state of the device

• lsslot

– Displays all specified hot plug slots and their characteristics• chdev

– Changes the characteristics of a device

• lsattr – Displays attribute characteristics and possible values of attributes for

devices in the system

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 6-6. prtconf (1 of 2) AN121.1

Notes:

prtconf is very useful command which displays an overview of the system configuration.

This is particularly useful for documentation purposes. One should run this command on a

regular basis and save or print the output.


IBM Power Systems

prtconf (1 of 2)

• Shell script which collects system information

# prtconf

System Model: IBM,8204-E8AMachine Serial Number: 652ACD2

Processor Type: PowerPC_POWER6

Number Of Processors: 2

Processor Clock Speed: 4204 MHz

CPU Type: 64-bit

Kernel Type: 64-bit

LPAR Info: 4 sys124_v2

Memory Size: 512 MB

Good Memory Size: 2 GB

Firmware Version: IBM,EL320_076

Network Information

Host Name: sys124_v2

IP Address: 10.6.115.44

Sub Netmask: 255.255.255.0

Gateway: 10.6.115.254

Name Server:

Domain Name:

Paging Space Information

Total Paging Space: 1536MB

Percent Used: 2%

Volume Groups Information

==============================================================================

rootvg:

PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION

hdisk0 active 273 194 54..09..22..54..55

# prtconf

System Model: IBM,8204-E8A

Machine Serial Number: 652ACD2

Processor Type: PowerPC_POWER6

Number Of Processors: 2

Processor Clock Speed: 4204 MHz

CPU Type: 64-bit

Kernel Type: 64-bit

LPAR Info: 4 sys124_v2

Memory Size: 512 MB

Good Memory Size: 2 GB

Firmware Version: IBM,EL320_076

Network Information

Host Name: sys124_v2

IP Address: 10.6.115.44

Sub Netmask: 255.255.255.0

Gateway: 10.6.115.254

Name Server:

Domain Name:


Total Paging Space: 1536MB

Percent Used: 2%

Volume Groups Information

==============================================================================

rootvg:

PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION

hdisk0 active 273 194 54..09..22..54..55

Some items wereremoved for

clarity.

Output iscontinued on the

next page.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-7. prtconf (2 of 2) AN121.1

Notes:

The last function prtconf performs is to run the lscfg command as shown in the visual.

Although the prtconf –v flag can be used to display detailed Vital Product Data (VPD)

information, the output on the previous page is omitted. To get around this problem, simplymake a copy of the prtconf script to prtconfVPD and append a “–v” flag to the last lscfg

command at the end of the script.

As follows:

# tail `which prtconf`

done

fi

#devices information

lscfg ######## APPEND –v here !!! ###########

fi


IBM Power Systems

prtconf (2 of 2)

INSTALLED RESOURCE LIST

The following resources are installed on the machine.

+/- = Added or deleted from Resource List.* = Diagnostic support not available.

Model Architecture: chrp

Model Implementation: Multiple Processor, PCI bus

+ sys0 System Object

+ sysplanar0 System Planar

+ L2cache0 L2 Cache

+ mem0 Memory

+ proc0 Processor

+ proc2 Processor

* vsa0 U8204.E8A.652ACD2-V4-C0 LPAR Virtual Serial Adapter

* vty0 U8204.E8A.652ACD2-V4-C0-L0 Asynchronous Terminal

* pci1 U78A0.001.DNWGGRX-P1 PCI Express Bus

+ fcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapter (df1000fe)

* fcnet0 U78A0.001.DNWGGRX-P1-C3-T1 Fibre Channel Network Protocol Device

* fscsi0 U78A0.001.DNWGGRX-P1-C3-T1 FC SCSI I/O Controller Protocol Device




* pci0 U7311.D20.6516D3C-P1 PCI Bus* pci2 U7311.D20.6516D3C-P1 PCI Bus

+ ent0 U7311.D20.6516D3C-P1-C01-T1 2-Port 10/100/1000 Base-TX PCI-X Adapter


* pci3 U7311.D20.6516D3C-P1 PCI Bus

+ sisscsia0 U7311.D20.6516D3C-P1-C04 PCI-XDDR Dual Channel Ultra320 SCSI Adapter

+ scsi0 U7311.D20.6516D3C-P1-C04-T1 PCI-X Dual Channel Ultra320 SCSI Adapter bus


+ hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk Drive (73400 MB)


* vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter

* hdisk2 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive

+ ses0 U7311.D20.6516D3C-P1-C04-T2-L15-L0 SCSI Enclosure Services Device

INSTALLED RESOURCE LIST

The following resources are installed on the machine.

+/- = Added or deleted from Resource List.

* = Diagnostic support not available.

Model Architecture: chrp

Model Implementation: Multiple Processor, PCI bus

+ sys0 System Object

+ sysplanar0 System Planar

+ L2cache0 L2 Cache

+ mem0 Memory

+ proc0 Processor

+ proc2 Processor

* vsa0 U8204.E8A.652ACD2-V4-C0 LPAR Virtual Serial Adapter

* vty0 U8204.E8A.652ACD2-V4-C0-L0 Asynchronous Terminal

* pci1 U78A0.001.DNWGGRX-P1 PCI Express Bus







* pci0 U7311.D20.6516D3C-P1 PCI Bus* pci2 U7311.D20.6516D3C-P1 PCI Bus



* pci3 U7311.D20.6516D3C-P1 PCI Bus

+ sisscsia0 U7311.D20.6516D3C-P1-C04 PCI-XDDR Dual Channel Ultra320 SCSI Adapter





* vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter

* hdisk2 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive

+ ses0 U7311.D20.6516D3C-P1-C04-T2-L15-L0 SCSI Enclosure Services Device

Second half ofthe output isidentical to

lscfg

Device listing

including “physicallocation codes”

7/23/2019 AN121STUD


Student Notebook




Figure 6-8. lscfg AN121.1

Notes:

The lscfg command displays configuration, diagnostic, and vital product data (VPD)

information about the system.

Use the lscfg command to display vital product data (VPD) such as part numbers, serialnumbers, and engineering change levels. VPD data is required for hardware engineers

when they need to order replacement parts due to failures.


IBM Power Systems

lscfg

• lscfg can be used to display Vital Product Data (VPD) information for

devices.

– CEs need this to order and replace failed components

# lscfg -v -l ent0

ent0 U7311.D20.6516D3C-P1-C01-T1 2-Port 10/100/1000 Base-

TX PCI-X Adapter (14108902)

2-Port 10/100/1000 Base-TX PCI-X Adapter:

Part Number.................03N5297

FRU Number..................03N5297

EC Level....................H13845Manufacture ID..............YL1021

Network Address.............001A64918678

ROM Level.(alterable).......DV0210

Hardware Location Code......U7311.D20.6516D3C-P1-C01-T1

# lscfg -v -l ent0

ent0 U7311.D20.6516D3C-P1-C01-T1 2-Port 10/100/1000 Base-

TX PCI-X Adapter (14108902)

2-Port 10/100/1000 Base-TX PCI-X Adapter:

Part Number.................03N5297

FRU Number..................03N5297

EC Level....................H13845

Manufacture ID..............YL1021

Network Address.............001A64918678

ROM Level.(alterable).......DV0210

Hardware Location Code......U7311.D20.6516D3C-P1-C01-T1

VPDinformation

Physicallocation code

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-9. lsdev AN121.1

Notes:

The lsdev command displays information about devices in the device configuration

database. You can display information about all the customized devices using the -C flag.

Any combination of the -c Class, -s Subclass, -t Type, -l Name, -p Parent, and -S State flags, selects a subset of the customized devices. You can display information about

all devices supported by the system using the -P flag. Any combination of the -c Class,-s Subclass, and -t Type flags selects a subset of the supported devices.

Certain device slots can be moved from partition to partition with the Dynamic LPAR

function. To do this, you first have to remove the parent pci slot of the device. In order todiscover the parent pci slot, it is useful to write a simple script, such as parent.device asshown in the visual:


IBM Power Systems

lsdev

• lsdev displays device information including the device state

# lsdev |grep ent

ent0 Available 02-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)


ent2 Available Virtual I/O Ethernet Adapter (l-lan)

ent3 Available Shared Ethernet Adapter

# lsdev -Cc disk

hdisk0 Available 03-08-01-8,0 16 Bit LVD SCSI Disk Drive

hdisk1 Available 01-00-02 MPIO Other FC SCSI Disk Drive

hdisk2 Available 00-08-00 SAS Disk Drive

# lsdev -Cl proc2

proc2 Available 00-02 Processor

# lsdev -p pci5

ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)

# lsdev –Cl cd1 –F parentide0

# ksh < parent.device cd1

cd1 ide0 pci1 pci0 sysplanar0 sys0

# lsdev |grep ent



ent2 Available Virtual I/O Ethernet Adapter (l-lan)

ent3 Available Shared Ethernet Adapter

# lsdev -Cc disk

hdisk0 Available 03-08-01-8,0 16 Bit LVD SCSI Disk Drive

hdisk1 Available 01-00-02 MPIO Other FC SCSI Disk Drive

hdisk2 Available 00-08-00 SAS Disk Drive

# lsdev -Cl proc2

proc2 Available 00-02 Processor

# lsdev -p pci5

ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)

# lsdev –Cl cd1 –F parentide0

# ksh < parent.device cd1

cd1 ide0 pci1 pci0 sysplanar0 sys0

-Cc : list by class-Cl : list by device name

Device state

Software (AIX)

location codes

Locating theparentdevice

listing parentdevices recursively

childdevices

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-12. Device states AN121.1

Notes:

Device States

• Undefined is not a state one can see assigned in the system, more of a reference

statement. If refers to a device which is supported but is not configured.

• Defined means that the device is known to the system. It has been allocated a logical

device name, a location code, and attributes have been assigned to it. However, it is stillunavailable for use.

• Available means that the device is fully configured and is ready for use.

• Stopped mean that the device is configured, but not available for use by applications.• When a device is first identified, it is configured and put into the Available state.

Available devices can be put into the defined or undefined state by using the rmdev

command. Devices can be configured with both the mkdev or cfgmgr commands.

cfgmgr

The cfgmgr command configures devices and optionally installs device software intothe system. It can be run at any time.


IBM Power Systems

Device states

• Undefined – The device is unknown to the system.

• Defined – The device is know to the system but it is unavailable for use.

• AvailableThe device is available and ready for use.

• Stopped – The device is unavailable but remains known by its device driver.

• The mkdev and cfgmgr commands make devices availablefor use.

• The rmdev command can make devices unavailable for use

and completely remove them from the system.

7/23/2019 AN121STUD


Student Notebook




Figure 6-13. /dev directory, device configuration and control AN121.1

Notes:

The visual shows a tape drive connected to a system but is undefined. The cfgmgr

command is run to configure and make the device available. Once available, special device

files have been created in /dev directory. Some devices like tapes have several specialfiles. Each file is assigned a major and minor number. Major and minor numbers are used

by the operating system to determine the actual driver and device to be accessed by theuser-level request for the special device file.

For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0

myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewindingafter the operation, whereas with rmt0.1, the tape will not rewind after the write operation.


IBM Power Systems

/dev directory, device configuration and control

• On Unix platforms, access to devices is provided through special devicefiles that reside in /dev directory.

# lsdev -Cc tape; ls -l /dev/*rmt0*

/dev/*rmt0* not found

# cfgmgr

# lsdev -Cc tape

rmt0 Available 04-08-01-2,0 LVD SCSI 4mm Tape Drive

# ls -l /dev/*rmt0*

crw-rw-rw- 1 root system 37, 0 13 Oct 14:43 /dev/rmt0

crw-rw-rw- 1 root system 37, 1 13 Oct 14:43 /dev/rmt0.1

……. Removed rmt0.2 through rmt0.6


# rmdev -l rmt0rmt0 Defined

# mkdev -l rmt0

rmt0 Available

# rmdev -l rmt0 -d

rmt0 deleted

# lsdev -Cc tape; ls -l /dev/*rmt0*

/dev/*rmt0* not found

# cfgmgr

# lsdev -Cc tape

rmt0 Available 04-08-01-2,0 LVD SCSI 4mm Tape Drive

# ls -l /dev/*rmt0*

crw-rw-rw- 1 root system 37, 0 13 Oct 14:43 /dev/rmt0


……. Removed rmt0.2 through rmt0.6


# rmdev -l rmt0

rmt0 Defined

# mkdev -l rmt0

rmt0 Available

# rmdev -l rmt0 -d

rmt0 deleted

Tape drive will beconfigured by loading thedevice into the kernel(/unix)

The Kernel willreference the tapedevice through themajor number (37)

Minor number.Certain devices liketapes can behave indifferent ways.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-14. Device addressing AN121.1

Notes:

Every device is assigned a physical location code when it is attached to the system. These

codes are critical. If a device has a problem such as a disk failure, an error report is

generated which will identify the device and its location. You can use this information toreplace the failed disk drive.

It is important not to confuse physical location codes with AIX location codes. Before LPARtechnology was introduced into Power Systems, there were only AIX location codes, and

they remain today for legacy purposes. On newer platforms such as POWER5 and

POWER6 systems, one should use physical codes only.Note: Virtual devices do not have OS location codes.


IBM Power Systems

Device addressing

• The address of a device allows you to identify its location.• There are two types of Device addressing.

– Physical location codes refer to a specific component. – Assigned by the system firmware

• Example. hdisk0: U78A0.001.DNWGGRX-P2-D5 (SAS Drive)

– Operating system location codes also refer to components but use adifferent convention, assigned by AIX.

– Not as useful or meaningful as Physical codes on POWER5 orPOWER6 systems

– Virtual devices do not have AIX location codes.

– Note: Address conventions differ between models and types(adapters, SCSI, non-SCSI)• Example. hdisk0: 00-08-00 (SAS Drive)

• Both physical and AIX codes can be seen side by side with: – lsdev –CHF “name, status, physloc, location”

7/23/2019 AN121STUD


Student Notebook




Figure 6-15. Physical location code examples AN121.1

Notes:

The visual above shows how to interpret physical location code information.

A Power System is made up of one of more CECs. An example of a system with the ability

to have multiple CECs is a Power 570. In a multiple node Power 570, what distinguishesone system enclosure form another is the serial number of the CEC.

A Power 550 only has one CEC.

• U78A0 identifies that the unit type is a CEC belonging to a Power 550.

• The model number for a CEC is always: 001. • DNWGGRX is the serial number of the CEC.

Power Systems usually have I/O expansion drawers, or in the case of the larger machines,expansion frames containing I/O drawers. U7311.D20 is a popular remote I/O drawer (RIO)

for low to mid-range systems. 6516D3 is the serial number assigned to the drawer.


IBM Power Systems

Physical location code examples

• Physical location code format – Unit_type.Model_no.Serial_no-additional device information

• Examples:

hdisk0 U78A0.001.DNWGGRX-P2-D5 SAS Disk Drive

SAS Planar (P2), Device slot reference 5, disk is in the CEC

ent1 U78A0.001.DNWGGRX-P1-C4-T2 2-Port 10/100/1000 PCI-X Adapter

System planar (P1), Card slot No 4, 2nd port, Adapter is in the CEC

hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk

Planar 1 (P1), PCI slot No 4, 2nd

port, SCSI ID 8,0, Disk is in anattached SCSI 7311-D 20 I/O Drawer.

hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk

System planar (P1), Card slot No 3, Port 1, W = WW unique name of an

FC adapter (where the FC adapter is in a remote storage subsystem), L =

LUN ID. The disk is a logical device (identified by the LUN ID) in

the remote storage subsystem.

hdisk0 U78A0.001.DNWGGRX-P2-D5 SAS Disk Drive

SAS Planar (P2), Device slot reference 5, disk is in the CEC

ent1 U78A0.001.DNWGGRX-P1-C4-T2 2-Port 10/100/1000 PCI-X Adapter

System planar (P1), Card slot No 4, 2nd port, Adapter is in the CEC

hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0 16 Bit LVD SCSI Disk

Planar 1 (P1), PCI slot No 4, 2nd port, SCSI ID 8,0, Disk is in an

attached SCSI 7311-D 20 I/O Drawer.

hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC SCSI Disk

System planar (P1), Card slot No 3, Port 1, W = WW unique name of an

FC adapter (where the FC adapter is in a remote storage subsystem), L =

LUN ID. The disk is a logical device (identified by the LUN ID) in

the remote storage subsystem.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 6-16. Virtual location codes, example AN121.1

Notes:

Virtual devices are assigned location codes in a similar format to physical devices. The

format is:

Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number

.[port].[LUN]

The visual above shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In orderto do this, the first step is to create a virtual server adapter, on the HMC for the VIOS and

also a VIO client adapter for the AIX partition. Each adapter has an assigned ID.

The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1represents a virtual device with an assigned ID of one. C12 represents the virtual card slot

number, which is always equal to the adapter ID as defined on the HMC.

The vscsi device on the virtual client symbolizes the client adapter. In the example, V2again represents a virtual device with an assigned ID of two. C12 represents the virtual

card slot number, which is also equal the adapter ID as defined on the HMC. T1 specifiesthe port number of the adapter.


IBM Power Systems

Virtual location codes example

– VIOS HMC profileVirtual SCSI adapter definition

– VIOS partition

vhost0 U8204.E8A.652ACD2-V1-C12 Virtual SCSI Server Adapter

Virtual Server adapter, Virtual (LPAR) ID 1, virtual card slot (Adapter ID) 12

vhost0 U8204.E8A.652ACD2-V1-C12 Virtual SCSI Server Adapter

Virtual Server adapter, Virtual (LPAR) ID 1, virtual card slot (Adapter ID) 12

# uname –L2 sys124_v1_T1

vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter

hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive

Virtual client disk, Virtual (LPAR) ID 2, virtual card slot 12.

# uname –L2 sys124_v1_T1

vscsi0 U8204.E8A.652ACD2-V2-C12-T1 Virtual SCSI Client Adapter

hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive

Virtual client disk, Virtual (LPAR) ID 2, virtual card slot 12.

– Client (AIX) partition

Note: In this example, the HMC profile is required toshow the client server virtual disk relationship.

Virtual devices are easilyrecognized by the virtual IDreference. This value is the LPARID as shown with the unamecommand.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. What does the following location code mean?

2. What is the purpose of a device major number? How would youlocate the major number of a disk, hdisk18?

3. True or False: cfgmgr is a binary executable that runs at systeminitialization time to configure devices on the system.

4. What commands can you run on AIX to document the systemconfiguration?

fcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapterfcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapter

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 6

System configurationand devices

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary





• Understand device configuration and control

• Identify device locations

– Interpret physical and virtual location codes

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 7. System storage overview 7-1

5.2

empty Unit 7. System storage overview


This unit is an overview of AIX system storage.



• Describe the terminology and the concepts associated with:

- Physical volumes

- Volume groups

- Logical volumes

- Physical partitions

- Logical partitions

• Describe how file systems and logical volumes are related


Accountability:

• Checkpoint questions

• Exercise

References


Management

SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction

and Concepts (redbook)


following address:


7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives


• Describe the terminology and concepts associated with: – Physical volumes

– Volume groups

– Logical volumes

– Physical partitions

– Logical partitions

• Describe how file systems and logical volumes are related

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 7-2. Components of AIX storage AN121.1

Notes:

Components

The basic components or building blocks of AIX storage are:

• Files

• Directories

• File systems

• Logical storage

• Physical storage

• Logical Volume Manager (LVM)

As a user, you work with files and directories. As a system administrator, you manage

storage using the Logical Volume Manager.


IBM Power Systems

Components of AIX storage

Managed byLogical Volume Manager (LVM)

Physical storage

Logical storage

File systems

Directories

Files

7/23/2019 AN121STUD


Student Notebook




Figure 7-3. Traditional UNIX disk storage AN121.1

Notes:

Issues with traditional UNIX disk storage

Traditionally, disk partitioning has been implemented through partitions. Customers hadto select the correct size for each partition before the system could be installed.

Each file system was on a partition on the hard disk.

Changing the size of the partition, and thus the file system, was no easy task. It involved

backing up the file system, removing the partition, creating new ones, and restoring thefile system.

A major limitation to partitions was that each partition had to consist of contiguous disk

space. This characteristic limited the partition to reside on a single physical drive. Itcould not span multiple hard disks. Since file systems were always contained within a

partition, no file system could be defined that would be larger than the largest physicaldrive. This meant that no single file could be larger than the largest physical drive.


IBM Power Systems

Traditional UNIX disk storage

Problems:

• Fixed partitions

• Expanding size of the partition

• Limitation on size of a file system and a file

• Contiguous data requirement

• Time and effort required in planning ahead

Partition 1

Partition 2

Partition 3

Partition 5

Partition 4

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 7-5. Logical Volume Manager components AN121.1

Notes:

Introduction

The AIX Logical Volume Manager controls disk storage resources by mapping databetween a simple and flexible logical view of storage space and the actual physical

disks.

This visual and these notes provide a brief overview of the basic components of LVM.

Components

A hierarchy of structures is used to manage disk storage:

• Volume groups

• Physical volumes

• Physical partitions

• Logical volumes

• Logical partitions


IBM Power Systems

Logical Volume Manager components

Logical

volume (LVs)

write(data);

Application

Logical

partitions (LPs)

Physicalpartitions (PPs)

Volume group

Physicalvolumes (PVs)

123456xy

z

7/23/2019 AN121STUD


Student Notebook




5.2

empty Volume group (VG)

A volume group (VG) is the largest unit of storage allocation. A VG consists of a group

of one or more physical volumes (disks) all of which are accessed under one VG name.The combined storage of all the physical volumes makes up the total size of the VG.

This space can be used by other storage entities like file systems and logical volumes.

VGs are portable and can be disconnected from one system and connected to anothersystem. All disks in the VG must move together.

Physical volume (PV)

A physical volume (PV) is the name for an actual disk or hard drive. A PV can be

internally or externally attached.

For a disk to be used by LVM, the disk must be added to a volume group, or a newvolume group must be set up for it.

A PV can only belong to one volume group (VG).

Physical partition (PP)

All of the physical volumes in a volume group are divided into physical partitions (PP).

All the physical partitions within a volume group are the same size, although differentvolume groups can have different PP sizes.

Logical volume (LV)

Within each volume group, one or more logical volumes (LV) are defined. Logical

volumes are groups of information located on physical volumes. Data on logicalvolumes appears to be contiguous to the user, but can be non-contiguous on the

physical volume, or can even be located on several physical volumes.

Logical partition (LP)

Each logical volume consists of one or more logical partitions (LP). Logical partitions

are the same size as the physical partitions within a volume group. Each logical partitionis mapped to at least one physical partition. Although the logical partitions are

numbered consecutively, the underlying physical partitions are not necessarily

consecutive or contiguous.

This allows file systems, paging space, and other logical volumes to be resized or

relocated, to span multiple physical volumes, and to have their contents replicated forgreater flexibility and availability in the storage of data.

7/23/2019 AN121STUD


Student Notebook




Figure 7-6. Physical storage AN121.1

Notes:

Introduction

Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunkscalled physical partitions (PP). Each physical partition size is the same across all the

disks in a volume group (VG). The PP size is set at the time the VG is created. The sizeis set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and

so forth). The default is 4 MB.

In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG

given the selected maximum number of PPs per PV (defaults to 1016). The smallest PPsize is 1 MB, which is supported by using a larger number of PPs per PV.

When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is

a number allocated by the operating system. It is usually the next available number.This file may be used to access the device directly but this is not often done.


IBM Power Systems

Physical storage

Volumegroup A

Volumegroup B

PV1

PV2 PV3 PV4 PV5

Physicalvolume /dev/hdiskn

PPn

PP3PP4PP5PP6

PP1PP2

-t factor Disks (PVs) PPs per PV Disks (PVs) -t factor

1 32 1016 128 12 16 2032 64 2

4 8 4064 32 4

8 4 8128 16 8

16 2 16256 8 16

N/A N/A 32512 4 32

N/A N/A 65024 2 64

Original volume groups Big volume groups

7/23/2019 AN121STUD


Student Notebook




5.2

empty Original volume group

Originally AIX supported VGs with a maximum of 32 PVs, no more than 1016 PPs per

disk, and an upper limit of 256 LVs per VG. This VG type is commonly referred to as theoriginal, normal, or volume group.

As disks increased in size, this meant that the PP size had to increase to use the entire

disk space and stay within the 1016 PPs per disk limit. Larger PPs means less flexibilityin allocating space for LVs, and potentially more wasted space.

For example, for an 18 GB disk, you must have a PP size of 32 MB. A PP size of 16 MB

would require 1152 PPs, over the limit.

Volume group -t factor

To handle the increase in hard disk drive capacity over time, AIX V4.3.1 implemented anew volume group factor, which can be specified by the -t flag of the mkvg command,

that allows you to increase the maximum number of PPs per disk proportional to the

given integer multiplier value. The maximum number of PVs decreases proportional tothe specified -t factor.

For example, if you wanted to use an 8 MB PP size with our 18 GB disks, you wouldneed at least 2304 PPs per disk. Setting the -t factor to 4 would allow 4064 PPs per

disk, but would limit us to 8 disks in the VG.

Big volume group

AIX V4.3.2 expanded the LVM scalability by introducing big volume groups. A big VGcan have up to 128 physical volumes and a maximum of 512 LVs defined with it. The

volume group -t factor can also be used with the big VG.

Using our 18 GB disk example, setting the -t factor to 4, would allow us to have a VGwith a PP size of 8 MB and 32 disks.

7/23/2019 AN121STUD


Student Notebook




Figure 7-7. Volume groups AN121.1

Notes:

Volume group types

With successive versions of AIX, new types of volume groups have been introducedwhich allow for greater capacities and greater flexibility:

• Original volume groups

When creating a volume group with SMIT or using the mkvg command, original

volume groups are the default.

• Big volume groups

Big volume groups were introduced with AIX V4.3.2. Besides increasing the numberof PVs per VG, the big volume group also doubled the maximum number of LVs per

VG from 255 to 512. Support for creating big volume groups through SMIT wasintroduced in AIX 5L V5.3. Previous to 5.3 big volume groups could only be created

from the command line.


IBM Power Systems

Volume groups

• AIX contains one mandatory Volumes Group: rootvg – rootvg is created on system install

– Contains the AIX Operating System

• Why create new volume groups? – Separate user data from operating system files. – Disaster recovery – Data portability – Data integrity and security

Volume GroupType

MaxPVs

Max LVs Max PPs perVG

Max PPSize

Original 32 256 32512(1016 * 32)

1 GB

Big 128 512 130048(1016 * 128)

1 GB

Scalable 1024 4096 2097152 128 GB

rootvg datavg

PV1 PV2 PV3

• Volume group types: – Original

– Big – Scalable

• Limits

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 7-8. Volume group descriptor area AN121.1

Notes:

Volume Group Descriptor Area (VGDA)

The Volume Group Descriptor Area (VGDA) is an area of disk, at least one per PV,containing information for the entire VG. It contains administrative information about the

volume group (for example, a list of all logical volume entries, a list of all the physicalvolume entries, and so forth). There is usually one VGDA per physical volume. The

exceptions are when there is a volume group with either one or two disks (as shown in

the visual).


IBM Power Systems

Volume group descriptor area

VGDA VGDA

VGDA VGDA

VGDAVGDA

VGDA

VGDA

VGDA

One-disk VG Two-disk VGThree-disk or more

VG

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 7-9. Logical storage AN121.1

Notes:

Logical partition

A physical partition is the smallest unit of disk allocation. Each logical partition maps toa physical partition which physically stores the data.

The logical partitions within a volume group are the same size as the physical partitions

within that volume group.

Logical volume

A logical volume consists of one or more logical partitions within a volume group.

Logical volumes may span physical volumes if the volume group consists of more thanone physical volume. Logical volumes do not need to be contiguous within a physical

volume, because the logical partitions within the logical volume are maintained to becontiguous. The view the system sees is the logical one. Thus, the physical partitions

they point to can reside anywhere on the physical volumes in the volume group.


IBM Power Systems

Physical volumes

1

7

1319

25313541

47

28

1420

2632

3642

48

34

910

1516

2122

2728

3334

3738

4344

4950

Logical Volume Manager

1

7

1319

253135

41

47

28

14202632

3642

48

34

910

1516

2122

2728

3334

3738

4344

4950

Logical storage

1 2 3 4 1 2 3 4

Logicalvolume

Logicalpartitions

Logicalvolume

7/23/2019 AN121STUD


Student Notebook




5.2

empty Logical volumes may be increased in size at any time, assuming that there are sufficientfree physical partitions within the volume group. This can be done dynamically through

SMIT even when users are doing work in that logical volume. However, logical volumescannot easily be decreased and require a file system backup and restore to a

re-created smaller logical volume.

The mapping of which logical partition corresponds to which physical partition, is

maintained in the VGDA for the volume group. It is both a physical view and a logicalview.

LVM mapping

The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)and the LVM subroutine interface library. The LVM controls disk resources by mapping

data between a more simple and flexible logical view of storage space, and the actualphysical disks. The LVM does this using a layer of device driver code that runs above

traditional disk device drivers.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 7-11. What is a file system? AN121.1

Notes:

Introduction

A file system is a directory hierarchy for storing files. It has a root directory andsubdirectories. In an AIX system, the various file systems are joined together so that they

appear as a single file tree with one root. Many file systems of each type can be created.

Because the available storage is divided into multiple file systems, data in one file systemcould be on a different area of the disk than data of another file system. Because file

systems are of a fixed size, file system full errors can occur when that file system hasbecome full. Free space in one file system cannot automatically be used by an alternate file

system that resides on the same physical volume.


IBM Power Systems

What is a file system?

• A file system is: – Method of storing data

– Hierarchy of directories

• Seven types supported:

– Journaled File System (JFS)

– Enhanced Journaled File System (JFS2)

– CD-ROM File System (CDRFS)

– DVD-ROM File System (UDFS)

– Network File System (NFS)

– Common Internet Filesystem (CIFS) – Proc File System (PROCFS)

• Different file systems are connected together throughdirectories to form the view of files that users see.

7/23/2019 AN121STUD


Student Notebook




5.2

empty Supported file systems

AIX supports seven file system types:

• JFS - Journaled File System, exists within a logical volume on disk

• JFS2- Enhanced Journaled File System, exists within a logical volume on disk

• CDRFS - CD-ROM File System on a Compact Disc • UDFS - Universal Disk Format (UDF) file system on DVD

• CIFS - Common Internet File System accessed across a network (To install CIFSsupport on AIX, install the bos.cifs_fs package)

• NFS - Network File System accessed across a network

• PROCFS - Proc file system maps processes and kernel data structures to

corresponding files

• NAMEFS - NameFS provides the function of file-over-file and directory-over-directory

mounts, also called soft mounts, that allows you to mount a subtree of a file system in adifferent place in the file name space. This allows a file to be accessed through twodifferent path names.

Although these are physically different, they appear the same to users and applications.

7/23/2019 AN121STUD


Student Notebook




Figure 7-12. Why have multiple file systems? AN121.1

Notes:

Benefits

A file system is a structure that allows you to organize your data. It is one level in thehierarchy of your data. By placing data in separate file systems, it allows for ease of

control and management of the data.

File systems can be placed on the disk in areas that provide the best performance.

Many times, backups and recoveries are done at a file system level.

Limit disk usage

Since the administrator determines the size of the file system, users are allocated only acertain amount of shared disk space. This helps to control disk usage. The

administrator can also impose more granular control over that disk space by limitinghow much space an individual user can use in a file system. This is known as file

system quotas.


IBM Power Systems

Why have multiple file systems?

• Can strategically place it on disk for improved performance

• Some tasks are performed more efficiently on a file systemthan on each directory within the file system, for example, backup, move, secure an entire file system.

• Can limit disk usage of users by file system through quotas

• Maintain integrity of the entire file system structure, forexample, if one file system is corrupted, the others are notaffected

• Special security situations

• Organize data and programs into groups for ease of filemanagement and better performance

7/23/2019 AN121STUD


Student Notebook




5.2

empty Data is not all in one place

By having several different file systems, all of your data is not in one place. If a file

system ever becomes corrupted, the other file systems are not affected. Also,administrators can take a file system offline without affecting other file systems. This is

helpful when performing back ups or when limiting user access to the file system forsecurity reasons.

7/23/2019 AN121STUD


Student Notebook




Figure 7-13. Standard file systems in AIX AN121.1

Notes:

Initial file systems

When AIX is first installed on a stand-alone system there are only seven journaled filesystems and one pseudo file system (/proc) in existence:

/ (root) = /dev/hd4

• At the top of the hierarchical file tree. It contains the files and directories critical for

system operations including the device directory and programs that complete the bootprocess.

/usr = /dev/hd2

• Operating system commands, libraries, and application programs

• Can be shared across the network


IBM Power Systems

Standard file systems in AIX

home sbin opt lpp proc usr dev tftpboot var mnt etc tmp

/ (root)

hd4

hd1 hd9var hd3

/ / /

hd2

/

libbin sbin spool adm tmp

/

hd10opt

csm freeware

Note: The drawing depicts logical, not physical volumes.

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 7-14. /etc/filesystems AN121.1

Notes:

What is /etc/filesystems?

The /etc/filesystems file, documents the layout characteristics, or attributes of filesystems. It is in a stanza format which means a resource is named followed by a colon

and a listing of its attributes in the form of attributes = value.

Each stanza in the /etc/filesystems file, names the directory where the file system isnormally mounted.

File system attributes

The file system attributes specify all the parameters of the file system. They are as

follows:

dev For local mounts, identifies the block special file where the file systemresides, or the file or directory to be mounted


IBM Power Systems

/etc/filesystems

/:dev = /dev/hd4vol = rootmount = automaticcheck = falsevfs = jfs2log = /dev/hd8type = bootfs

/home:dev = /dev/hd1vol = /homemount = truecheck = truevfs = jfs2

log = /dev/hd8

/home/team01:dev = /dev/fslv00vfs = jfs2log = /dev/loglv00mount = trueoptions = rwaccount = false

7/23/2019 AN121STUD


Student Notebook




5.2

empty vol Used by the mkfs command when initiating the label on a new filesystem

mount Used by the mount command to determine whether a file system

should be mounted by default. Possible values are:

automatic File system mounted automatically at system startup

true File system mounted by the mount all command.This command is issued during system initialization toautomatically mount such file systems.

false File system is not automatically mounted

check Used by the fsck command to determine the default file systems to be

checked. True enables checking

vfs Specifies the type of mount. For example, vfs=jfs2.

log The device to which log data is written, as the file system is modified.This option is only valid for journaled file systems.

type Used to group together related file systems which can all be mounted

with the mount -t command

account Used to determine the file systems to be processed by the accounting

subsystem.

quote Allows the system administrator to control the number of files and datablocks that can be allocated to a user or group

7/23/2019 AN121STUD


Student Notebook




Figure 7-15. Mount AN121.1

Notes:

Mounting a file system

A file system has to be mounted in order for it to be available for use. Use the mount command or SMIT to do this. The file system can also be umounted using the umount or

unmount command, or SMIT. These commands can be executed by either the root user or a member of the system group.

It is possible to have file systems automatically mounted at boot time. This can be

specified in the /etc/filesystems file using the mount=automatic or mount=trueparameters.

Mount points

Full path names must be used when specifying the mount point. If SMIT is used to

create the file system, the mount point is created automatically.


IBM Power Systems

Mount

• mount is the glue that logically connects file systems to thedirectory hierarchy.

• File systems are associated with devices represented by specialfiles in /dev (the logical volume).

• When a file system is mounted, the logical volume and itscontents are connected to a directory in the hierarchical treestructure.

What to

mount

Where to

mount it

# mount /dev/fslv00 /home/patsie# mount /dev/fslv00 /home/patsie

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 7-16. Mounting over an empty directory AN121.1

Notes:

Accessing data in a file system

In order for users to get access to the data contained in a file system, it must bemounted. When the file system is mounted, it becomes a part of the hierarchical tree

structure of files and directories. From the user’s perspective, there is no way to tellwhere one file system ends and another begins.


IBM Power Systems

Mounting over an empty directory

Before

patsieliz john

docdata.profile.exrcmyscript

After

liz john


home home

/

patsie

7/23/2019 AN121STUD


Student Notebook




Figure 7-17. Mounting over files AN121.1

Notes:

What happens when mounting over files?

It is possible to mount over files and subdirectories. The result is that the files andsubdirectories that have been mounted over are now hidden from the users, that is,

inaccessible. They have not been lost though. They are again accessible when the

unmount command has been executed on the covering file system.

Not everyone has the authority to mount file systems randomly. Authority is based on

two things: what the default mount point is, as specified in the file /etc/filesystems, andwhether the user has write authority to that mount point. Users can issue file or directory

mounts provided they belong to the system group and have write access to the mountpoint. They can do device mounts only to the default mount points mentioned in the file

/etc/filesystems. root can mount anywhere under any set of permissions.


IBM Power Systems

Mounting over files

Before After

liz john liz john



.profile

.exrcreports pgms

home home

/

patsiepatsie

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 7-18. Listing file systems AN121.1

Notes:

The lsfs command

You can list the various file systems that are defined using the lsfs command. Thiscommand displays information from /etc/filesystems and from the logical volumes in a

more readable format. The lsfs command also displays information about CD-ROMfile systems and remote NFS file systems.

The SMIT fastpath to get to the screen which accomplishes the same task as the lsfs

command is: smit fs.

The syntax for the lsfs command is:

lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]

The data may be presented in line and colon (-c) or stanza (-l) format. It is possible tolist only the file systems of a particular virtual file system type (-v), or within a particular

mount group (-u). The -q option queries the superblock for the fragment sizeinformation, compression algorithm, and the number of bytes per inode.


IBM Power Systems

Listing file systems

# lsfs

Name Nodename Mount Pt VFS Size Options Auto Accounting/dev/hd4 -- / jfs2 1966080 -- yes no

/dev/hd1 -- /home jfs2 131072 -- yes no

/dev/hd2 -- /usr jfs2 4587520 -- yes no

/dev/hd9var -- /var jfs2 655360 -- yes no

/dev/hd3 -- /tmp jfs2 393216 -- yes no

/proc -- /proc procfs -- -- yes no

/dev/hd10opt -- /opt jfs2 524288 -- yes no

/dev/hd11admin -- /admin jfs2 262144 -- yes no

/dev/fslv00 -- /db2 jfs2 262144 rw no no

# lsfs

Name Nodename Mount Pt VFS Size Options Auto Accounting

/dev/hd4 -- / jfs2 1966080 -- yes no





/proc -- /proc procfs -- -- yes no



/dev/fslv00 -- /db2 jfs2 262144 rw no no

7/23/2019 AN121STUD


Student Notebook




Figure 7-19. Listing logical volume information AN121.1

Notes:

Viewing logical volume information

lsvg -l rootvg

Provides information about the logical volumes in the rootvg volume group.

lslv lvname

This provides status information about the selected logical volume within the volume

group. For example, lslv hd6.


IBM Power Systems

Listing logical volume information

• List all logical volumes for a volume group

# lsvg -l rootvg

rootvg:

LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT

hd5 boot 1 2 2 closed/syncd N/A

hd6 paging 8 16 2 open/syncd N/A

hd8 jfs2log 1 2 2 open/syncd N/A

hd4 jfs2 15 30 2 open/syncd /

hd2 jfs2 35 70 2 open/syncd /usr

hd9var jfs2 5 10 2 open/syncd /var

hd3 jfs2 3 6 2 open/syncd /tmp

hd1 jfs2 1 2 2 open/syncd /home

loglv00 jfs2log 1 2 2 closed/syncd N/Ahd11admin jfs 2 4 2 open/syncd /admin

fslv00 jfs2 2 4 2 closed/syncd /db2

# lsvg -l rootvg

rootvg:




hd8 jfs2log 1 2 2 open/syncd N/A

hd4 jfs2 15 30 2 open/syncd /

hd2 jfs2 35 70 2 open/syncd /usr

hd9var jfs2 5 10 2 open/syncd /var

hd3 jfs2 3 6 2 open/syncd /tmp

hd1 jfs2 1 2 2 open/syncd /home

loglv00 jfs2log 1 2 2 closed/syncd N/Ahd11admin jfs 2 4 2 open/syncd /admin


7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 7-20. Checkpoint (1 of 3) AN121.1

Notes:

For each item in the visual, fill in the blanks to complete the correct term for the indicated

LVM component.


IBM Power Systems

Checkpoint (1 of 3)

VGDA

1. V______ G______ D ______ A______

2. P______ P ______

3. L_____ P______

4. L______ V_______

6. P______ V______

5. V______ G______

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint (2 of 3)

7. How many different physical partition (PP) sizes can be set withina single VG? ____________

8. By default, how big are PPs? ____________________________________________

____________________________________________

9. How many volume groups (VGs) can a physical volume (PV)belong to?

a) Depends on what you specify through SMIT

b) Only onec) As many VGs as exist on the system

10. True or False: All VGDA information on your system is identical,regardless of how many volume groups (VGs) exist.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint (3 of 3)

Use the following output to answer the questions below:

11. With which logical volume is the /home file system associated? _____________________________________________________

12. What type of file systems are being displayed? _____________________________________________________

13. What is the mount point for the file system located on the /dev/hd4 logicalvolume? _____________________________________________

14. Which file system is used primarily to hold user data and home directories? _____________________________________________________

# lsfs


/dev/hd4 -- / jfs2 294912 -- yes no






/dev/cd0 -- /infocd cdrfs ro yes no

/dev/lv00 -- /home/john jfs2 32768 rw yes no


# lsfs

Name Nodename Mount Pt VFS Size Options Auto Accounting/dev/hd4 -- / jfs2 294912 -- yes no









7/23/2019 AN121STUD


Student Notebook




Figure 7-23. Exercise 7 AN121.1.

Notes:


IBM Power Systems

Exercise 7

Systemstorage

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary


• Describe the terminology and concepts associated with:

– Physical volumes

– Volume groups

– Logical volumes

– Physical partitions

– Logical partitions

• Describe how file systems and logical volumes arerelated

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 8. Working with the Logical Volume Manager 8-1

5.2

empty Unit 8. Working with the Logical Volume Manager


This unit describes how to work with logical volumes, physical

volumes, and volume groups.



• Add, change, and delete:

- Volume groups

- Logical volumes

- Physical volumes

• Describe essential LVM concepts, such as:- Mirroring

- Striping


Accountability:


• Exercise

References


Management

AIX Version 6.1 Command References




following address:http://publib.boulder.ibm.com/infocenter/systems/index.jsp

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives

After completing this unit, you should be able to:• Explain how to work with the Logical Volume Manager • Add, change, and delete:

– Volume groups – Logical volumes – Physical volumes

• Describe essential LVM concepts, such as: – Mirroring – Striping

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Physical volumes

The SMIT Physical Volumes menu allows the user to configure the physical volumes(fixed disks) in the system. This menu duplicates options on the Fixed Disks menu of

Devices.

Paging space

The SMIT Page Space menu allows a user to add, delete, activate, and list the pagingspaces available.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-3. SMIT volume group menu AN121.1

Notes:

The visual shows the SMIT screen that allows for the configuration of volume groups.

To get to this menu, use the SMIT fastpath, smit vg.


IBM Power Systems

SMIT volume group menu

Volume Groups


List All Volume Groups

Add a Volume Group

Set Characteristics of a Volume Group

List Contents of a Volume Group

Remove a Volume Group

Activate a Volume Group

Deactivate a Volume Group

Import a Volume Group

Export a Volume Group

Mirror a Volume Group

Unmirror a Volume GroupSynchronize LVM Mirrors

Back Up a Volume Group

Remake a Volume Group

Preview Information about a Backup

Verify the Readability of a Backup (Tape only)

View the Backup Log

List Files in a Volume Group Backup

Restore Files in a Volume Group Backup

Volume Groups


List All Volume Groups

Add a Volume Group

Set Characteristics of a Volume Group

List Contents of a Volume Group







Unmirror a Volume Group

Synchronize LVM Mirrors

Back Up a Volume Group


Preview Information about a Backup

Verify the Readability of a Backup (Tape only)

View the Backup Log

List Files in a Volume Group Backup

Restore Files in a Volume Group Backup

7/23/2019 AN121STUD


Student Notebook




Figure 8-4. Adding a volume group to the system AN121.1

Notes:

The mkvg command

The mkvg command is used to create a volume group. A new volume group must contain

at least one physical volume. The -y option is used to indicate the name for the new volumegroup. If this is not specified, a system generated name is used.

It is best not to select a physical partition size as the system will select the best fit

automatically. The default is the smallest physical partition size consistent with themaximum PP/PV and the largest physical volume in the volume group.

Using SMIT

The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to

access that volume group. This field is most often used for PowerHA where the majornumber ideally should be the same for all nodes in the cluster.

Concurrent capable VGs are used for parallel processing applications, whereby the volume

group is read/write accessible to multiple machines at the same time.


IBM Power Systems

Adding a volume group to the system

# smit mkvg

Add a Volume Group


Add an Original Volume Group

Add a Big Volume Group

Add a Scalable Volume Group

Add a Volume Group



Add a Big Volume Group

Add a Scalable Volume Group


[Entry Fields]VOLUME GROUP name [datavg]

Physical partition SIZE in megabytes +

* PHYSICAL VOLUME names [hdisk1 hdisk2] +

Force the creation of a volume group? no +

Activate volume group AUTOMATICALLY yes +

at system restart?

Volume Group MAJOR NUMBER [] +#

Create VG Concurrent Capable? no +


[Entry Fields]

VOLUME GROUP name [datavg]

Physical partition SIZE in megabytes +

* PHYSICAL VOLUME names [hdisk1 hdisk2] +

Force the creation of a volume group? no +

Activate volume group AUTOMATICALLY yes +

at system restart?


Create VG Concurrent Capable? no +

mkvg –y datavg hdisk1 hdisk2

7/23/2019 AN121STUD


7/23/2019 AN121STUD


Student Notebook




Figure 8-6. Listing volume groups and VG attributes AN121.1

Notes:

The lsvg command, with no parameters, lists the volume groups in the system. If used with

the –o options, all varied on/active volume groups are displayed.

To further list the information about the status and content of a particular volume group, run

lsvg <Volumegroup_name>

The output provides status information about the volume group. The most useful

information here is:

• Volume group state (VG STATE - active or inactive/complete if all physical volumes areactive)

• Physical partition size

• Total number of physical partitions (TOTAL PPs)

• Number of free physical partitions (FREE PPs)


IBM Power Systems

Listing volume groups and VG attributes

# lsvg

rootvg

datavgdb2_vg

# lsvg -o

datavg

rootvg

# lsvg

rootvg

datavg

db2_vg

# lsvg -o

datavg

rootvg

# lsvg rootvg

VOLUME GROUP: rootvg VG IDENTIFIER:

00cf2e7f00004c000000011cec07b52e

VG STATE: active PP SIZE: 64 megabyte(s)

VG PERMISSION: read/write TOTAL PPs: 130 (8320 megabytes)

MAX LVs: 256 FREE PPs: 54 (3456 megabytes)LVs: 11 USED PPs: 76 (4864 megabytes)

OPEN LVs: 9 QUORUM: 2 (Enabled)

TOTAL PVs: 2 VG DESCRIPTORS: 3

STALE PVs: 0 STALE PPs: 0

ACTIVE PVs: 2 AUTO ON: yes

MAX PPs per VG: 32512

MAX PPs per PV: 1016 MAX PVs: 32

LTG size (Dynamic): 256 kilobyte(s) AUTO SYNC: no

HOT SPARE: no BB POLICY: relocatable

# lsvg rootvg

VOLUME GROUP: rootvg VG IDENTIFIER:

00cf2e7f00004c000000011cec07b52e

VG STATE: active PP SIZE: 64 megabyte(s)

VG PERMISSION: read/write TOTAL PPs: 130 (8320 megabytes)

MAX LVs: 256 FREE PPs: 54 (3456 megabytes)LVs: 11 USED PPs: 76 (4864 megabytes)

OPEN LVs: 9 QUORUM: 2 (Enabled)

TOTAL PVs: 2 VG DESCRIPTORS: 3

STALE PVs: 0 STALE PPs: 0

ACTIVE PVs: 2 AUTO ON: yes

MAX PPs per VG: 32512

MAX PPs per PV: 1016 MAX PVs: 32

LTG size (Dynamic): 256 kilobyte(s) AUTO SYNC: no

HOT SPARE: no BB POLICY: relocatable

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-7. Listing PVs in a VG and VG contents AN121.1

Notes:

The lsvg -p Volumegroup command gives information about all of the physical volumes

within the volume group. The information given is:

• Physical volume name (PV_NAME)

• Physical volume state (PV STATE - active or inactive)

• Total number of physical partitions (TOTAL PPs)

• Number of free physical partitions (FREE PPs)

• How the free space is distributed across the disk (FREE DISTRIBUTION)

Free distribution is the number of physical partitions allocated within each section of the

physical volume: outer edge, outer middle, center, inner middle, and inner edge.

The lsvg -l Volumegroup command gives information about all of the logical volumeswithin the volume group. The details given are:

• Logical volume name (LVNAME)


IBM Power Systems

Listing PVs in a VG and VG contents

# lsvg -p rootvg

rootvg:PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION

hdisk0 active 99 23 15..00..00..00..08

hdisk5 active 31 31 07..06..06..06..06

# lsvg -p rootvg

rootvg:

PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTIONhdisk0 active 99 23 15..00..00..00..08

hdisk5 active 31 31 07..06..06..06..06

# lsvg -l rootvg

rootvg:




hd8 jfslog 1 1 1 open/syncd N/Ahd4 jfs 15 15 1 open/syncd /

hd2 jfs 35 35 1 open/syncd /usr

hd9var jfs 5 5 1 open/syncd /var

hd3 jfs 3 3 1 open/syncd /tmp

hd1 jfs 1 2 1 open/syncd /home

hd10opt jfs 4 4 1 open/syncd /opt

# lsvg -l rootvg

rootvg:




hd8 jfslog 1 1 1 open/syncd N/Ahd4 jfs 15 15 1 open/syncd /




hd1 jfs 1 2 1 open/syncd /home

hd10opt jfs 4 4 1 open/syncd /opt

7/23/2019 AN121STUD


Student Notebook




• Type of logical volume (TYPE, for example, file system, paging)

• Number of LPs (LPs)

• Number of physical partitions (PPs)

• Number of physical volumes (PVs)

• Logical volume state (LV STATE)

• Mount point (MOUNT POINT), if the logical volume contains a journaled file system

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-8. Change a volume group AN121.1

Notes:

The chvg command changes the characteristics of a volume group. In the example shown

in the visual attributes, Activate volume group AUTOMATICALLY at system

restart? and A QUORUM of disks required to keep the volume groupon-line? were set to No, which causes the following command to run: chvg –a n –Q n

datavg


IBM Power Systems

Change a volume group

# smit chvg

Change a Volume Group

[Entry Fields]

* VOLUME GROUP name datavg

* Activate volume group AUTOMATICALLY no +

at system restart?

* A QUORUM of disks required to keep the volume no +

group on-line ?

Convert this VG to Concurrent Capable? no +

Change to big VG format? no +

Change to scalable VG format? no +LTG Size in kbytes 256 +

Set hotspare characteristics n +

Set synchronization characteristics of stale n +

partitions

Max PPs per VG in units of 1024 32 +

Max Logical Volumes 256 +

Change a Volume Group

[Entry Fields]


* Activate volume group AUTOMATICALLY no +

at system restart?

* A QUORUM of disks required to keep the volume no +

group on-line ?

Convert this VG to Concurrent Capable? no +

Change to big VG format? no +

Change to scalable VG format? no +

LTG Size in kbytes 256 +Set hotspare characteristics n +

Set synchronization characteristics of stale n +

partitions

Max PPs per VG in units of 1024 32 +

Max Logical Volumes 256 +

chvg –a n –Q n datavg

7/23/2019 AN121STUD


Student Notebook




Figure 8-9. Extend and reduce a VG AN121.1

Notes:

Add a Physical Volume to a Volume Group

To add a disk to an existing volume group, use the extendvg command or SMIT fastpath smit extendvg. The disk must be installed in the system or connected to it externally,and must be powered on.

extendvg formats the disk into physical partitions and then adds them to the physical

partition mapping maintained in the VGDA for the volume group. The space on the newdisk is now available to be allocated to logical volumes in the volume group. If the existing

data in the VGDA on the disk shows that it is part of another volume group, the -f optionforces the addition of the disk to the volume group, without requesting confirmation. Use

this option when adding a disk which has been previously used, but contains data which isno longer needed.

The syntax for the extendvg command is:

extendvg [-f] Volumegroup hdiskn


IBM Power Systems

Extend and reduce a VG

hdisk0 hdisk1

hdisk2

# extendvg -f rootvg hdisk2

# lsvg -p rootvg | awk ‘{print $1, $2}’

rootvg:PV_NAME PV STATE

hdisk0 active

hdisk1 active

hdisk2 active

# extendvg -f rootvg hdisk2


rootvg:

PV_NAME PV STATE

hdisk0 active

hdisk1 active

hdisk2 active

# reducevg -f rootvg hdisk1


rootvg:

PV_NAME PV STATE

hdisk0 active

hdisk2 active

# reducevg -f rootvg hdisk1


rootvg:

PV_NAME PV STATE

hdisk0 active

hdisk2 active

hdisk1

7/23/2019 AN121STUD


Student Notebook




5.2

empty Remove a Physical Volume from a Volume Group

The reducevg command is used to remove a physical volume from a volume group. If it isthe last physical volume, the volume group is removed. To remove a disk from the volume

group, first be sure to free up all the storage on the disk by either deleting the logicalvolumes or migrating them to some other disk in the volume group. Once there are no

logical volumes, on the disk, you can remove that disk from the volume group by using the

reducevg command or the SMIT fastpath smit reducevg.

The syntax for the reducevg command is:

reducevg [-d] [-f] Volumegroup hdiskn

The -d option deallocates the existing logical volume partitions, and then deletes resultantempty logical volumes from the specified physical volumes. User confirmation is required

unless the -f flag is added.

7/23/2019 AN121STUD


Student Notebook




Figure 8-10. Remove a volume group AN121.1

Notes:

You can use the smit reducevg2 fastpath to remove a volume group. It runs a script

which identifies what physical volumes are in the volume group and then runs the

reducevg command to remove each physical volume until there are no more physicalvolumes in the volume group.

The Remove a Volume Group menu does not have a corresponding high-levelcommand. The correct way to remove a volume group, is to use the Remove aPhysical Volume from a Volume Group option, which calls the reducevg

command. This removes the volume group when you remove the last physical volumewithin it.

The syntax of the reducevg command is:

reducevg [-d] [-f] VolumeGroup PhysicalVolume


IBM Power Systems

Remove a volume group


Type or select a value for the entry field.


[Entry Fields]

* VOLUME GROUP name [db2_vg] +


Type or select a value for the entry field.


[Entry Fields]

* VOLUME GROUP name [db2_vg] +

# smit reducevg2 reducevg -df db2_vg hdisk2 hdisk3

Note: There is no option to input disks. In this example db2_vg was containedon hdisk3.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-11. Activate and deactivate a volume group AN121.1

Notes:

The varyonvg command

The varyonvg command is used to activate a volume group that is not activated at system

startup, or has been added to the system since startup.

The -f option is used to force a volume group online. It allows a volume group to be madeactive that does not currently have a quorum of available disks. Any disk that cannot be

brought to an active state is put in a removed state. At least one disk must be available foruse in the volume group.

The varyoffvg command

The varyoffvg command is used to deactivate a volume group. No logical volumes

should be open when this command is issued. Removing a disk without deactivating thevolume group could cause errors and loss of data in the volume group descriptor areas,

and the logical volumes within that volume group.


IBM Power Systems

Activate and deactivate a volume group


[Entry Fields]

* VOLUME GROUP name [datavg] +

RESYNCHRONIZE stale physical partitions? yes +

Activate volume group in SYSTEM no +

MANAGEMENT mode?

FORCE activation of the volume group? no +

Warning--this may cause loss of data integrity.

Varyon VG in Concurrent Mode? no +

Synchronize Logical Volumes? no +


[Entry Fields]


RESYNCHRONIZE stale physical partitions? yes +

Activate volume group in SYSTEM no +

MANAGEMENT mode?

FORCE activation of the volume group? no +

Warning--this may cause loss of data integrity.

Varyon VG in Concurrent Mode? no +

Synchronize Logical Volumes? no +

# smit varyonvg varyonvg datavg


[Entry Fields]


Put volume group in SYSTEM no +

MANAGEMENT mode?


[Entry Fields]


Put volume group in SYSTEM no +

MANAGEMENT mode?

# smit varyoffvg varyoffvg datavg

7/23/2019 AN121STUD


Student Notebook




Figure 8-12. Import and export a volume group AN121.1

Notes:

Exporting a volume group

If you have a volume group on one or more external disks that you want to access on

another system, you must first export the volume group from the current system using the

exportvg command. This removes all information about the volume group from the

system. To export a volume group, it must be inactive.

Importing a volume group

To access an exported volume group on a system, it must be imported to the system usingthe importvg command. Never attempt to import rootvg.


IBM Power Systems

Import and export a volume group


[Entry Fields]


* PHYSICAL VOLUME name [hdisk3] +



[Entry Fields]


* PHYSICAL VOLUME name [hdisk3] +


# smit importvg importvg –y datavg hdisk3


[Entry Fields]



[Entry Fields]


# smit exportvg exportvg datavg

Note: Volume group must be inactive before it is exported.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-13. Reorganize a Volume Group AN121.1

Notes:

Reorganizing a volume group

If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner

edge, and inner middle) is changed after the logical volume is created, the physicalpartition does not relocate automatically. The reorgvg command is used to redistribute

the physical partitions of the logical volumes of a volume group according to their preferredallocation policies. This should improve disk performance. Preference is given in the order

listed on the command line.

reorgvg syntax

The syntax is: reducevg [-d] [-f] Volumegroup hdiskn

For example: reorgvg rootvg hd4 hd5

Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.


IBM Power Systems

Reorganize a Volume Group

# smit reorgvg


[Entry Fields]

* VOLUME GROUP name [rootvg] +


[Entry Fields]

* VOLUME GROUP name [rootvg] +

# reorgvg rootvg

0516-962 reorgvg: Logical volume hd5 migrated.




0516-962 reorgvg: Logical volume hd2 migrated.0516-962 reorgvg: Logical volume hd9var migrated.



0516-962 reorgvg: Logical volume hd10opt migrated.

0516-962 reorgvg: Logical volume loglv00 migrated.

0516-962 reorgvg: Logical volume hd11admin migrated.

0516-962 reorgvg: Logical volume fslv00 migrated.

# reorgvg rootvg





0516-962 reorgvg: Logical volume hd2 migrated.0516-962 reorgvg: Logical volume hd9var migrated.



0516-962 reorgvg: Logical volume hd10opt migrated.

0516-962 reorgvg: Logical volume loglv00 migrated.

0516-962 reorgvg: Logical volume hd11admin migrated.

0516-962 reorgvg: Logical volume fslv00 migrated.

7/23/2019 AN121STUD


Student Notebook




Figure 8-14. Logical storage AN121.1

Notes:

Logical volumes

A logical volume is a group of logical partitions which may span physical volumes, as long

as the physical volumes are in the same volume group. A file system resides on top of alogical volume (LV). A logical volume can be dynamically extended.

Logical partitions

Logical partitions are mapped one-to-one to physical partitions unless they are being

mirrored.


IBM Power Systems

Physical volumes

1

7

13

19

25313541

47

28

1420

2632

3642

48

34

910

1516

2122

2728

3334

3738

4344

4950

Logical Volume Manager

1

7

1319

253135

41

47

28

14202632

3642

48

34

910

1516

2122

2728

3334

3738

4344

4950

Logical storage

1 2 3 4 1 2 3 4

Logicalvolume

Logicalpartitions

Logicalvolume

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-15. LVM and RAID support AN121.1

Notes:

LVM supports three software RAID configurations:

• RAID 0. Striping provides improved performance and additional storage, but no fault

tolerance. Any disk failure destroys the array, which becomes more likely with moredisks in the array. A single disk failure destroys the entire array because when data is

written to a RAID 0 drive, the data is broken into fragments. The fragments are writtento their respective disks simultaneously on the same sector. This allows smaller

sections of the entire chunk of data to be read off the drive in parallel, giving this type of

arrangement huge bandwidth. RAID 0 does not implement error checking so any erroris unrecoverable. More disks in the array means higher bandwidth, but greater risk ofdata loss.

• RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three

copies of the data on different drives.

• RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerancealong with improved performance.


IBM Power Systems

LVM and RAID support

• LVM supports the following three software RAID configurations: – RAID 0, Striping

– RAID 1, Mirroring (up to 3 copies) – RAID 10 or 1 + 0, Striping + Mirroring

• Striping aides performance, whereas mirroring aides availability.

• In today’s environment, most data resides in SANs. Disks in a SAN aregenerally grouped together into a RAID array and divided into LUNs. – AIX sees LUNs as physical disks. – One should not further deploy AIX RAID configurations on top of H/W (SAN)

RAID configurations. – SAN environments provide greater levels of RAID support. (performance and

availability) – LUNs can be increased in size, if so AIX must know about it:

# chvg -g datavg

7/23/2019 AN121STUD


Student Notebook




Figure 8-16. LVM options which affect performance AN121.1

Notes:

The visual highlights key LVM options which affect performance.


IBM Power Systems

LVM options which affect performance

• Inter- and intra-policy – Logical volume placement on disk

• Scheduling policy – Dictates how data is read/written for mirrored LVs

• Mirror write consistency – Ensures mirrored PPs are consistent

• Write verify – Verifies all writes with a read operation – Default is no. Generally it is not recommended to set to yes as it will

impact system (write) performance.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-17. Mirroring (RAID1) AN121.1

Notes:

Mirroring of data over multiple drives protects against a potential hardware failure. The

structure of LVM enables mirroring by manipulating the relationship between the physical

partition and the logical partition. The AIX mirror function does not apply to a physical disk,only to logical volumes. This is the most important principle to understand for the AIX LVM

mirroring function. In a normal operating environment each physical partition is mapped toa logical partition. When you mirror data, the ratio becomes one logical partition to two

physical partitions for a two-way mirror. Or, one logical partition to three physical partitionsfor a three-way mirror.


IBM Power Systems

Mirroring (RAID1)

• Mirroring is when a logical partition maps to more than onephysical partition of the same volume group.

First copy

Second copy

Third copy

PP1

PP2

hdisk0

PP1

PP2

hdisk1

PP1

PP2

hdisk2

fslv00LP1

LP2

7/23/2019 AN121STUD


Student Notebook




Figure 8-18. Mirroring, allocation AN121.1

Notes:

When mirroring data, it is essential that all PP copies are stored on different disks. The

placement of PP is governed by the allocation policy, which by default is set to strict . Strict

policy ensures that all mirrored copies are placed on different disks. However, under LVMRAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the

data are on the same disk. To protect against this, the system will automatically set theallocation policy to superstrict .


IBM Power Systems

Mirroring, allocation

• When mirroring, it is essential that all PP copies are stored ondifferent disks.

• This setting is controlled by the “Allocation” policy. – Also referred to as “strictness”

• Allocation can be set to: – No: Not recommended. – Yes (default): Will ensure no LP copies can share the same PV – Superstrict: Will ensure no LP copies can shares the same PV in an

LVM RAID 0 + 1 (10) configuration

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-19. Striping (RAID 0) AN121.1

Notes:

Striping

Striping is a technique for spreading the data in a logical volume across several disks, so

that the I/O capacity of the disk drives can be used in parallel, so to access data on thelogical volume.

Striping is designed to increase the read/write performance of frequently accessed, large

sequential files. Striping can also be used to distribute data evenly across a set of disks, sothat random I/O can be scattered across many drives simultaneously. In non-striped logical

volumes, data is accessed using addresses to data blocks within physical partitions. In astriped logical volume, data is accessed using addresses to stripe units.

Stripe size

The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB

-128 MB in powers of two.

Constraints

There are some constraints imposed by implementing striping:


IBM Power Systems

Striping (RAID 0)

• Consecutive stripe units

are created on differentphysical volumes.

• Striping increasesread/write sequentialthroughput by evenlydistributing stripe unitsamong disks.

• Stripe unit size is specifiedat the creation time. – 4KB to 128MB

LP1

LP2

LP3

1 4 7

25 8

3 6 9

hdisk0

hdisk1

hdisk2

12

34567

89

StripeUnits

Stream of data

7/23/2019 AN121STUD


Student Notebook




• The number of physical partitions allocated to a striped logical volume must evenlydistributable among the disks.

• At least two physical volumes are required

Performance considerations

There are some considerations in configuring striping for performance:

• Use as many adapters as possible. For example, if multiple disks in the stripe width areon the same storage adapter, a read/write of a stripe is not able to read/write the stripe

units in parallel.

• Design to avoid contention with other uses of the disks used by the striped logicalvolume.

• Create on a volume group dedicated to striped logical volumes.

It is not a good idea to mix striped and non-striped logical volumes in the same physical

volume. Physical volumes should ideally be the same size within the set used for a stripedlogical volume. Just because a logical volume is striped, it does not mean that the file's

data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file blockcrosses a stripe boundary, the block gets split into multiple LVM I/Os.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-20. Striping and mirroring (RAID 10 or 1+0) AN121.1

Notes:

RAID 10 meets performance and high availability requirements by mirroring strip sets to

different disks. However, this comes at a cost as more disks are required (minimum 4).


IBM Power Systems

Striping and mirroring (RAID 10 or 1+0)

1 3 5

2 4 6

hdisk0

hdisk1

12

3456

Stream of data

1 3 5

2 4 6

hdisk2

hdisk3

• Meets performance and high availability requirements• More expensive (requires more disks, minimum 4)• Mirroring allocation is automatically set to ‘superstrict’

7/23/2019 AN121STUD


Student Notebook




Figure 8-21. Logical volume placement AN121.1

Notes:

Introduction

When creating or changing a logical volume you can define the way the Logical Volume

Manager decides which physical partitions to allocate to the logical volume. This affects theperformance of the logical volume.

Intra-physical volume allocation policy

The intra-disk allocation policy choices, are based on the five regions of a disk where

physical partitions can be located. The closer a given physical partition is to the center of aphysical volume, the lower the average seek time is because the center has the shortest

average seek distance from any other part of the disk. The file system log is a goodcandidate for allocation at the center of a physical volume, because it is so frequently used

by the operating system. At the other extreme, the boot logical volume is used infrequently,and is therefore allocated at the edge or middle of the physical volume. The general rule is

that the more I/Os, either absolutely or during the running of an important application, thecloser to the center of the physical volumes the physical partitions of the logical volume

need to be allocated.


IBM Power Systems

Logical volume placement

• Intra-physical volume allocation policy

• Inter-physical volume allocation policy – Minimum (default)

• 1 LV copy. One (or minimum) PV should contain all PPs• 2 or 3 LV copies. Use as many PVs as copies, keeping PV usage down

to a minimum.

– Maximum• PPs should be spread over as many PVs as possible.

Edge

Middle Inner-edge

Inner-middleCenter

Note: These settings have little effect when used in SAN environments, wherebyLUNs are in RAID configurations.

7/23/2019 AN121STUD


Student Notebook




5.2

empty Inter-physical volume allocation policy

If the minimum inter-disk setting is selected, the physical partitions assigned to the logicalvolume are located on a single disk to enhance availability. If you select the maximum

inter-disk setting (range = maximum), the physical partitions are located on multiple disksto enhance performance.

7/23/2019 AN121STUD


Student Notebook




Figure 8-22. Mirroring scheduling policy AN121.1

Notes:

Scheduling policies

The scheduling policy determines how reads and writes are conducted to a mirrored logical

volume. LVM offers several scheduling policies for mirrored volumes to control how data iswritten and read from the copies.

Sequential write

Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical

partitions representing the mirrored copies of a single logical partition are designatedprimary, secondary, and tertiary. In sequential scheduling, the physical partitions are written

to in sequence. The system waits for the write operation for one physical partition tocomplete, before starting the write operation for the next one. When all write operations

have been completed for all mirrors, the write operation is complete.

Parallel write


IBM Power Systems

Mirroring scheduling policy

• Scheduling policies when mirroring:

– Parallel (default)• Write operations on different physical partitions start at the same time.• When the longest write finishes, the write operation is complete.• Improves performance (especially RAID-Performance)

– Parallel write/sequential read> Primary copy is read first, I f unsuccessful, the next copy is used.

– Parallel write/round robin read> Round-robin reads alternate disks between copies.

– Sequential

• Second physical write operation is not started unless the first operationhas completed successfully.• In case of a total disk failure, there is always a “good copy”.• Increased availability, but decreases performance

7/23/2019 AN121STUD


Student Notebook




5.2

empty Parallel mirroring simultaneously starts the write operation for all the physical partitions in alogical partition. When the write operation to the physical partition that takes the longest to

complete finishes, the write operation is completed.

Sequential read

When a sequential read is specified, the primary copy of the read is always read first. If thatread operation is unsuccessful, the next copy is read. During the read retry operation on

the next copy, the failed primary copy is corrected by LVM with a hardware relocation. Thispatches the bad block for future access.

Parallel read

On each read, the system checks whether the primary is busy. If it is not busy, the read isinitiated on the primary. If the primary is busy, the system checks the secondary, and then

the tertiary. If those are also busy, the read is initiated in the copy with the least number ofoutstanding I/Os.

Round-robin read

Round-robin reads alternate between copies. This results in equal utilization for reads,even when there is more than one I/O outstanding.

Which is right for me?

Each of the scheduling policies provide benefits, as well as drawbacks. When deciding ona method of mirroring, you need to take into consideration how critical the data is, and

performance. The trade off is performance, versus availability. In general, a mirrored logicalvolume is slower than an unmirrored logical volume, because you have to write the data in

two or three places. The exception can be a mirrored LV in a high-read environment. If yourapplication does mostly reads, and you are using parallel or parallel/round robin

scheduling, reads may complete faster because the I/Os are spread across multiple disks,which can occur simultaneously if the disks are on separate controllers. One of the parallel

scheduling policies usually provides the best performance in a write intensive environment,because writes can proceed in parallel. However, there is some additional overhead, and

mirrored logical volumes are usually slower than comparable unmirrored logical volumes ina write intensive environment. Sequential scheduling provides the worst performance, but

provides the best chance of recovering data in the event of a system crash in the middle ofa write operation. Sequential scheduling makes it more likely that you have at least one

good copy, the primary copy, of a logical partition after a crash.

Synchronization

When turning on mirroring for an existing logical volume, the copies have to be

synchronized so the new copy contains a perfect image of the existing copy, at that point intime. This can be done by using the -k option on the mklvcopy command at the time

mirroring is turned on, or with the syncvg command at a later time. Until the copies aresynchronized, the new copy is marked stale .

7/23/2019 AN121STUD


Student Notebook




Figure 8-23. Mirror write consistency AN121.1

Notes:

The LVM always ensures data consistency among mirrored copies of a logical volume

during normal I/O processing.

For every write to a logical volume, the LVM generates a write request for every mirrorcopy. A problem arises if the system crashes in the middle of processing a mirrored write,

and before all copies are written. If mirror write consistency recovery is requested for alogical volume, the LVM keeps additional information to allow recovery of these

inconsistent mirrors. Mirror write consistency recovery should be performed for most

mirrored logical volumes. Logical volumes, such as the page space that do not use theexisting data when the volume group is re-varied on, do not need this protection.

The Mirror Write Consistency (MWC) record consists of one sector. It identifies whichlogical partitions may be inconsistent if the system is not shut down correctly. When the

volume group is varied back online, this information is used to make the logical partitionsconsistent again. Note: With Mirror Write Consistency LVs, because the MWC control

sector is on the edge of the disk, performance may be improved if the mirrored logicalvolume is also on the edge.


IBM Power Systems

Mirror write consistency

• Problem: If the system crashes before the write to all mirrorsis complete, the mirrors are in an inconsistent state, and thesystem must distinguish between the old copy and the newcopy.

• Solution: Mirror Write Consistency – Ensures PPs are consistent after reboot – Three modes: off, active, and passive – Active (default)

• Uses a cache on disk

• The physical write operation proceeds when the cache has beenupdated.

– Passive. (Big VGs only)• Logging of LV updates, but does not log writes• If the system crashes on reboot, a forced synchronization of the LVs

takes place.

7/23/2019 AN121STUD


Student Notebook




5.2

empty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write

Consistency is available. The default mechanism for ensuring mirror write consistency is

Active MWC . Active MWC provides fast recovery at reboot time after a crash has occurred.However, this benefit comes at the expense of write performance degradation, particularly

in the case of random writes. Disabling Active MWC eliminates this write-performancepenalty, but upon reboot after a crash, you must use the syncvg -f command to manually

synchronize the entire volume group, before users can access the volume group. Toachieve this, automatic vary-on of volume groups must be disabled.

Enabling Passive MWC not only eliminates the write-performance penalty associated with

Active MWC, but logical volumes will be automatically resynchronized as the partitions arebeing accessed. This means that the administrator does not have to synchronize logical

volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is thatslower read operations may occur, until all the partitions have been resynchronized.

You can select either mirror write consistency option within SMIT, when creating or

changing a logical volume. The selection option takes effect only when the logical volumeis mirrored (copies > 1).

7/23/2019 AN121STUD


Student Notebook




Figure 8-24. SMIT logical volume menu AN121.1

Notes:

This is the top-level SMIT menu for logical volumes. The next few pages discuss these

items.


IBM Power Systems

SMIT logical volume menu

# smit lv

Logical Volumes


List All Logical Volumes by Volume Group

Add a Logical Volume

Set Characteristic of a Logical Volume

Show Characteristics of a Logical Volume

Remove a Logical Volume

Copy a Logical Volume

Logical Volumes


List All Logical Volumes by Volume Group


Set Characteristic of a Logical Volume

Show Characteristics of a Logical Volume


Copy a Logical Volume

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-25. Adding a logical volume AN121.1

Notes:

The mklv command creates a logical volume. The name of the logical volume can be

specified or a system-generated name is used. The volume group the logical volume

belongs to, and the size (in logical partitions, must be specified. Other characteristics thatcan be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.


IBM Power Systems

Adding a logical volume

# smit mklv


[Entry Fields]

Logical volume NAME [datalv]


* Number of LOGICAL PARTITIONS [100] #

PHYSICAL VOLUME names [hdisk2 hdisk3] +

Logical volume TYPE [jfs2] +

POSITION on physical volume middle +

RANGE of physical volumes minimum +

MAXIMUM NUMBER of PHYSICAL VOLUMES [] #

to use for allocation

Number of COPIES of each logical 2 +

partition

Mirror Write Consistency? active +

Allocate each logical partition copy yes +

on a SEPARATE physical volume?RELOCATE the logical volume during yes +

reorganization?

Logical volume LABEL []

MAXIMUM NUMBER of LOGICAL PARTITIONS [512] #

Enable BAD BLOCK relocation? yes +

SCHEDULING POLICY for writing/reading parallel +

logical partition copies

Enable WRITE VERIFY? no +

File containing ALLOCATION MAP []

Stripe Size? [Not Striped] +

Serialize IO? no +


[Entry Fields]

Logical volume NAME [datalv]


* Number of LOGICAL PARTITIONS [100] #

PHYSICAL VOLUME names [hdisk2 hdisk3] +

Logical volume TYPE [jfs2] +



MAXIMUM NUMBER of PHYSICAL VOLUMES [] #

to use for allocation


partition

Mirror Write Consistency? active +


on a SEPARATE physical volume?RELOCATE the logical volume during yes +

reorganization?

Logical volume LABEL []

MAXIMUM NUMBER of LOGICAL PARTITIONS [512] #

Enable BAD BLOCK relocation? yes +

SCHEDULING POLICY for writing/reading parallel +

logical partition copies

Enable WRITE VERIFY? no +


Stripe Size? [Not Striped] +

Serialize IO? no +

mklv –y datalv –t jfs2 –c 2 \

datavg 10 hdisk2 hdisk3

7/23/2019 AN121STUD


Student Notebook




Figure 8-26. Show LV characteristics (1 of 2) AN121.1

Notes:

To list the characteristics of a logical volume use the command: lslv<logicalvolume_name>

The –l flag lists the following fields for each physical volume in the logical volume:

• PV: Physical volume name.

• Copies:

- The number of logical partitions containing at least one physical partition (no copies)

on the physical volume - The number of logical partitions containing at least two physical partitions (one copy)

on the physical volume

- The number of logical partitions containing three physical partitions (two copies) on

the physical volume


IBM Power Systems

Show LV characteristics (1 of 2)

# lslv -l datalv

datalv:N/A

PV COPIES IN BAND DISTRIBUTION

hdisk2 010:000:000 100% 000:010:000:000:000

hdisk3 010:000:000 100% 000:010:000:000:000

# lslv -l datalv

datalv:N/A

PV COPIES IN BAND DISTRIBUTION

hdisk2 010:000:000 100% 000:010:000:000:000

hdisk3 010:000:000 100% 000:010:000:000:000

# lslv datalv

LOGICAL VOLUME: datalv VOLUME GROUP: datavg

LV IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1PERMISSION: read/write

VG STATE: active/complete LV STATE: closed/syncd

TYPE: jfs2 WRITE VERIFY: off

MAX LPs: 512 PP SIZE: 4 megabyte(s)

COPIES: 2 SCHED POLICY: parallel

LPs: 10 PPs: 20

STALE PPs: 0 BB POLICY: relocatable

INTER-POLICY: minimum RELOCATABLE: yes

INTRA-POLICY: middle UPPER BOUND: 1

MOUNT POINT: N/A LABEL: None

MIRROR WRITE CONSISTENCY: on/ACTIVE

EACH LP COPY ON A SEPARATE PV ?: yes (superstrict)

# lslv datalv

LOGICAL VOLUME: datalv VOLUME GROUP: datavg

LV IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1

PERMISSION: read/write

VG STATE: active/complete LV STATE: closed/syncd

TYPE: jfs2 WRITE VERIFY: off

MAX LPs: 512 PP SIZE: 4 megabyte(s)

COPIES: 2 SCHED POLICY: parallel

LPs: 10 PPs: 20

STALE PPs: 0 BB POLICY: relocatable

INTER-POLICY: minimum RELOCATABLE: yes

INTRA-POLICY: middle UPPER BOUND: 1

MOUNT POINT: N/A LABEL: None

MIRROR WRITE CONSISTENCY: on/ACTIVE

EACH LP COPY ON A SEPARATE PV ?: yes (superstrict)

7/23/2019 AN121STUD


Student Notebook




5.2

empty • In band: The percentage of physical partitions on the physical volume that belong to thelogical volume, and were allocated within the physical volume region specified by

Intra-physical allocation policy

• Distribution: The number of physical partitions allocated within each section of thephysical volume: outer edge, outer middle, center, inner middle, and inner edge of the

physical volume

7/23/2019 AN121STUD


Student Notebook




Figure 8-27. Show LV characteristics (2 of 2) AN121.1

Notes:

The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP

number 1 for datalv, is mapped to physical partition number 104 on hdisk2 , and is also

mirrored to the same physical partition number on hdisk3 .


IBM Power Systems

Show LV characteristics (2 of 2)

# lslv -m datalv

datalv:N/A

LP PP1 PV1 PP2 PV2 PP3 PV3

0001 0104 hdisk2 0104 hdisk3

0002 0105 hdisk2 0105 hdisk3

0003 0106 hdisk2 0106 hdisk3

0004 0107 hdisk2 0107 hdisk3

0005 0108 hdisk2 0108 hdisk3

0006 0109 hdisk2 0109 hdisk3

0007 0110 hdisk2 0110 hdisk3

0008 0111 hdisk2 0111 hdisk3

0009 0112 hdisk2 0112 hdisk3

0010 0113 hdisk2 0113 hdisk3

# lslv -m datalvdatalv:N/A

LP PP1 PV1 PP2 PV2 PP3 PV3

0001 0104 hdisk2 0104 hdisk3

0002 0105 hdisk2 0105 hdisk3

0003 0106 hdisk2 0106 hdisk3

0004 0107 hdisk2 0107 hdisk3

0005 0108 hdisk2 0108 hdisk3

0006 0109 hdisk2 0109 hdisk3

0007 0110 hdisk2 0110 hdisk3

0008 0111 hdisk2 0111 hdisk3

0009 0112 hdisk2 0112 hdisk3

0010 0113 hdisk2 0113 hdisk3

• Show LP to PP relationship on disks

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-28. Add copies to a logical volume AN121.1

Notes:

Adding a copy of a logical volume

The mklvcopy command is used to add up to three copies to a logical volume. Specify the

logical volume to change and the total number of copies wanted. This only succeeds ifthere are enough physical partitions to satisfy the requirements on the physical volumes

that are specified to be used. That is, if all copies are to be on different physical volumes.Once a logical volume has been created, striping cannot be imposed or removed.

Synchronizing a mirrored logical volume

Also, in order for the copies to match, the logical volume has to be synchronized using the

syncvg command. This can be done with the -k option when the copy is originally started.It can be done later, using the syncvg command.


IBM Power Systems

Add copies to a logical volume

# smit mklvcopy

Add Copies to a Logical Volume



[Entry Fields]

* LOGICAL VOLUME name datalv

* NEW TOTAL number of logical partition 3 +

copies

PHYSICAL VOLUME names [hdisk4] +



MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #to use for allocation


on a SEPARATE physical volume?


SYNCHRONIZE the data in the new yes +

logical partition copies?

Add Copies to a Logical Volume



[Entry Fields]


* NEW TOTAL number of logical partition 3 +

copies




MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #to use for allocation




SYNCHRONIZE the data in the new yes +

logical partition copies?

mklvcopy -k datalv 3 hdisk4

7/23/2019 AN121STUD


Student Notebook




Removing a copy of a logical volume

The rmlvcopy command is used to reduce the total number of copies for a logical volume.Specify the total number wanted. For example, two if you are reducing the number of

copies from three to two. The rmlvcopy command allows you to specify which disk toremove the copy from.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-29. Increasing the size of a logical volume AN121.1

Notes:

The extendlv command increases the number of logical partitions allocated to the

LogicalVolume, by allocating the number of additional logical partitions represented by the

Partitions parameter. The LogicalVolume parameter can be a logical volume name or alogical volume ID. To limit the allocation to specific physical volumes, use the names of one

or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physicalvolumes in a volume group are available for allocating new physical partitions.

The default maximum number of partitions for a logical volume is 512. Before extending a

logical volume to more than 512 logical partitions, use the chlv command to increase thedefault value.

The default allocation policy is to use a minimum number of physical volumes per logicalvolume copy, to place the physical partitions belonging to a copy as contiguously as

possible, and then to place the physical partitions in the requested region specified by the-a flag. Also by default, each copy of a logical partition is placed on a separate physical

volume.


IBM Power Systems

Increasing the size of a logical volume

# smit extendlv

Increase the Size of a Logical Volume



[Entry Fields]


* Number of ADDITIONAL logical partitions [20] #

PHYSICAL VOLUME names [] +



MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #

to use for allocationAllocate each logical partition copy yes +



Increase the Size of a Logical Volume



[Entry Fields]


* Number of ADDITIONAL logical partitions [20] #




MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #

to use for allocationAllocate each logical partition copy yes +



extendlv datalv 20

7/23/2019 AN121STUD


Student Notebook




Figure 8-30. Remove a logical volume AN121.1

Notes:

The rmlv command removes logical volumes, and in the process, destroys all data.

The LogicalVolume parameter can be a logical volume name or logical volume ID. The

logical volume first must be closed. If the volume group is varied on in concurrent mode,the logical volume must be closed on all the concurrent nodes on which the volume group

is varied on. For example, if the logical volume contains a file system, it must beunmounted. However, removing the logical volume does not notify the operating system

that the file system residing on it has been destroyed.


IBM Power Systems

Remove a logical volume

# smit rmlv




[Entry Fields]

LOGICAL VOLUME name [datalv2] +




[Entry Fields]

LOGICAL VOLUME name [datalv2] +

rmlv –f datalv2

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-31. List all logical volumes by volume group AN121.1

Notes:

From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses

lsvg -o to find out the active volume groups, and then lsvg -il to list the logical volumes

within them. The -i option of lsvg reads the list of volume groups from standard input.


IBM Power Systems

List all logical volumes by volume group

# lsvg -o | lsvg -i –l

datavg:


datalv jfs2 30 90 3 closed/syncd N/A

rootvg:




hd8 jfslog 1 1 1 open/syncd N/A

hd4 jfs 15 15 1 open/syncd /




hd1 jfs 1 1 1 open/syncd /homehd10opt jfs 4 4 1 open/syncd /opt

loglv00 jfs2log 1 1 1 closed/syncd N/A

hd11admin jfs 2 2 1 open/syncd /admin


# lsvg -o | lsvg -i –l

datavg:


datalv jfs2 30 90 3 closed/syncd N/A

rootvg:




hd8 jfslog 1 1 1 open/syncd N/A

hd4 jfs 15 15 1 open/syncd /




hd1 jfs 1 1 1 open/syncd /homehd10opt jfs 4 4 1 open/syncd /opt


hd11admin jfs 2 2 1 open/syncd /admin


7/23/2019 AN121STUD


Student Notebook




Figure 8-32. Mirroring volume groups AN121.1

Notes:

The mirrorvg command takes all the logical volumes on a given volume group and

mirrors those logical volumes. This same functionality may also be accomplished manually

if you execute the mklvcopy command for each individual logical volume in a volumegroup. As with mklvcopy, the target physical drives to be mirrored with data, must already

be members of the volume group.

When mirrorvg is executed, the default behavior of the command requires that the

synchronization of the mirrors must complete before the command returns to the user. If

you wish to avoid the delay, use the –S (background Sync) or -s (disable sync) option.The default value of two copies is always used.

If there are only two disks in the volume group to be mirrored, Keep Quorum Checking

On should be set to no. Otherwise, if a disk were to fail, the entire volume group would go

offline.


IBM Power Systems

Mirroring volume groups

• Mirroring rootvg is very important.




[Entry Fields]

* VOLUME GROUP name rootvg

Mirror sync mode [Foreground] +



partition

Keep Quorum Checking On? no +

Create Exact LV Mapping? no +




[Entry Fields]

* VOLUME GROUP name rootvg

Mirror sync mode [Foreground] +



partition

Keep Quorum Checking On? no +Create Exact LV Mapping? no +

# smit mirrorvgmirrorvg rootvg hdisk1

# bosboot -a -d /dev/hdisk1

# bootlist -m normal hdisk0 hdisk1

# shutdown –Fr (not required with AIX6 and later)

# bosboot -a -d /dev/hdisk1

# bootlist -m normal hdisk0 hdisk1

# shutdown –Fr (not required with AIX6 and later)

Can be used

to mirror

any VG

Additional

steps

required for

rootvg

7/23/2019 AN121STUD


Student Notebook




5.2

empty Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way toachieve this. When mirroring rootvg there are additional steps to perform:

• Create a boot image on the mirrored disk, using bosboot command.

• Add the newly mirrored disk to the bootlist.

• Shut down and reboot the system.

7/23/2019 AN121STUD


Student Notebook




Figure 8-33. Physical volumes AN121.1

Notes:

A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).

Physical partitions (PP) must be the same size across an entire volume group. However,

there may be multiple volume groups on a single system, each with a different PP size.

The limitations for each type of volume group (original, big, and scalable) such as thenumber of physical volumes and size of the physical partitions, was given in the last unit,

System Storage Overview .


IBM Power Systems

Physical volumes

Volume group

• Physical volume (PV) – Hard disk, a virtual disk or a LUN

• Physical partition (PP) – Smallest assignable unit of allocation on a physical disk

1

7

13

19

25

31

35

41

47

2

8

14

20

26

32

36

42

48

34

910

1516

2122

2728

3334

3738

4344

4950

1

7

13

19

25

31

35

41

47

2

8

14

20

26

32

36

42

48

34

910

1516

2122

2728

3334

3738

4344

4950

Physical partitions

PV1 PV2

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-34. SMIT physical volumes menu AN121.1

Notes:

This is the top-level menu for physical volume. Each of these items is discussed in the

following pages.


IBM Power Systems

SMIT physical volumes menu

# smit pv

Physical Volumes


List All Physical Volumes in System

Add a Disk

Change Characteristics of a Physical Volume

List Contents of a Physical Volume

Move Contents of a Physical Volume

Physical Volumes


List All Physical Volumes in System

Add a Disk

Change Characteristics of a Physical Volume

List Contents of a Physical Volume

Move Contents of a Physical Volume

7/23/2019 AN121STUD


Student Notebook




Figure 8-35. List physical volume information AN121.1

Notes:

From the smit pv fastpath, the List all Physical Volumes in System option uses

the undocumented command lspv | /usr/bin/awk {print$1}'' list the physical

volumes in the system.

The lspv command with no parameters can be used to list the physical volume name,

physical volume identifier, and volume group for all physical volumes in the system.

The lspv pvname command gives status information about the physical volume. Themost useful information here is:

• State (active or inactive)

• Number of physical partition copies that are stale (are not up to date with other copies)

• Total number of physical partitions

• Number of free physical partitions

• Distribution of free space on the physical volume


IBM Power Systems

List physical volume information

# lspvhdisk0 00cf2e7ff02c5fc4 rootvg active

hdisk1 00cf2e7f713ca357 None

hdisk2 00cf2e7fea693331 datavg active

hdisk3 00cf2e7fea6a26e0 datavg active

hdisk4 00cf2e7fea6a318 datavg active

# lspv

hdisk0 00cf2e7ff02c5fc4 rootvg activehdisk1 00cf2e7f713ca357 None

hdisk2 00cf2e7fea693331 datavg active

hdisk3 00cf2e7fea6a26e0 datavg active

hdisk4 00cf2e7fea6a318 datavg active

# lspv hdisk3

PHYSICAL VOLUME: hdisk3 VOLUME GROUP: datavg

PV IDENTIFIER: 00cf2e7fea6a26e0

VG IDENTIFIER 00cf2e7f00004c000000011d68130bea

PV STATE: active

STALE PARTITIONS: 0 ALLOCATABLE: yes

PP SIZE: 4 megabyte(s) LOGICAL VOLUMES: 1

TOTAL PPs: 511 (2044 megabytes) VG DESCRIPTORS: 1

FREE PPs: 481 (1924 megabytes) HOT SPARE: no

USED PPs: 30 (120 megabytes) MAX REQUEST: 256K

FREE DISTRIBUTION: 103..72..102..102..102

USED DISTRIBUTION: 00..30..00..00..00

# lspv hdisk3

PHYSICAL VOLUME: hdisk3 VOLUME GROUP: datavg

PV IDENTIFIER: 00cf2e7fea6a26e0

VG IDENTIFIER 00cf2e7f00004c000000011d68130beaPV STATE: active

STALE PARTITIONS: 0 ALLOCATABLE: yes

PP SIZE: 4 megabyte(s) LOGICAL VOLUMES: 1

TOTAL PPs: 511 (2044 megabytes) VG DESCRIPTORS: 1

FREE PPs: 481 (1924 megabytes) HOT SPARE: no

USED PPs: 30 (120 megabytes) MAX REQUEST: 256K

FREE DISTRIBUTION: 103..72..102..102..102

USED DISTRIBUTION: 00..30..00..00..00

• List all physical volumes in the system.

• List the attributes of a PV.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-36. List logical volumes on a physical volume AN121.1

Notes:

The lspv -l pvname command lists all the logical volumes on a physical volume

including the number of logical partitions, physical partitions, and distributions on the disk.


IBM Power Systems

List logical volumes on a physical volume

# lspv -l hdisk0

hdisk0:LV NAME LPs PPs DISTRIBUTION MOUNT POINT

hd2 35 35 00..00..03..20..12 /usr

hd9var 5 5 00..05..00..00..00 /var

hd8 1 1 00..00..01..00..00 N/A

hd4 15 15 00..00..15..00..00 /

hd5 1 1 01..00..00..00..00 N/A

hd6 8 8 00..08..00..00..00 N/A

hd10opt 4 4 04..00..00..00..00 /opt

hd3 3 3 00..03..00..00..00 /tmp

hd1 1 1 00..01..00..00..00 /home

hd11admin 2 2 00..02..00..00..00 /admin

fslv00 2 2 02..00..00..00..00 /db2

loglv00 1 1 00..01..00..00..00 N/A

# lspv -l hdisk0

hdisk0:

LV NAME LPs PPs DISTRIBUTION MOUNT POINT

hd2 35 35 00..00..03..20..12 /usr

hd9var 5 5 00..05..00..00..00 /var

hd8 1 1 00..00..01..00..00 N/A

hd4 15 15 00..00..15..00..00 /

hd5 1 1 01..00..00..00..00 N/A

hd6 8 8 00..08..00..00..00 N/A

hd10opt 4 4 04..00..00..00..00 /opt

hd3 3 3 00..03..00..00..00 /tmp

hd1 1 1 00..01..00..00..00 /home

hd11admin 2 2 00..02..00..00..00 /admin

fslv00 2 2 02..00..00..00..00 /db2

loglv00 1 1 00..01..00..00..00 N/A

7/23/2019 AN121STUD


Student Notebook




Figure 8-37. List a physical volume partition map AN121.1

Notes:

The lspv -p pvname command lists all the logical volumes on a disk, and the physical

partitions to which its logical partitions are mapped. It is listed in physical partition order and

shows what partitions are free and which are used, as well as the location; that is, center,outer middle, outer edge, inner edge, and inner middle.


IBM Power Systems

List a physical volume partition map

# lspv -p hdisk0

hdisk0:PP RANGE STATE REGION LV NAME TYPE MOUNT POINT

1-1 used outer edge hd5 boot N/A

2-14 free outer edge

15-16 used outer edge fslv00 jfs2 /db2

17-20 used outer edge hd10opt jfs2 /opt

21-28 used outer middle hd6 paging N/A

29-29 used outer middle loglv00 jfs2log N/A

30-31 used outer middle hd11admin jfs2 /admin

32-32 used outer middle hd1 jfs2 /home

33-35 used outer middle hd3 jfs2 /tmp

36-40 used outer middle hd9var jfs2 /var

41-41 used center hd8 jfslog N/A

42-56 used center hd4 jfs2 /

57-59 used center hd2 jfs2 /usr

60-79 used inner middle hd2 jfs2 /usr

80-91 used inner edge hd2 jfs2 /usr

92-99 free inner edge

# lspv -p hdisk0

hdisk0:

PP RANGE STATE REGION LV NAME TYPE MOUNT POINT

1-1 used outer edge hd5 boot N/A

2-14 free outer edge

15-16 used outer edge fslv00 jfs2 /db2

17-20 used outer edge hd10opt jfs2 /opt

21-28 used outer middle hd6 paging N/A

29-29 used outer middle loglv00 jfs2log N/A

30-31 used outer middle hd11admin jfs2 /admin

32-32 used outer middle hd1 jfs2 /home

33-35 used outer middle hd3 jfs2 /tmp

36-40 used outer middle hd9var jfs2 /var

41-41 used center hd8 jfslog N/A

42-56 used center hd4 jfs2 /57-59 used center hd2 jfs2 /usr

60-79 used inner middle hd2 jfs2 /usr

80-91 used inner edge hd2 jfs2 /usr

92-99 free inner edge

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 8-38. Add or move contents of physical volumes AN121.1

Notes:

Although there is an option in SMIT to add a physical volume to the system SMIT >

Devices > Add a Disk, in reality the use of this function is not required. Today,

virtually all disks can be configured to AIX using the configuration manager (cfgmgr).

Preparation to remove a physical device

The migratepv command can be used to move all partitions, or partitions from a

selected logical volume, from one physical volume, to one or more other physicalvolumes in the same volume group. This would be used if the physical volume is about

to be taken out of service and removed from the machine or to balance disk usage.


IBM Power Systems

Add or move contents of physical volumes

• Today, virtually all disks are configured to AIX throughconfiguration manager (cfgmgr).

• Move the contents of a physical volume:

migratepv [ -l lvname ] sourcePV targetPV ..

# migratepv -l lv02 hdisk0 hdisk6# migratepv -l lv02 hdisk0 hdisk6

7/23/2019 AN121STUD


Student Notebook




Figure 8-39. Documenting the disk storage setup AN121.1

Notes:

It is important to have your storage information readily available in case you have a

problem with your system, or in the very worst case, a system crashes. The commands in

the visual help you to get this information.


IBM Power Systems

Documenting the disk storage setup

• List the volume groups:

# lsvg

• List the disks on the system (PVID and volume group):

# lspv

• List which logical volumes are contained in each volumegroup:

# lsvg -l vgname

• List the logical volumes on each disk:

# lspv -l pvname

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. True or False: A logical volume can span more than onephysical volume.

2. True or False: A logical volume can span more than onevolume group.

3. True or False: The contents of a physical volume can bedivided between two volume groups.

4. True or False: If mirroring logical volumes, it is not necessaryto perform a backup.

5. True or False: SMIT can be used to easily increase or decreasethe size of an enhanced JFS filesystem.

6. True or False: Striping can be combined with mirroring toprovide increased performance and availability.

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 8

Working with LVM

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary


• Explain how to work with the Logical Volume Manager • Add, change, and delete:

– Volume groups – Logical volumes – Physical volumes

• Describe essential LVM concepts, such as:

– Mirroring – Striping

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 9. File systems administration 9-1

5.2

empty Unit 9. File systems administration


This unit covers important concepts and procedures related to AIX file

systems.



• Identify the components of an AIX file system

• Work with enhanced Journaled file systems

• Add, list, change, and delete

• Monitor file system disk space usage • Manage file system growth and control growing files

• Implement basic file system integrity checks


Accountability:

• Checkpoint questions• Exercise

References

Online AIX Version 6.1 Operating system and device

management

AIX Version 6.1 File Reference





7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives

After completing this unit, you should be able to:• Identify the components of an AIX file system• Work with enhanced Journaled file systems

– Add, list, change, and delete

• Monitor file system disk space usage• Manage file system growth and control growing files• Implement basic file system integrity checks

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-2. Journaled file system support in AIX AN121.1

Notes:

Journaled File Systems (JFS)

JFS was developed for transaction-oriented, high performance Power Systems. JFS is

both saleable and robust. One of the key features of the file system is logging. JFS is arecoverable file system, which ensures that if the system fails during power outage, or

system crash, no file system transactions will be left in an inconsistent state.

Migration

JFS file systems can co-exist on the same system with JFS2 file systems. However, to fullyutilize the JFS2 features, the following steps are necessary:

1. Backup JFS file system data.

2. Create new JFS2 file systems.

3. Restore JFS file system data to new JFS2 file systems.


IBM Power Systems

Journaled file system support in AIX

• Two types supported: – Journaled File System (JFS) – Enhanced JFS, commonly referred to as JFS2

• JFS is the original AIX file system.• JFS2 was introduced in AIX 5.1 and is now the default file

system (since AIX 5.3).• Journaling:

– Before writing actual data, a journaling file system logs the metadatato a circular JFS log on disk.

– In the event of an OS crash, journaling restores consistency by

processing the information in the JFS log file.• There is no migration path from JFS to JFS2.

– Conversion can only be achieved through backup and restore.

7/23/2019 AN121STUD


Student Notebook




Figure 9-3. Advantages of enhanced JFS (JFS2) AN121.1

Notes:

JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased

performance and flexibility when compared to its predecessor, JFS.

JFS filesystems:

• Cannot be dynamically decreased

• Can only support large files, greater than 2GB, if created in a special large enabledfilesystem

- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2 • Only support external JFS logging

• Have no support for data encryption or snapshots. A snapshot is a point-in-time image,like a photograph, of a JFS2 file system


IBM Power Systems

Advantages of enhanced JFS (JFS2)

• Increased performance• Increased flexibility

– Filesystems can be dynamically increased and decreased. – Support for larger enabled filesystems – Internal or external JFS logging – Data encryption – Support for snapshots

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-4. JFS2 structural components AN121.1

Notes:

Superblock

The first addressable logical block on the file system is the superblock. The superblock

contains information such as the file system name, size, number of inodes, and date/timeof creation. The superblock is critical to the file system and, if corrupted, prevents the file

system from mounting. For this reason, a backup copy of the superblock is always writtenin block 31.

Inodes

Each file and directory has an associated i-node which contains metadata such as

ownership and access times. JFS2 allocates i-nodes, as required.

Data blocks

An individual file within a file system, by default, has units allocated to it in blocks of 4096bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A smaller

block size uses less disk space for small files, but may degrade performance. Some AIX


IBM Power Systems

JFS2 structural components

• Superblock – The superblock maintains information about the entire file

system.• i-nodes

– Each file and directory has an i-node that contains accessinformation such as file type, access permissions, owner's ID,and number of links to that file.

• Data blocks – Contains file data – Each file system has a user settable fixed block size attribute

• 512, 1024, 2048, or 4096 bytes

• Allocation maps – Record the location and allocation of all i-nodes and theallocation state of each data block.

• Allocation groups – Responsible for dividing the file system space into chunks so

related data blocks and i-nodes can be clustered together toachieve good locality

7/23/2019 AN121STUD


Student Notebook




commands often report file sizes in units of 512 bytes, to remain compatible with otherUNIX file systems. This is independent of the actual unit of allocation.

Allocation maps

A JFS2 file system has two allocation maps:

• The i-node allocation map records the location and allocation of all i-nodes in the file

system.• The block allocation map records the allocation state of each file system block.

Allocation groups

Allocation groups divide the space on a file system into chunks. Allocation groups allow

JFS2 allocation policies to use well-known methods for achieving optimum I/Operformance. The allocation policies try to cluster related disk blocks and disk i-nodes to

achieve good locality for the disk, as files are often read and written sequentially, and thefiles within a directory are often accessed together.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-5. Listing i-node and block size information AN121.1

Notes:

The istat command can be used to display the i-node information for a particular file or

directory. You can specify the file either by providing a file or directory name, or by

providing an i-node number using the –i flag. I-node numbers can be discovered using the –i flag with the ls command.

The file system block size information can be discovered using the lsfs command.


IBM Power Systems

Listing i-node and block size information

• To view i-node information:

• To view file system block size information:

# ls -litotal 3

12309 -rw-r----- 1 adminusr security 119 12 Feb 19:43 datafile1

12307 -rwxr----- 1 adminusr security 254 27 Jan 18:19 .profile

12308 -rw------- 1 adminusr security 156 28 Jan 14:31 .sh_history

# istat datafile1Inode 12309 on device 10/8 File

Protection: rw-r-----

Owner: 211(adminusr) Group: 7(security)

Link count: 1 Length 119 bytes

Last updated: Thu 12 Feb 19:44:09 2009

Last modified: Thu 12 Feb 19:43:42 2009

Last accessed: Thu 12 Feb 19:43:42 2009

# ls -litotal 312309 -rw-r----- 1 adminusr security 119 12 Feb 19:43 datafile1

12307 -rwxr----- 1 adminusr security 254 27 Jan 18:19 .profile

12308 -rw------- 1 adminusr security 156 28 Jan 14:31 .sh_history

# istat datafile1Inode 12309 on device 10/8 File

Protection: rw-r-----

Owner: 211(adminusr) Group: 7(security)

Link count: 1 Length 119 bytes

Last updated: Thu 12 Feb 19:44:09 2009

Last modified: Thu 12 Feb 19:43:42 2009

Last accessed: Thu 12 Feb 19:43:42 2009

# lsfs –cq /data#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct

/data:/dev/fslv00:jfs2:::204800:rw:no:no

(lv size 204800:fs size 204800:block size 4096

# lsfs –cq /data#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct

/data:/dev/fslv00:jfs2:::204800:rw:no:no

(lv size 204800:fs size 204800:block size 4096

i-node

number

Block size.

(Some output

removed for

clarity.)

7/23/2019 AN121STUD


Student Notebook




Figure 9-6. Creating a JFS2 file system (1 of 2) AN121.1

Notes:

The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume

group: datavg. The creation is done by the crfs command.

In this example, the crfs command will create a file system on a new logical volume,within a previously created volume group. An entry for the file system is put into the

/etc/filesystems file.

For further information, see the crfs man page.


IBM Power Systems

Creating a JFS2 file system (1 of 2)

# smit crfs_j2

Add an Enhanced Journaled File System

[Entry Fields]

Volume group name datavg

SIZE of file system

Unit Size Gigabytes +

* Number of units [1] #

* MOUNT POINT [/data]

Mount AUTOMATICALLY at system restart? No +

PERMISSIONS read/write +

Mount OPTIONS [] +

Block Size (bytes) 4096 +

Logical Volume for Log +

Inline Log size (MBytes) [] #

Extended Attribute Format +

ENABLE Quota Management? no +

Enable EFS? no +

Allow internal snapshots? no +


[Entry Fields]

Volume group name datavg

SIZE of file system


* Number of units [1] #

* MOUNT POINT [/data]

Mount AUTOMATICALLY at system restart? No +


Mount OPTIONS [] +Block Size (bytes) 4096 +


Inline Log size (MBytes) [] #

Extended Attribute Format +


Enable EFS? no +

Allow internal snapshots? no +

# crfs -v jfs2 -g datavg -a size=1G –m /data

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-7. Creating a JFS2 file system (2 of 2) AN121.1

Notes:

The visual shows the actual creation of the /data file system shown in the previous slide.

The lsfs command can be used to display the characteristics of the file system.

Prior to the creation of the file system, the contents of the datavg volume group wereempty. We can see two logical volumes created, loglv and fslv00. The loglv volume acts

as the JFS log for both the /data file system and by default any other file systems that willbe created. In creating a file system this way the underlying logical volume is created using

default options. Often it is preferable to first create the logical volume (using custom values)

and then create the file system on top. We shall see this procedure later in the unit.


IBM Power Systems

Creating a JFS2 file system (2 of 2)

# crfs -v jfs2 -g datavg -a size=1G -m /data

File system created successfully.

1048340 kilobytes total disk space.

New File System size is 2097152

# lsfs /data

Name Nodename Mount Pt VFS Size Options Auto

/dev/fslv00 -- /data jfs2 2097152 -- no

# lsvg -l datavg

datavg:LV NAME TYPE LPs PPs PVs LV STATE MOUNT

POINT


fslv00 jfs2 256 256 1 closed/syncd /data

# crfs -v jfs2 -g datavg -a size=1G -m /data

File system created successfully.

1048340 kilobytes total disk space.

New File System size is 2097152

# lsfs /data

Name Nodename Mount Pt VFS Size Options Auto

/dev/fslv00 -- /data jfs2 2097152 -- no

# lsvg -l datavg

datavg:

LV NAME TYPE LPs PPs PVs LV STATE MOUNTPOINT


fslv00 jfs2 256 256 1 closed/syncd /data

JFS log automatically

created, 1 LP in size

(if one does not already

exist) for the VG.

• When the file system is created, the lsfs command will displaythe characteristics of the file system.

7/23/2019 AN121STUD


Student Notebook




Figure 9-8. Mounting a file system and the /etc/filesystems file AN121.1

Notes:

Upon creation of a file system, a stanza in appended to the /etc/filesystems file.

The stanza includes:

• The device (dev) which is the underlying logical volume

• The virtual file system type (vfs)

• The path to the JFS log device (log)

• Whether the file system should be mounted at system start time (mount) and processed

by the AIX accounting system (account).Before the filesystem can be used it must first be mounted, using the mount command. As

there is a stanza in the /etc/filesystems file, the only parameter required is the name of thefile system. The mount command with no options, will display all file systems which are

currently mounted and available for use.


IBM Power Systems

Mounting a file system and the /etc/filesystems file

• When a file system is created, the device and mount pointinformation is stored in the /etc/filesystems file.

# grep -p /data /etc/filesystems

/data:

dev = /dev/fslv00

vfs = jfs2

log = /dev/loglv00

mount = false

account = false

# grep -p /data /etc/filesystems

/data:

dev = /dev/fslv00

vfs = jfs2

log = /dev/loglv00

mount = false

account = false

# mount /data

# mount |egrep '(/data|node)'

node mounted mounted over vfs date options

/dev/fslv00 /data jfs2 13 Feb 10:32 rw,log=/dev/loglv00

# mount /data

# mount |egrep '(/data|node)'

node mounted mounted over vfs date options

/dev/fslv00 /data jfs2 13 Feb 10:32 rw,log=/dev/loglv00

The mount command reads the

stanza in the

/etc/filesystems file, so

only the mount point is

required.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-9. JFS2 logging options AN121.1

Notes:

As we have seen by default, a JFS log file is created when the first file system is created in

a volume group. This JFS log will act as the global logging device for all file systems,

unless:

• A specific external log is created for each file systems in the volume group. This

approach has several advantages. It will aide performance and availability. If thelogging device were to become corrupt, it would only affect the associated file system.

• The JFS log device is internal to the filesystem (inline). This saves time having to

create, format, and manage a separate JFS log volume. Inline logging is only availablewith JFS2 file systems.


IBM Power Systems

JFS2 logging options

• For JFS2 file systems, there are three logging options: – Use the global JFS log for the volume group. – Create a specific JFS log for each file system.

• 1 LP in size• Format the log using the logform command.

– Create an inline log inside the file system.• 0.4% of the file system space will be reserved for this option.

# mklv –y my_jfs2_log –t jfs2log datavg 1

# logform /dev/my_jfs2_log

logform: destroy /dev/rmy_jfs2_log (y)?y

# crfs -v jfs2 -g datavg -a size=1G -m /data -a logname=my_jfs2_log

# mklv –y my_jfs2_log –t jfs2log datavg 1

# logform /dev/my_jfs2_log

logform: destroy /dev/rmy_jfs2_log (y)?y

# crfs -v jfs2 -g datavg -a size=1G -m /data -a logname=my_jfs2_log

# crfs -v jfs2 -g datavg -a size=1G -m /data -a logname=INLINE /

-a logsize=<value in MB>

# crfs -v jfs2 -g datavg -a size=1G -m /data -a logname=INLINE /

-a logsize=<value in MB>

7/23/2019 AN121STUD


Student Notebook




Figure 9-10. Creating a file system on a previously defined logical volume AN121.1

Notes:

Adding a file system to a previously created logical volume provides greater control over

where the file system will reside on disk and provides options for availability and

performance. When creating file systems in highly available environments (for example,using PowerHA or Veritas Cluster Services), one should always follow this method. On

creation, the size of the filesystem is set to the size of the logical volume. For example, ifthe PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then

the size of the file system would be (4 x 64MB) 256MB.

After the file system is created:• If the logical volume is expanded, the size of the file system is not increased.

• The underlying logical volume policies can be dynamically changed. However, there will

be a performance hit, especially for large file systems.


IBM Power Systems

Creating a file system on a previously defined logicalvolume

# smit crfs_j2


[Entry Fields]

* LOGICAL VOLUME name lv_for_data +

* MOUNT POINT [/data2]

Mount AUTOMATICALLY at system restart? yes +


Mount OPTIONS [] +



Inline Log size (MBytes) [] #Extended Attribute Format +


Enable EFS? no +

Allow internal snapshots? No +


[Entry Fields]

* LOGICAL VOLUME name lv_for_data +

* MOUNT POINT [/data2]

Mount AUTOMATICALLY at system restart? yes +


Mount OPTIONS [] +



Inline Log size (MBytes) [] #Extended Attribute Format +


Enable EFS? no +

Allow internal snapshots? No +

# crfs -v jfs2 –d lv_for_data –m /data2 –A yes

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-11. Changing the size of a JFS2 file system AN121.1

Notes:

JFS2 file systems can be dynamically increased or decreased in size (subject to available

space and LVM rules). You can either choose to increase or decrease by a set amount,

using + or – options respectively, or by providing a specific set number, as shown in theSMIT example.


IBM Power Systems

Changing the size of a JFS2 file system

• To increase the size of a file system:

• To shrink the size of a file system:

• Using SMIT: # smit chjfs2

# chfs -a size=+1G /data2

Filesystem size changed to 2179072

# chfs -a size=+1G /data2


# chfs -a size=-500M /data2


# chfs -a size=-500M /data2


Change / Show Characteristics of an Enhanced Journaled File System

[Entry Fields]

File system name /data2

NEW mount point [/data2]

SIZE of file system


Number of units [10] #

Note: Advanced options removed.

Change / Show Characteristics of an Enhanced Journaled File System

[Entry Fields]File system name /data2

NEW mount point [/data2]

SIZE of file system


Number of units [10] #

Note: Advanced options removed.

7/23/2019 AN121STUD


Student Notebook




Figure 9-12. Removing a JFS2 file system AN121.1

Notes:

Ways to remove a file system

The rmfs command or SMIT can be used to remove a file system.

Restrictions

In order to remove a file system, it must be unmounted from the overall file tree, and this

cannot be done if the file system is in use, that is, some user or process is using the filesystem or has it as a current directory.

Effects of using rmfs commandThe rmfs command removes any information for the file system from the ODM and

/etc/filesystems. When the file system is removed, the logical volume on which it residesis also removed.


IBM Power Systems

Removing a JFS2 file system

Remove an Enhanced Journaled File System

[Entry Fields]

* FILE SYSTEM name /data2 +

Remove Mount Point no +

Remove an Enhanced Journaled File System

[Entry Fields]

* FILE SYSTEM name /data2 +

Remove Mount Point no +

# rmfs /data2

• The file system must first be unmounted.

• Using SMIT: # smitty rmfs2

7/23/2019 AN121STUD


Student Notebook




5.2

empty Syntax

The syntax of the rmfs command is:

rmfs [-r] [-i] FileSystem

• r Removes the mountpoint of the file system

• i Displays warning and prompts the user before removing the file system

7/23/2019 AN121STUD


Student Notebook




Figure 9-13. File system space management AN121.1

Notes:

The Resource Monitoring and Control (RMC) subsystem

You can also use the Resource Monitoring and Control (RMC) subsystem that is based on

the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based SystemManager can be used to configure RMC. The ctrmc subsystem is started in the

/etc/inittab. RMC is outside the scope of the course.


IBM Power Systems

File system space management

• File systems expand upon notice, not automatically.

• To keep from running into problems: – Monitor file system growth

– Determine causes

– Control growing files

– Manage file system space usage

– Control user disk usage

– Block size considerations

– Fragmentation considerations

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-14. Listing file system utilization AN121.1

Notes:

Importance of the df command

The df command lists the free space on all mounted file systems.

This is an important command to know about and use frequently. If you run out of space in

a file system (especially / or / tmp), system corruption could occur.

Useful df command flags

A number of flags (options) can be used with the df command. Some of the most useful of

these flags are shown below:-i Displays the number of free and used i-nodes for the file system; this output is

the default when the specified file system is mounted-I Displays information on the total number of blocks, the used space, the free

space, the percentage of used space, and the mount point for the file system-k Displays statistics in units of 1024-byte blocks

-m Displays statistics in units of MB blocks-g Displays statistics in units of GB blocks


IBM Power Systems

Listing file system utilization

• The df command displays information about total space andavailable space on a file system.

# df [-k] [-m] [-g]

# df -g

Filesystem GB blocks Free %Used Iused %Iused Mounted on

/dev/hd4 1.44 1.10 24% 9896 2% /

/dev/hd2 2.50 0.10 97% 49616 8% /usr

/dev/hd9var 0.31 0.24 25% 1308 2% /var

/dev/hd3 0.12 0.12 6% 128 1% /tmp

/proc - - - - - /proc

/dev/hd10opt 0.25 0.03 88% 4567 7% /opt/dev/fslv00 8.00 1.40 83% 6888 3% /export

/dev/fslv01 9.00 2.33 75% 4059 1% /aix

/dev/lv00 0.12 0.12 4% 20 1% /audit

/dev/hd11admin 0.12 0.12 4% 18 1% /admin

/dev/hd1 0.62 0.16 75% 270 1% /home

grumpy:/nimback 25.00 3.26 87% 9 1% /mnt

# df -g

Filesystem GB blocks Free %Used Iused %Iused Mounted on

/dev/hd4 1.44 1.10 24% 9896 2% /

/dev/hd2 2.50 0.10 97% 49616 8% /usr

/dev/hd9var 0.31 0.24 25% 1308 2% /var

/dev/hd3 0.12 0.12 6% 128 1% /tmp

/proc - - - - - /proc

/dev/hd10opt 0.25 0.03 88% 4567 7% /opt

/dev/fslv00 8.00 1.40 83% 6888 3% /export

/dev/fslv01 9.00 2.33 75% 4059 1% /aix

/dev/lv00 0.12 0.12 4% 20 1% /audit

/dev/hd11admin 0.12 0.12 4% 18 1% /admin

/dev/hd1 0.62 0.16 75% 270 1% /home

grumpy:/nimback 25.00 3.26 87% 9 1% /mnt

7/23/2019 AN121STUD


Student Notebook




Figure 9-15. Monitoring file system growth AN121.1

Notes:

The need to monitor file system growth

Although AIX provides for dynamic expansion of a file system, it does not expand the file

system on the fly. The system administrator must continually monitor file system growthand expand file systems as required before they get full. If a file system becomes 100% full,

then the users receive out of space messages when they try to extend files.

Regular use of the df command

One useful technique is to run the df command through cron, the job scheduler, to performa regular check of the space available in the file system and produce a report. cron is

covered in a later unit.


IBM Power Systems

Monitoring file system growth

• A simple script using the df command, which can be run at

regular intervals to warn against file systems becoming full

#!/bin/ksh

df | egrep -v '(used|proc)' | awk '{print $4" "$7}' \

| sed 's:%::g' | while read LINE

do

PERC=ècho $LINE | awk '{print $1}'`

FILESYSTEM=ècho $LINE | awk '{print $2}'`

if [ $PERC -gt 70 ]

then

mail -s "Filesystem check on box: `hostname`" \[email protected] << EOF

$FILESYSTEM is $PERC% full, please check

EOF

fi

done

#!/bin/ksh

df | egrep -v '(used|proc)' | awk '{print $4" "$7}' \

| sed 's:%::g' | while read LINE

do

PERC=ècho $LINE | awk '{print $1}'`

FILESYSTEM=ècho $LINE | awk '{print $2}'`

if [ $PERC -gt 70 ]

then

mail -s "Filesystem check on box: `hostname`" \[email protected] << EOF

$FILESYSTEM is $PERC% full, please check

EOF

fi

done

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-16. Listing disk usage AN121.1

Notes:

Use of the du command

There may be a number of files or users that are causing the increased use of space in a

particular file system. The du command helps to determine which files, users, or both, arecausing the problem.

Specifying the units du should use

By default, du gives size information in 512-byte blocks. Use the -k option to display sizes

in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option todisplay sizes in 1 GB units.

Specifying output by file

By default, du gives information by directory. With the -a option, output is displayed by file,

rather than by directory.


IBM Power Systems

Listing disk usage

• The du command lists the number of blocks used by a file or adirectory.

/export # du -sg .

6.59 .

/export # du gethmc.sh

8 FirstBoot.sh

/export # du –sm * | sort -rn

2131.16 mksysbaix53

1846.36 mksysbaix61

1373.11 mksysbaix61.light

248.52 spot0.01 nim

0.01 bosinst.data

0.00 FirstBoot.sh

0.00 BUILD.sh

/export # du -sg .

6.59 .

/export # du gethmc.sh

8 FirstBoot.sh

/export # du –sm * | sort -rn

2131.16 mksysbaix53

1846.36 mksysbaix61

1373.11 mksysbaix61.light

248.52 spot0.01 nim

0.01 bosinst.data

0.00 FirstBoot.sh

0.00 BUILD.sh

7/23/2019 AN121STUD


Student Notebook




Using du in conjunction with sort

If the output of du is sorted numerically and in descending order (using the -n and –r flagsof the sort command) by the value in the first column, this output can be an aid in

determining which files/directories are the largest. Then using an ls -l, you can determinethe file/directory's owner.

The -x flag

The -x flag/option is also very useful. When you use du -ax, the report only showsinformation from the specified file system. This is the best way to determine what file is

filling a particular file system.

Using the find command to locate large files

The find command is useful for locating files that are over a certain size. For example, tofind all files that contain more than 1 000 000 characters, and then list them, use the

following command:

# find / -size +1000000c -exec ls -l {} ;

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-17. Control growing files AN121.1

Notes:

Managing files that grow

Growing files should be monitored and cleaned out periodically. Some of the files that grow

are listed on the visual.

Records of login activity

The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are neededbecause they contain historical data regarding login activity. Thus, these files should

always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp iskept to a reasonable size. If accounting is not turned on, to capture the data to archive it,

use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to asave file. Then, the log file can be purged by overwriting it with a null string. Two ways of

overwriting a log file in this way are illustrated in the following examples:

Example 1:

# cat /dev/null > /var/adm/wtmp


IBM Power Systems

Control growing files

• /var/adm/wtmp

• /etc/security/failedlogin

• /var/adm/sulog

• /var/spool/*/*• /var/tmp/*

• $HOME/smit*

• $HOME/websm*

7/23/2019 AN121STUD


Student Notebook




Example 2:

# > /etc/security/failedlogin

The file /var/adm/sulog can be edited directly.

The /var/spool directory

The directory / var / spool contains cron entries, the mail, and other items that grow on an

ongoing basis, along with printer files. If there is a problem with the printer files, you can tryto clear the queuing subsystem by executing the following commands:

stopsrc -s qdaemon

rm /var/spool/lpd/qdir/*

rm /var/spool/lpd/stat/*

rm /var/spool/qdaemon/*

startsrc -s qdaemon

Records of SMIT and Web-based System Manager activityFiles such as smit.log and websm.log in the home directory of the root user, and othersystem administration accounts, can also become quite large. These files need to be

monitored regularly and managed appropriately.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-18. The skulker command AN121.1

Notes:

Function of the skulker command

The shell script /usr/sbin/skulker includes a series of entries containing commands that

remove unwanted or obsolete files of various types. To analyze the commands that areexecuted by each entry, print out or view the contents of the /usr/sbin/skulker file.

Concerns related to skulker

A particular version of skulker is suited to the operating system and level with which it was

distributed. If the operating system has been upgraded or modified, it may be inadvisable to

use an old version of skulker. In addition, the skulker shell script is moderately complex.

When making modifications, you should make a copy of the shell script first - just in case!

Note that if skulker is modified, or if it is used on the incorrect version of the operatingsystem, it ceases to be a supported component of AIX.

Note: The skulker is disabled by default.


IBM Power Systems

The skulker command

• The skulker command cleans up file systems by removing

unwanted or obsolete files.

• Candidate files include:

– Files older than a selected age

– Files in the /tmp, /var/spool, /var/tmp, /var/news directories

– a.out, *.bak, core, ed.hup files

•skulker is normally invoked daily by the cron command as

part of the crontab file of the root user. – Disabled by default

• Modify the skulker shell script to suit local needs for the

removal of files.

– Test carefully !!

7/23/2019 AN121STUD


Student Notebook




Figure 9-19. Block size considerations AN121.1

Notes:

Benefits of a small block size

In JFS, as many whole blocks as necessary are used to store a file or directory's data.

Consider that we have chosen to use a block size of 4 KB, and we are attempting to storefile data which only partially fills a block. Potentially, the amount of unused or wasted space

in the partially filled block can be quite high. For example, if only 500 bytes are stored inthis block, then 3596 bytes are wasted. However, if a smaller block size, say 512 bytes,

was used, the amount of wasted disk space would be greatly reduced - to only 12 bytes. It

is, therefore, better to use small block sizes, if efficient use of available disk space isrequired, in a filesystem which will consist of lots of small files.

Adverse effects of a small block size

Although small block sizes can be beneficial in reducing wasted disk space, they can havean adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4 KB, only

one disk I/O operation would be required to either read or write the file. If the choice of theblock size was 512 bytes, a 4 KB file would only be allocated a 4 KB block if one were

available. If a single 4 KB block were not available, 512 byte blocks would be used, with a


IBM Power Systems

Block size considerations

• Default block size for a JFS2 filesystem is 4K – Possible values are: 512, 1024, 2048, 4096 bytes

• If a directory structure is to contain many small files, it isbeneficial to store them in a separate file system with a smallblock size. – Otherwise, the file system may fill up and still contain lots of free

space.

2000 bytes

4096 bytes

This free space cannotbe used by another file.

4096 bytes

These free blocks canbe used by other files.

1024 1024 1024 1024

2000 bytes

7/23/2019 AN121STUD


Student Notebook




5.2

empty potential to allocate eight blocks for this file. For a read or write to complete, severaladditional disk I/O operations (disk seeks, data transfers, and allocation activity) would be

required. Therefore, for file systems which use a block size of 4 KB, the number of disk I/Ooperations are far less, than file systems which employ a smaller block size.

7/23/2019 AN121STUD


Student Notebook




Figure 9-20. Fragmentation considerations AN121.1

Notes:

Irrespective of the block size, over time data can become fragmented on disk. The defragfs

command will attempt to increases a file system's contiguous free space by reorganizing

free block allocations to be contiguous, rather than scattered across the disk. The filesystem to be defragmented can be specified with the device variable, which can be the

path name of the logical volume (for example, /dev/hd4) or the name of the file system,which is the mount point in the /etc/filesystems file.

Another approach, is to backup and restore the data in a new file system or backup the

data, delete, recreate the file system and restore. This method is certainly cleaner, butrequires some element of downtime.


IBM Power Systems

Fragmentation considerations

• Over time, due to data relocation, extensions, reductions, anddeletions, contiguous free space can run out and data canbecome fragmented.

• There are three options to deal with this situation. – Try to increases a file system’s contiguous free space using the

defragfs command. – Backup, delete, recreate the file system and restore the data. – Create a new file system and migrate the data.

File system

FileA

Used block

Free block

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-21. Verify and repair a file system AN121.1

Notes:

Always run the fsck command on file systems after a system malfunction. The internal

integrity of a file system should be checked before the file system is mounted. By default,

the fsck command runs interactively, prompting the administrator for the action to performin order to repair the file system. If orphaned files or directories (those that cannot be

reached) are found, fsck will attempt to store them file in the /lost+found directory.

For further information, see the fsck man page.


IBM Power Systems

Verify and repair a file system

• fsck command – Checks file system consistency and interactively repairs the file

system – If no file system name is specified, the fsck command checks all file

systems which have the check=true attribute set in the/etc/filesystems.

– Orphan files are placed in the lost+found directory.

• Unmount the file system before running fsck.

# fsck /data

The current volume is: /dev/fslv00Primary superblock is valid.

J2_LOGREDO:log redo processing for /dev/fslv00

Primary superblock is valid.

*** Phase 1 - Initial inode scan

*** Phase 2 - Process remaining directories

*** Phase 3 - Process remaining files

*** Phase 4 - Check and repair inode allocation map

*** Phase 5 - Check and repair block allocation map

File system is clean.

# fsck /data

The current volume is: /dev/fslv00

Primary superblock is valid.J2_LOGREDO:log redo processing for /dev/fslv00

Primary superblock is valid.

*** Phase 1 - Initial inode scan

*** Phase 2 - Process remaining directories

*** Phase 3 - Process remaining files

*** Phase 4 - Check and repair inode allocation map

*** Phase 5 - Check and repair block allocation map

File system is clean.

7/23/2019 AN121STUD


Student Notebook




Figure 9-22. Documenting file system setup AN121.1

Notes:


IBM Power Systems

Documenting file system setup

• Run the lsfs command.

• Save the contents of the /etc/filesystems file.• Run the df command to check space allocation.

• Check all the mounted file systems by running the mountcommand.

File System Records

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 9-23. System storage review AN121.1

Notes:

Difference between file system and simple directory

It is important to understand the difference between a file system and a directory . A file

system is a section of disk that has been allocated to contain files. This section of disk isthe logical volume. The section of disk is accessed by mounting the file system over a

directory. Once the file system is mounted, it looks like any other directory structure to theuser.

File systems on the visual

The directories on the right of the bottom portion of the visual are all file systems. These file

systems are all mounted on the directories /usr, /tmp, /var and /home. Notice thecorresponding logical volume in the graphic at the top of the visual.

Simple directories

The directories on the left of the bottom portion of the visual are strictly directories that

contain files and are part of the /(root) file system. There is no separate logical volumeassociated with these directories.


IBM Power Systems

System storage review

Logical Volume Structure

/usr

/(root)

Page Space

log

free

/blv

hd2

hd4

hd6

hd8

hd5

free

/usr

/tmp

/usr

Page Space

/var

hd2

hd3

hd2

hd61

hd9var

hd1

lv00

lv00

free

/home

/home

free

special DB

special DB

free

/home

/home

free

special DB

special DB

hdisk0 hdisk1 hdisk2 hdisk3

rootvg datavgFile Systems

/bin /dev /etc /lib /usr /tmp /var /home

Directories File Systems

/(root)

File System

hd1

lv00

lv00

hd1 hd1

Logical volume storage

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint (1 of 2)

1. What command will display the i-node information for

a file? ____________

2. Does the size of the file system change when the sizeof the logical volume it is on is increased? ________

3. If you remove a file system, is the logical volume onwhich it sits removed as well? ___________

4. When a file system is created, what needs to be donein order to make it available for use? _____________

5. What size should an external JFS log be set to? ___________

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint (2 of 2)

6. A file system is 2 GB. How would you do the following?

Add 1 GB _____________________________ Set the size to 5 GB ______________________

7. What command can you use to determine if a filesystem is full? __________

8. What command can produce a report listing the size inMB, of all the files and directories contained in a

specific location? ____________

9. What command checks and interactively repairsinconsistent file systems? ______________

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 9

File systemadministration

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary


• Identify the components of an AIX file system• Work with enhanced Journaled file systems

– Add, list, change, and delete

• Monitor file system disk space usage• Manage file system growth and control growing files

• Implement basic file system integrity checks

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 10. Paging space 10-1

5.2

empty Unit 10.Paging space


This unit presents the key concepts related to paging space.



• Define paging space

• Understand why it is required, sizing, and placement guidelines • Add, change, and remove paging space

• List and monitor the paging space utilization

• Perform corrective actions to rectify too little or too much paging

space scenarios


Accountability:


• Exercise

References


management


following address:


7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives

After completing this unit, you should be able to:• Define paging space• Understand why it is required, sizing, and placement

guidelines• Add, change, and remove paging space• List and monitor the paging space utilization• Perform corrective actions to rectify too little or too much

paging space scenarios

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 10-2. What is paging space? AN121.1

Notes:

Use of paging space

The LVM allows a program to use a logical volume as if it was a physical disk, whilehiding the actual location of the physical partitions, thus allowing flexibility. In the same

way, Virtual Memory Management (VMM) allows a program to see its memory usage asvirtual memory, while hiding the real location of that memory. The unit of virtual memory

allocation is a page frame. For performance reasons, we would like that real location to

be in real memory. Sometimes, the total virtual memory of all the programs in thesystem, exceeds the amount of real memory. In that situation, AIX VMM frees upmemory by selecting under utilized memory (the program really has not used it recently)

and making it available to programs that will make active use of it. In that case, it needsto save the old memory contents. If the memory was being used for file caching, VMM

can just page it out to the related file. If is was just a work area for the program, it pagesit out to a special logical volume called paging space. In both cases, the real location of

that virtual memory is on disk. If a program later requests the paged out memory, itneeds to be paged in again.


IBM Power Systems

What is paging space?

Real Memory (RAM)

Made up of Page Frames

Paging Space

Virtual Memory

Memory usage

Operating System TCP/IP Applications FREE

Active

Inactive, paged out

7/23/2019 AN121STUD


Student Notebook




Paging space is not a substitute for sufficient real memory. A persistent shortage of realmemory can result in so much paging space page-in and page-out activity, that is will

severely impact the performance of that system. For more information about memoryand paging performance issue, attend the AIX Performance Management course.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 10-3. Paging space AN121.1

Notes:

A secondary storage area

Paging space is disk storage for information that is resident in virtual memory, but is notcurrently being accessed. As memory fills, inactive pages are moved to the paging

space on disk.

A temporary holding area for inactive pages

It is very important to remember that paging is a temporary holding area for inactivepages; it is not a substitute for real memory. If your machine has many active

processes, it requires more real memory. You must ensure the machine has enoughmemory to maintain all the active processes. If you run out of memory, your machine

reaches a constant state of paging called thrashing . As it attempts to make room inmemory, it completes a page-out; as soon as the page reaches the disk, it is needed

again because it is still active. Your machine's resources are wasted performing only

paging activity, and no real work gets done.


IBM Power Systems

Paging space

• Is a secondary storage area for:

– Inactive memory – Over-committed memory

• Holds inactive pages on disk

– Page size historically has been 4KB in size.

– Power5+ and Power6, AIX will dynamically allocate either small(4KB) or medium (64KB) page frames.

• Is not a substitute for real memory

7/23/2019 AN121STUD


Student Notebook




Thrashing indicates a need for additional memory

Increasing the amount of paging space when your machine is thrashing does not solve

the problem. Thrashing is a result of not enough real memory.

High performance environments

On Power4 (or later) environments, page size can be set to large enabled (16MB). Thisis done through the vmo command, as follows:

# vmo -r -o lgpg_regions=10 -o lgpg_size=16777216

On Power5+ (or later), page size can be set to huge enabled (16GB). This is done on

the HMC through manage system properties.

16MB and 16GB page frames are never paged out to disk. Even if totally unused, theyremain in memory. They are mainly used in High Performance Computing (HPC)

environments.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 10-4. Sizing paging space AN121.1

Notes:

Creation of paging space

Paging space is created during AIX installation.

The initial size is dependent on various factors, particularly the amount of RAM in yoursystem. Currently, the initial paging space size is determined according to the following

standards:

• Paging space can use no less than 16 MB, except for hd6, which can use no less than64 MB in AIX V4.3 and later versions.

• Paging space can use no more than 20% of total disk space.

• If RAM is greater than or equal to 256 MB, paging space is 512 MB.

• If RAM is less than 256 MB, paging space is twice the size of RAM.


IBM Power Systems

Sizing paging space

• hd6 is created at installation time.

– The recommended paging space formula is long standing, but it willlikely result in having more space than is needed.

• Total paging space = 512 MB + (memory size - 256 MB) * 1.25

• However, the amount needed is dependent on applicationsand system usage.

• Paging space should be continually monitored, using:

– # lsps –a or # lsps –s or # svmon

• Running low on paging space is bad.

– New processes will not start and the system may start killingprocesses.

• Paging space can be dynamically increased or decreased insize.

7/23/2019 AN121STUD


Student Notebook




Adjusting the amount of paging space

The initial size of paging space is just a starting point. This is not necessarily the

amount of the paging space that is right for your machine. The number and types ofapplications dictates the amount of paging space needed. Many sizing rules of thumb

have been published, but the only way to correctly size your machine's paging space isto monitor the utilization of your paging space.

Monitoring paging space

Monitoring the utilization of the paging space is done with the command lsps -a. This

command and its output are covered shortly.

Results of low paging space

If your system runs low on paging space, a message is sent to the console andsometimes to users as well. At this point, the system is unable to start until memory is

freed up, either by having processes explicitly free and release allocated memory or byterminating processes (thus automatically freeing memory associated with those

processes). This situation should obviously be avoided. A low paging space conditionmay be indicated by the appearance of one or more of the following messages on the

console, or in response to a command on any terminal:

"INIT: Paging space is low"

"ksh: cannot fork no swap space"

"Not enough memory"

"Fork function failed"

"fork () system call failed"

"unable to fork, too many processes"

"Fork failure - not enough memory available"

"Fork function not allowed. Not enough memory available."

"Cannot fork: Not enough space"

The situation can get worse. If paging space continues to fill, non-system processes areterminated, and the system may even crash. Ensure you have enough paging space.

7/23/2019 AN121STUD


Student Notebook




5.2

empty The vmo command manages VMM tunable parameters. One parameter which may beof interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).

For example, if the value is set to 1, this will result in processes for user IDs lower thanthis value (in this case, root) becoming exempt from getting killed due to low

page-space conditions.

7/23/2019 AN121STUD


Student Notebook




Figure 10-5. Paging space placement AN121.1

Notes:

Introduction

Placement and size of your paging space does impact its performance. The followingmaterial contains tips regarding placement and size of paging areas.

Configure only one paging space per disk

Do not have more that one paging space per disk. The paging space is allocated in around-robin manner, and uses all paging areas equally. If you have two paging areas onone disk, then you are no longer spreading the activity across several disks.

Use disks with low levels of activity

Paging space performs best when it is not competing with other activity on the disk. Usedisks that do not have much activity.


IBM Power Systems

Paging space placement

• Placement guidelines:

– Paging spaces roughly the same size – Only one paging space per physical disk

– Use disks with the least activity.

– Do not extend “a paging space” over multiple physical volumes.

– Place on SAN disks for better performance.

hd6 paging00 paging01

7/23/2019 AN121STUD


Student Notebook




5.2

empty Create paging spaces of roughly the same size

Paging spaces should be roughly the same size. Because of the round-robin technique

that is used, if they are not the same size, then the paging space usage is not balanced.Smaller paging areas fill faster.

Do not span multiple physical volumesDo not extend a paging space to span multiple physical volumes. Although you can

spread a paging area (like a regular logical volume) across several disk, the round-robintechnique treats the paging area as a single paging area. Therefore, the activity is not

evenly spread across the disks.

Use SAN disks and fibre channel controllers

Using SAN disks generally results in better throughput when reading and writing to thedisk. SAN controllers have large cache which will store the frames, when paged-out, to

disk. If the page frames are required to be paged back-in, and the data is still in cache,the system will not have to read from disk, improving performance. However, we do

have to balance this with the exposure that we may lose connection to the SAN storage.

7/23/2019 AN121STUD


Student Notebook




Figure 10-6. Checking paging space AN121.1

Notes:

The lsps command

The lsps command lists detailed information regarding the paging spaces on thesystem, including whether they are in use at the time and, if so, what percentage of their

total space is allocated.

Another useful option available with the lsps command, is the -s option, whichspecifies the summary characteristics of all paging spaces. The information consists of

the total size of the paging spaces (in MB) and the percentage of paging spacescurrently used.

The paging space created during system installation, is named hd6. Paging spaces

created by the system administrator after system installation, are named paging00,

paging01, and so on.


IBM Power Systems

Checking paging space

# lsps -a

Page Space Physical Volume Volume Group Size %Used Active Auto Type

hd6 hdisk0 rootvg 512MB 13 yes yes lv

# lsps –sTotal Paging Space Percent Used

512MB 13%

# lsps -a

Page Space Physical Volume Volume Group Size %Used Active Auto Type


# lsps –sTotal Paging Space Percent Used

512MB 13%

# svmon

size inuse free pin virtual

memory 524288 487242 37046 413337 466371

pg space 131072 17223

...

PageSize PoolSize inuse pgsp pin virtuals 4 KB - 437354 2087 375289 400643

m 64 KB - 3118 946 2378 4108

# svmon

size inuse free pin virtual

memory 524288 487242 37046 413337 466371

pg space 131072 17223

...

PageSize PoolSize inuse pgsp pin virtual

s 4 KB - 437354 2087 375289 400643

m 64 KB - 3118 946 2378 4108

Paging Space Usage = (4KB * 2087) + (64KB * 946) = 68892 KB

Paging Space % Usage = (4KB * 17223) / (4KB * 131072) * 100

= 13.1%

7/23/2019 AN121STUD


Student Notebook




5.2

empty svmon is an advanced command which captures and analyzes the current snapshot ofvirtual memory. It is the only system command which shows the breakdown of page

frame sizes.

7/23/2019 AN121STUD


Student Notebook




Figure 10-7. Adding paging space AN121.1

Notes:

Ways of adding extra paging space

To add extra paging space volumes to the system, you can use SMIT (as illustrated onthe visual), the mkps command, or the Web-based System Manager.

Using the mkps command

When using themkps

command, the syntax and options are:mkps [-a] [-n] [-t Type ] -s NumLPs Vgname [Pvname ]

Vgname The volume group within which to create the paging space

Pvname Specifies the physical volume of the volume group

-s NumLPs Sets the size of the new paging space in logical partitions

-a Activate the paging space at the next restart (adds it to

/etc/swapspaces)


IBM Power Systems

Adding paging space

# smit mkps

Add Another Paging Space



[Entry Fields]

Volume group name rootvg

SIZE of paging space (in logical partitions) [10] #

PHYSICAL VOLUME name hdisk1 +

Start using this paging space NOW? yes +

Use this paging space each time the system is yes +

RESTARTED?

Add Another Paging Space



[Entry Fields]


SIZE of paging space (in logical partitions) [10] #

PHYSICAL VOLUME name hdisk1 +

Start using this paging space NOW? yes +


RESTARTED?

mkps –s 10 -n -a rootvg hdisk1

# lsps -a

Page Space PV VG Size %Used Active Auto Type

paging00 hdisk1 rootvg 640MB 1 yes yes lv


7/23/2019 AN121STUD


Student Notebook




5.2

empty -n Activate the paging space immediately.

-t Type Specifies the type of paging space (lv or nfs)

When a paging space is created, the /etc/swapspaces file is also updated, if needed.

7/23/2019 AN121STUD


Student Notebook




Figure 10-8. Change paging space AN121.1

Notes:

Characteristics that can be changed

A paging space may have its size increased or decreased and may have its autostartoptions changed while it is in use (this updates /etc/swapspaces).

These changes can be made through SMIT (as illustrated on the visual) or by using the

chps command.

Decreasing paging space

The ability to dynamically decrease paging space was introduced in AIX 5L V5.1. Theargument -d to the chps command calls the shrinkps shell script to reduce the size of

an active paging space. The use of a shell script reduces the possibility of getting intoan unbootable state because users are not allowed to run out of paging space. The

script checks paging space actually in use and adds a paging space warning thresholdbuffer. The SMIT fastpath is smit chps.


IBM Power Systems

Change paging space

# smit chps

Change / Show Characteristics of a Paging Space



[Entry Fields]

Paging space name paging00


Physical volume name hdisk1

NUMBER of additional logical partitions [] #

Or NUMBER of logical partitions to remove [5] #


RESTARTED?

Change / Show Characteristics of a Paging Space



[Entry Fields]

Paging space name paging00


Physical volume name hdisk1

NUMBER of additional logical partitions [] #

Or NUMBER of logical partitions to remove [5] #


RESTARTED?

chps –d 5 paging00

# lsps -a


paging00 hdisk1 rootvg 320MB 1 yes yes lv


7/23/2019 AN121STUD


Student Notebook




5.2

empty The process chps decreases an active paging space as follows:

The primary paging space (usually hd6) cannot be decreased below 32 MB.

When you reduce the primary paging space, a temporary boot image and a temporary

/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the

system is always in a state where it can be safely rebooted.

Activating paging space

Inactive paging spaces may be activated dynamically once they have been defined. Todo this enter: swapon /dev/pagingnn

Note: This operation is supported through SMIT as well, fastpath pgsp. Alternatively,use: swapon -a to activate all paging spaces defined in /etc/swapspaces. This

command is run in /etc/rc at system startup.

Examples of chps command use

The following examples illustrate use of the chps command:

• Example 1: Delete one logical partition from the paging00 paging space.

# chps -d 1 paging00

• Example 2: Add one logical partition to the paging00 paging space.

# chps -s 1 paging00

Refer to the entry for chps in the online AIX 6.1 Commands Reference (or the

corresponding man page) for more information regarding the chps command.

Step Action

1Create a new, temporary space from the same volume group as the

one being reduced.

2 Deactivate the original paging space.3 Reduce the original paging space.

4 Reactivate the original paging space.

5 Deactivate the temporary space.

7/23/2019 AN121STUD


Student Notebook




Figure 10-9. Remove paging space AN121.1

Notes:

Deletion of surplus paging space

As we have discussed, paging space can be added to the system, if necessary.Similarly, surplus paging space can be deleted to free up the disk space for other logical

volumes.

Deactivation of paging space

Inactive paging space can be activated dynamically to meet system demand. In order todelete paging space, it must be inactive (that is, not used by the kernel.) Beginning with

AIX 5L V5.1, active paging spaces can be deactivated while the system is running usingthe swapoff command or with the SMIT fastpath swapoff.


IBM Power Systems

Removing paging space

# smit chps

Remove a Paging Space



[Entry Fields]

PAGING SPACE name paging00 +

Remove a Paging Space



[Entry Fields]

PAGING SPACE name paging00 +

swapoff /dev/paging00

# lsps -a



• First, deactivate the paging space.

• Remove the paging space. rmps /dev/paging00

# smit rmps

7/23/2019 AN121STUD


Student Notebook




5.2

empty Reasons the swapoff command may fail

The swapoff command may fail due to:

• Paging size constraints: The process to remove an active paging space is to move all

the pages of the paging space being removed to another paging space. If there is notenough active paging space to do this, the command fails.

• I/O errors.

7/23/2019 AN121STUD


Student Notebook




Figure 10-10. Problems with paging space AN121.1

Notes:


IBM Power Systems

Problems with paging space

• Monitor the system carefully – If paging space is running low or gets to 100% full, the system will

panic. Errors will be seen on the console, such as INIT: Paging spaceis low!

– The kernel will randomly start to kill processes.• UNIX version 7 manual, quote: “Absolute mayhem guaranteed”

• Paging space too small: – Dynamically increase the size by allocating more partitions.

OR – Add an additional paging space definition to another physical disk.

• Paging space too large: – Dynamically decrease the size by deallocating partitions.

OR – Remove a paging space definition.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 10-11. Documenting paging space setup AN121.1

Notes:

Running lsps

Run lsps to monitor paging space activity. Keep good documentation so that you knowwhat is normal for that system.

The /etc/swapspaces file

The file /etc/swapspaces contains a list of the paging space areas that are activated atsystem startup.

Keep a copy of /etc/swapspaces so that you know what paging spaces are defined tostart at boot.


IBM Power Systems

Documenting paging space setup

• Run the lsps command.

• Have a hardcopy of the /etc/swapspaces file.

* /etc/swapspaces

*

* This file lists all the paging spaces that are automatically put into

* service on each system restart ('swapon -a‘)*

* WARNING: Only paging space devices should be listed here.

*

* This file is modified by the chps, mkps and rmps commands and

referenced by the lsps and swapon commands.

hd6:

dev = /dev/hd6

auto = yes

paging00:

dev = /dev/paging00

auto = yes

* /etc/swapspaces

*

* This file lists all the paging spaces that are automatically put into

* service on each system restart ('swapon -a‘)*

* WARNING: Only paging space devices should be listed here.

*

* This file is modified by the chps, mkps and rmps commands and

referenced by the lsps and swapon commands.

hd6:

dev = /dev/hd6

auto = yes

paging00:

dev = /dev/paging00

auto = yes

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint

1. What conclusions regarding potential paging space problemscan you reach based on the following listing?

_______________________________________________ _______________________________________________ _______________________________________________

_______________________________________________ _______________________________________________ _______________________________________________

2. True or False: The size of paging00 (in the above example) canbe dynamically decreased.

Page Physical Volume Size %Used Active Auto Type chksum

Space Volume Group

hd6 hdisk0 rootvg 640 MB 43% yes yes lv 0

paging00 hdisk1 rootvg 640 MB 7% yes yes lv 0



Space Volume Group




7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:

This lab allows you to add, decrease, monitor, and remove paging space.


IBM Power Systems

Exercise 10

Pagingspace

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit summary

Having completed this unit, you should be able to:• Define paging space• Understand why it is required, sizing, and placement

guidelines• Add, change, and remove paging space• List and monitor the paging space utilization• Perform corrective actions to rectify too little or too

much paging space scenarios

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 11. Backup and restore 11-1

5.2

empty Unit 11. Backup and restore


This unit covers how to back up and restore volume groups and file

systems using the facilities built into the AIX operating system.



• Explain how to back up the operating system

• Create and restore a mksysb image

• Explain and understand the role of both the image.data andbosinst.data files

• Back up and restore a custom volume group

• Use standard UNIX and AIX backup, restore, and compression

utilities


Accountability:


• Exercise

References


management

AIX Version 6.1 Installation and migration



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives


• Explain how to back up the Operating System• Create and restore a mksysb image• Explain and understand the role of both the image.data and

bosinst.data files• Back up and restore a custom volume group• Use standard UNIX and AIX backup, restore, and compression

utilities

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-2. Backup introduction AN121.1

Notes:

Why back up your data?

The data on a computer is usually far more important and expensive to replace than the

machine itself. Data loss can happen in many ways. The most common causes arehardware failure and accidental deletion. AIX provides several ways in which we can

back up and restore data.

• Volume group backup: AIX provides a mksysb utility which creates a back upimage of the operating system (that is, the root volume group) and the savevg

utility to backup user defined volume groups. It is very important that regularmksysb backups are created as they allow us to reinstall a system to its original

state if it has been corrupted. If you create the backup on external media, forexample tape, the media is bootable and includes the installation programs

needed to install from the backup.

• Full backup: A full backup (sometimes referred to as level 0 backup) will backup all files and directories in the specified location. AIX provides the backup


IBM Power Systems

Backup introduction

• Why back up? – Data is very important, it is expensive to re-create. – Hardware failure – Accidental deletion – Damage due to software installation or hardware repair – Create a system image for installation cloning – Long term archive – Disaster recovery

• Types of backup:

– Volume group• mksysb utility which records an image backup of the operating system• savevg utility which performs a full backup of a user-created VG

– Full• Backs up all specified data

– Incremental• Records changes since previous backups

Generally handled byenterprise backupmgnt solutions, for

example TSM

7/23/2019 AN121STUD


Student Notebook




command and several standard UNIX utilities for performing a full backup suchas tar, cpio and pax.

• Incremental backup: An incremental backup, backs up all the files which have

changed since the last full or incremental backup. The backup command on AIXis capable of providing this functionality.

AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7

mission critical environments. As a result of this, often enterprise backup solutions aredeployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery

(Sysback). TSM for Sysback is designed to provide centralized, automated dataprotection that can help reduce the risks associated with data loss while also helping to

reduce complexity, manage costs, and address compliance with regulatory dataretention requirements. TSM for Sysback is outside the scope of this class.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-3. System image backup AN121.1

Notes:

The mksysb utility provides the following functions:

• Saves the definition of the paging space

• Provides a non-interactive installation that gives information required at installation time

through a data file

• Saves the inter-disk and intra-disk policies for the logical volumes

• Saves map files for logical volumes, if requested by the user

• Provides the ability to shrink the file system and logical volume in a volume group atsystem installation or mksysb recovery time

• Saves the file system characteristics

• Allows the user to restore single or multiple files from a system image

The volume group image is saved in backup format.


IBM Power Systems

System image backup

• Backs up rootvg only using the mksysb command

• Unmounted file systems are not backed up

• If device selected is tape, bootable tape is created in backup

format

• Can be completed over a network to a NIM server

• Provides facilities for a non-interactive installation

• Saves system-created paging space definitions

• Saves LV policies and file system attributes

• There should be minimal user and application activity

7/23/2019 AN121STUD


Student Notebook




System backup or clone?

If the mksysb command is used for to backup the source system, it is considered a

system backup . However, if the intent of the backup is to provide a customized system

for use on other machines, the mksysb is considered a clone . Cloning meanspreserving either all or some of a system's customized information for use on a different

machine. During install, the default option is Enable System Backups to install

any system = Yes. This means that mksysb files are not system specific.Otherwise, if the mksysb by itself, is used to clone a machine or LPAR that is not ahardware clone, it may not work, as it cannot provide support for hardware devices

unique to the new machine or LPAR. For example, loading a mksysb image made froma physical machine will not install correctly on a virtual LPAR because they use different

AIX filesets. However, this is an easy problem to resolve. In addition to the mksysb,you also need to boot using the AIX installation media to provide the filesets needed by

the other machine or LPAR. If using a NIM server, a bosinst.data file must be definedwith the option INSTALL_DEVICES_AND_UPDATES = yes and the lppsource

allocated to the client machine, must also have all the possible device support.

Non-interactive installation

If a system backup is being made to install another system or to reinstall the existingsystem, a customer can predefine installation information so questions at installation

time are already answered. This keeps user interaction at the target node to aminimum. The system backup and BOS install, interact through several files. The

mksysb saves the data, used by the installation, through taking a snapshot of thecurrent system, and its customized state.

System backup components

The components provided as part of the system backup utility, are packaged in thebos.sysmgt.sysbr package.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-4. Creating a mksysb image AN121.1

Notes:

Introduction

The SMIT screen shown in the visual, Back Up the System, performs a a mksysb

operation and only backs up mounted file systems in rootvg.

Create MAP files?

This option generates a layout mapping of the logical-to-physical partitions for eachlogical volume in the volume group. This mapping is used to allocate the same

logical-to-physical partition mapping when the image is restored.

EXCLUDE files?

This option excludes the files and directories listed in the /etc/exclude.rootvg file fromthe system image backup.

List files as they are backed up?

Change the default to see each file listed as it is backed up. Otherwise, you see apercentage-completed progress message while the backup is created.


IBM Power Systems

Creating a mksysb image

• smit mksysb

• SMIT also provides facilities to do a system backup to CD andDVD, see smit sysbackup

Back Up the System

* Backup DEVICE or FILE [/backups/my_mksysb] +/

Create MAP files? no +

EXCLUDE files? no +

List files as they are backed up? no +

Verify readability if tape device? no +

Generate new /image.data file? yes +

EXPAND /tmp if needed? no +

Disable software packing of backup? no +

Backup extended attributes? yes +

(Leave blank to use a system default)

Location of existing mksysb image [] /

File system to use for temporary work space [] /

(If blank, /tmp will be used.)Back up encrypted files? yes +

Back up DMAPI filesystem files? No +

Back Up the System

* Backup DEVICE or FILE [/backups/my_mksysb] +/


EXCLUDE files? no +



Generate new /image.data file? yes +





Location of existing mksysb image [] /

File system to use for temporary work space [] /

(If blank, /tmp will be used.)

Back up encrypted files? yes +Back up DMAPI filesystem files? No +

/usr/bin/mksysb -i /backups/my_mksysb

Backup to tape, forexample /dev/rmt0 is

also popular

7/23/2019 AN121STUD


Student Notebook




Verify readability if tape device?

Verifies the file header of each file on the backup tape, and reports any read errors asthey occur.

Generate new /image.data file?

If you have already generated a new /image.data file and don't want a new file created,

change the default to no. The default value is yes (-i flag) on the command line.EXPAND /tmp if needed?

Choose yes if the /tmp file system can automatically expand if necessary during the

backup.

Disable software packing of backup?

The default is no, which means the files are packed before they are archived to tape.Files that cannot be compressed are placed in the archive as is. Restoring the archive

automatically unpacks the files packed by this option. If the tape drive you are usingprovides packing or compression, set this field to yes.

Backup extended attributes?

By default, the mksysb, savevg, and backup utilities save any extended attributes. Ifyou plan to restore to a back-level system which does not understand the format with

extended attributes, then this option allows you to override that default behavior.

Number of BLOCKS to write in a single output

This specifies the number of 512 bytes to write in a single output operation, referred toas the block size. If a number is not specified, the backup command uses a default

value appropriate for the physical device selected. Larger values result in larger

physical transfers to tape devices. The block size must be a multiple of the physicalblock size of the device being used.

Location of existing mksysb image

Specifies the full path name to the location of a previously-created mksysb image thatcan be used to create a bootable tape backup.

File system to be used for temporary work space

Specifies the full path name to the location of a directory or file system to be used astemporary space to create a bootable tape backup. The file system used must have at

least 100MB of available free disk space for the creation of the bootable image. If thisfield is left blank, the /tmp file system is used.

Back up encrypted files?

Specifies if encrypted files should be backed up. AIX 6.1 introduces the ability to

encrypt files on a per file basis without the need of third party tools.

Back up DMAPI file system files?

Specifies if DMAPI file system files are to be backed up.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-5. image.data file AN121.1

Notes:

The image.data file contains information describing the image installed during the BOS

installation process. This information includes the sizes, names, maps, and mount points of

logical volumes and file systems in the root volume group. The mkszfile commandgenerates the image.data file. It is not recommended that the user modify the file.

Changing the value of one field without correctly modifying any related fields, can result ina failed installation, and a corrupted backup image. The only exception to this

recommendation is the SHRINK field, which the user may modify to instruct the BOSinstallation routines to create the file systems as specified in the image.data file, or to

create the file systems only as large as is required to contain all the data in the file system.

The BOS installation process also takes input from the image.data file regarding defaults

for the machine being installed. Any default values in the image.data file will overridevalues obtained when the BOS installation queries the hardware topology and existing root

volume group. The image.data file resides in the / directory.


IBM Power Systems

image.data file

• The image.data file contains information describing the imageinstalled during the BOS installation process. This includes: – Sizes, names, maps, and mount points of logical volumes and file

systems in the root volume group

• It is a large file arranged in stanza format – Is not recommended that the user modify the file, apart from the shrink

field

• New image.data can be created during a mksysb operation orby calling the mkszfile command.image_data:

IMAGE_TYPE= bff

DATE_TIME= Mon 20 Oct 17:54:07 2008UNAME_INFO= AIX neo 1 6 00CBE2FE4C00

PRODUCT_TAPE= no

USERVG_LIST=

PLATFORM= chrp

OSLEVEL= 6.1.1.0

OSLEVEL_R= 6100-01

CPU_ID= 00CBE2FE4C00

LPAR_ID= 4

logical_volume_policy:

SHRINK= no

EXACT_FIT= no

image_data:

IMAGE_TYPE= bff

DATE_TIME= Mon 20 Oct 17:54:07 2008

UNAME_INFO= AIX neo 1 6 00CBE2FE4C00

PRODUCT_TAPE= no

USERVG_LIST=

PLATFORM= chrp

OSLEVEL= 6.1.1.0

OSLEVEL_R= 6100-01

CPU_ID= 00CBE2FE4C00

LPAR_ID= 4

logical_volume_policy:

SHRINK= no

EXACT_FIT= no

The SHINK field can be setto yes.

7/23/2019 AN121STUD


Student Notebook




To create a mksysb backup image with a customized image.data file:

• Create a new image.data file: # mkszfile.

• Edit the image.data file as appropriate.

• Create mksysb with the customized image.data file: # mksysb /backup/my_mksysb.

This file is part of System Backup and BOS Install Utilities.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-6. bosinst.data file AN121.1

Notes:

/bosinst.data file

This file enables the administrator to specify the requirements at the target system and how

the user interacts with the target system. It provides flexibility by allowing unattendedinstallations. The system backup utilities simply copy the /bosinst.data into the second file

on the mksysb tape. If this file is not in the root directory, the

/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.

Key fields (highlight in the visual):

• PROMPT: Will determine if the installation is to be prompted (yes) or non-prompted (no)

• INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a

different hardware configuration, boot from product media to get any missing devicedrivers installed. In addition, if the product media is a later level of AIX than the mksysb,

software in the mksysb image will be updated. To prevent either of these additionalinstallations from occurring, set this field to no. The default is yes.


IBM Power Systems

bosinst.data file

• Defines defaults for variables controlling an installation• Can be used to created non-prompted installations• Key options below, for a full description see:

– /usr/lpp/bosinst/bosinst.template.README

control_flow:

CONSOLE = Default

INSTALL_METHOD = overwrite

PROMPT = no

EXISTING_SYSTEM_OVERWRITE = yes

INSTALL_X_IF_ADAPTER = no

RUN_STARTUP = yes

RM_INST_ROOTS = no

ERROR_EXIT =

CUSTOMIZATION_FILE = SCREEN

TCB = no

INSTALL_TYPE =

BUNDLES =

SWITCH_TO_PRODUCT_TAPE =

RECOVER_DEVICES = no

BOSINST_DEBUG = no

ACCEPT_LICENSES =

DESKTOP = CDE

INSTALL_DEVICES_AND_UPDATES = yes

IMPORT_USER_VGS =

ENABLE_64BIT_KERNEL = Default

CREATE_JFS2_FS = yes

ALL_DEVICES_KERNELS = no

ALT_DISK_INSTALL_BUNDLE = no

control_flow:

CONSOLE = Default

INSTALL_METHOD = overwrite

PROMPT = no

EXISTING_SYSTEM_OVERWRITE = yes

INSTALL_X_IF_ADAPTER = no

RUN_STARTUP = yes

RM_INST_ROOTS = no

ERROR_EXIT =

CUSTOMIZATION_FILE = SCREEN

TCB = no

INSTALL_TYPE =

BUNDLES =SWITCH_TO_PRODUCT_TAPE =

RECOVER_DEVICES = no

BOSINST_DEBUG = no

ACCEPT_LICENSES =

DESKTOP = CDE

INSTALL_DEVICES_AND_UPDATES = yes

IMPORT_USER_VGS =

ENABLE_64BIT_KERNEL = Default

CREATE_JFS2_FS = yes

ALL_DEVICES_KERNELS = no


GRAPHICS_BUNDLE = yes

MOZILLA_BUNDLE = no

KERBEROS_5_BUNDLE = no

SERVER_BUNDLE = yes


locale:

BOSINST_LANG = en_US

CULTURAL_CONVENTION = en_GB

MESSAGES = en_US

KEYBOARD = en_GB

target_disk_data:

PVID =

PHYSICAL_LOCATION =

CONNECTION =

LOCATION =

SIZE_MB =

HDISKNAME = hdisk0

7/23/2019 AN121STUD


Student Notebook




• INSTALL_METHOD: Specifies a method of installation: migrate, preserve,erase_only, or overwrite

• CREATE_JFS2_FS: Specifies whether you want to create enhanced journaled file

systems. The choices are yes and no

• ALL_DEVICES_KERNELS: Specifies whether to install all device and kernel filesetsThe choices are yes and no. If you select no, your system will be installed with the

devices and kernel specific to your system configuration. If you select yes, when youcreate a system backup of your system, you can use that system backup to install any

system.

• LOCALE STANZA: Will determine:

- The language to use during installation

- Primary cultural convention to use after reboot

- Primary message catalogs to use after reboot

- Keyboard map to use after reboot

• TARGET DISK STANZA: Will determine where to create the root volume group.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-7. mksysb tape image format AN121.1

Notes:

This visual shows the tape layout of a mksysb image.

BOS boot image

The BOS boot image contains a copy of the system's kernel and device drivers needed

to boot from the tape.

mkinsttape image

The mkinsttape image contains the following files:

• ./image.data holds the information needed to re-create the root volume groupand its logical volumes and file systems.

• ./bosinst.data contains the customizable installation procedures and dictateshow the BOS installation program behaves. This file allows for the

non-interactive installations.

• ./tapeblksz contains the block size setting of the tape drive used during thebackup. This applies to the files in the fourth section.


IBM Power Systems

mksysb tape image format

BOS Boot

image

mkinsttape

image

dummy

.toc

rootvg

backup image

Blocksize =

512Blocksize =

512

Blocksize =

512

Tape Drive

Blocksize

Kernel

Device Drivers

./image.data

./bosinst.data

./tapeblksz

Dummy TOC Backup

by name

• To list files in the backup image on a mksysb – tctl -f /dev/rmt0 rewind

– tctl -f /dev/rmt0.1 fsf 3

– restore -Tvf /dev/rmt0

• OR – restore -Tv –s4 -f /dev/rmt0

0 1 2 3

1st Section 2nd Section 3rd Section 4th Section

7/23/2019 AN121STUD


Student Notebook




Dummy TOC

The dummy TOC is used to make mksysb tapes have the same number of files as theBOS installation tapes.

rootvg backup image

The rootvg backup image contains all the data from the backup. This data is saved

using the backup command which is discussed shortlyListing and extracting files in a tape mksysb image

The tctl command can be used to rewind and fast forward the tape to the start of the

fourth section (third tape mark). Then, the restore command, as shown in the visual can beused to extract (-x) or list (-T) files on the tape. Alternatively, if the tape is already rewound,

then restore command can be used directly to extract files from the fourth section (-s4).

For further information regarding tape manipulation, see the tctl man page.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-8. Restoring a mksysb, from tape device (1 of 2) AN121.1

Notes:

Start a mksysb restoration

To restore a mksysb image from tape, boot the machine into SMS just as if you were

performing an installation. As shown previously in the installation unit, select the device toboot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.

The machine boots from the tape and prompts you to define the console and select alanguage for installation. Once you have answered those questions, then the Installation

and Maintenance menu is presented.

You can also boot from installation media which presents the same screens. Just be sure toput the mksysb tape in the tape drive before answering the last question.


IBM Power Systems

Restoring a mksysb, from tape device (1 of 2)

• From the SMS Menu, boot the system from the tape device.• Restore mksysb image from the device, that is, tape

(/dev/rmt0), as follows:



1 Start Install Now With Default Settings


>> 3 Start Maintenance Mode for System Recovery




1 Start Install Now With Default Settings


>> 3 Start Maintenance Mode for System Recovery


1 Access A Root Volume Group

2 Copy a System Dump to Removable Media3 Access Advanced Maintenance Functions

4 Erase Disks

>> 6 Install from a System Backup

1 Access A Root Volume Group

2 Copy a System Dump to Removable Media

3 Access Advanced Maintenance Functions4 Erase Disks

>> 6 Install from a System Backup

Tape Drive Path Name

>> 1 tape/scsi/4mm/2GB /dev/rmt0

Tape Drive Path Name

>> 1 tape/scsi/4mm/2GB /dev/rmt0

7/23/2019 AN121STUD


Student Notebook




Figure 11-9. Restoring a mksysb, from tape device (2 of 2) AN121.1

Notes:

Changing installation settings

From the Installation and Maintenance menu, select option 2, Change/Show

Installation Settings and Install.

The options from the System Backup and Installation and Settings menu are:

• 1 Disk(s) where you want to install

- Select disks where you want to install.

• 2 Use Maps

- The option Use Maps lets you use the map file created (if you created one) during

the backup process of the mksysb tape. The default is no.

• 3 Shrink Filesystems

- The option Shrink Filesystems installs the file systems using the minimum requiredspace. The default is no. If yes, all file systems in rootvg are shrunk. So remember


IBM Power Systems

Restoring a mksysb, from tape device (2 of 2)



Type the number of your choice and press Enter. Choice is indicated by >>.1 Start Install Now With Default Settings

>> 2 Change/Show Installation Settings and Install



5 Select Storage Adapters



Type the number of your choice and press Enter. Choice is indicated by >>.1 Start Install Now With Default Settings

>> 2 Change/Show Installation Settings and Install



5 Select Storage Adapters

System Backup Installation and Settings


1 Disk(s) where you want to install hdisk0

Use Maps No

2 Shrink Filesystems No

3 Import User Volume Groups No

4 Recover devices No0 Install with the settings listed above

System Backup Installation and Settings


1 Disk(s) where you want to install hdisk0

Use Maps No

2 Shrink Filesystems No

3 Import User Volume Groups No

4 Recover devices No

0 Install with the settings listed above


Please wait...





Please wait...




7/23/2019 AN121STUD


Student Notebook




5.2

empty after the restore, evaluate the current file system sizes. You might need to increasetheir sizes.

• 0 Install with the settings listed above

- At the end, select option 0 which installs using the settings selected. Your mksysb

image is restored.

The system then reboots.

7/23/2019 AN121STUD


Student Notebook




Figure 11-10. Restoring a mksysb, from a NIM server (1 of 2) AN121.1

Notes:

Firstly, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the

client on the NIM server and the NIM server must run a bosinst operation on your client

machine. This is covered in the NIM course, AU08G .

Secondly, boot the client into SMS mode and select option 2, Setup Remote IPL. This

option allows us to define the network parameters of the NIM server and client. Once theIPL details have been entered, press ESC to return to the main menu.


IBM Power Systems

Restoring a mksysb, from a NIM server (1 of 2)

• Restore a mksysb image from a NIM Server, using the SMSmenu. – Note: NIM server configuration is covered in the AU08G NIM course.

PowerPC Firmware

Version SF240_338


-------------------------------------------------------------------------------

Main Menu

1. Select Language



4. Select Console


PowerPC Firmware

Version SF240_338


-------------------------------------------------------------------------------

Main Menu

1. Select Language



4. Select Console


IP Parameters

Interpartition Logical LAN: U9113.550.65F2E7F-V9-C3-T1




4. Subnet Mask [255.255.0.0]

IP Parameters

Interpartition Logical LAN: U9113.550.65F2E7F-V9-C3-T1




4. Subnet Mask [255.255.0.0]

Enter client and NIMserver IP details.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-11. Restoring a mksysb, from NIM sever (2 of 2) AN121.1

Notes:

The visual shows the rest of the steps involved in completing the mksysb restore.


IBM Power Systems

Restoring a mksysb, from NIM sever (2 of 2)

BOOTP: chosen-network-type = ethernet,auto,none,auto

BOOTP: server IP = 10.47.1.33

BOOTP: requested filename =

BOOTP: client IP = 10.47.1.21

BOOTP: client HW addr = ea 48 f0 0 90 3

BOOTP: gateway IP = 0.0.0.0

BOOTP: device /vdevice/l-lan@30000003

BOOTP: loc-code U9113.550.65F2E7F-V9-C3-T1

BOOTP: chosen-network-type = ethernet,auto,none,auto

BOOTP: server IP = 10.47.1.33

BOOTP: requested filename =

BOOTP: client IP = 10.47.1.21

BOOTP: client HW addr = ea 48 f0 0 90 3

BOOTP: gateway IP = 0.0.0.0

BOOTP: device /vdevice/l-lan@30000003

BOOTP: loc-code U9113.550.65F2E7F-V9-C3-T1

BOOTP R = 1 BOOTP S = 2

FILE: /tftpboot/alex.lpar.co.uk

FINAL Packet Count = 27900

FINAL File Size = 14284288 bytes.

load-base=0x4000

real-base=0x2000000


Please wait...





Please wait...




Client issues a bootp requestto NIM master and downloads

the boot image via tftp

• Return to main menu, by selecting option “5 Boot Options”. Then, select:• 1. Select Install/Boot Device

• 6. Network -- followed by the network adapter to the boot from• 2. Normal Mode Boot• 1. Yes -- to exit System Management Services

7/23/2019 AN121STUD


Student Notebook




Figure 11-12. Creating a backup of a data volume group AN121.1

Notes:

To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters

are virtually identical to creating a mksysb image.

The savevg command finds and backs up all files belonging to a specified volume group.The volume group must be varied-on, and the file systems must be mounted. The savevg

command uses the data file created by the mkvgdata command. This data file can be oneof the following:

• / tmp/vgdata/vgname/<vgname >.data

Contains information about a user volume group. The <vgname> variable reflects the

name of the volume group. The savevg command uses this file to create a backupimage that can be used by the restvg command to remake the user volume group.


IBM Power Systems

Creating a backup of a data volume group

• smit savevg

• SMIT also provides facilities to do a VG backup to CD andDVD (smit vgbackup).

Back Up a Volume Group to Tape/File

* Backup DEVICE or FILE [/tmp/datavg_bk_svg] +/

* VOLUME GROUP to back up [datavg] +


Generate new vg.data file? yes +


EXCLUDE files? no +




Number of BLOCKS to write in a single output [] #



Back up Volume Group information files only? no +Back up encrypted files? yes +

Back up DMAPI filesystem files? no +

Back Up a Volume Group to Tape/File

* Backup DEVICE or FILE [/tmp/datavg_bk_svg] +/

* VOLUME GROUP to back up [datavg] +


Generate new vg.data file? yes +


EXCLUDE files? no +




Number of BLOCKS to write in a single output [] #



Back up Volume Group information files only? no +

Back up encrypted files? yes +Back up DMAPI filesystem files? no +

/usr/bin/savevg –f /tmp/datavg_bk_svg -i datavg

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-13. Restoring a backup of a data volume group AN121.1

Notes:

The visual show the process of restoring a non-rootvg volume group. Standard out from the

smit screen is shown below:

COMMAND STATUS


Before command completion, additional instructions may appear

below.

Will create the Volume Group: datavg

Target Disks: hdisk1

Allocation Policy:

Shrink Filesystems: no

Preserve Physical Partitions for each Logical Volume: no


IBM Power Systems

Restoring a backup of a data volume group

• smit restvg

• Prior to restoring the VG – Unmount all file systems which are part of that VG. – Varyoff and export the volume group.


* Restore DEVICE or FILE [/tmp/datavg_bk_svg] +/

SHRINK the filesystems? no +

Recreate logical volumes and filesystems only? no +


(Leave blank to use the PHYSICAL VOLUMES listed

in the vgname.data file in the backup image)

Use existing MAP files? yes +

Physical partition SIZE in megabytes [] +#

(Leave blank to have the SIZE determined

based on disk size)

Number of BLOCKS to read in a single input [] #


Alternate vg.data file [] /

(Leave blank to use vg.data stored inbackup image)


* Restore DEVICE or FILE [/tmp/datavg_bk_svg] +/

SHRINK the filesystems? no +

Recreate logical volumes and filesystems only? no +


(Leave blank to use the PHYSICAL VOLUMES listed

in the vgname.data file in the backup image)

Use existing MAP files? yes +

Physical partition SIZE in megabytes [] +#

(Leave blank to have the SIZE determined

based on disk size)

Number of BLOCKS to read in a single input [] #


Alternate vg.data file [] /

(Leave blank to use vg.data stored in

backup image)

/usr/bin/restvg -q –f /tmp/datavg_bk_svg

7/23/2019 AN121STUD


Student Notebook




datavg

loglv01

fslv00

New volume on /tmp/datavf_bk_svg:



The backup date is: Mon 20 Oct 20:29:05 2008


The user is root.

x 11 ./tmp/vgdata/datavg/image.info

x 127 ./tmp/vgdata/vgdata.files598152

x 127 ./tmp/vgdata/vgdata.files

x 2444 ./tmp/vgdata/datavg/filesystems

x 2481 ./tmp/vgdata/datavg/datavg.data

x 340 ./tmp/vgdata/datavg/backup.data

x 0 ./data

x 0 ./data/lost+found

x 1024 ./data/file1

x 1024 ./data/file2

x 1024 ./data/file3

The total size is 5530 bytes.

The number of restored files is 11.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-14. Traditional UNIX and AIX backup commands AN121.1

Notes:


IBM Power Systems

Traditional UNIX and AIX backup commands

• AIX – Backup and restore

• Other popular backup, restore commands across UNIXplatforms: – tar – cpio – pax – dd

• Compression Utilities – Compress, restore using uncompress or zcat – gzip, restore using gunzip

7/23/2019 AN121STUD


Student Notebook




Figure 11-15. Backup by filename and restore AN121.1

Notes:

The backup command

The backup command is a useful command for making backups of AIX files and

directories. backup supports two different methods:

• Backup by filename

• Backup by inode (also call a file system backup)

When performing a backup by filename, the files must be in a mounted file system to be

backed up. Backup by inode, backs up file systems when they are unmounted.Note: Relative versus full filenames will impact the location of files on recovery!

Popular backup flags

-q: Media is ready

-i: Specifies that files be read from standard input and archived by file name.

-v: Verbose - display filenames during backup


IBM Power Systems

Backup by filename and restore

• File names are read from standard input

# cat listfile/home/aix/file1

/home/aix/file2

/home/aix/file3

# backup -iqvf /dev/rmt0 < listfile

# find /home/aix | backup -iqvf /dev/rmt0

# cd /home/aix

# find . | backup -iqvf /backup/aix.backup

# cat listfile/home/aix/file1

/home/aix/file2

/home/aix/file3

# backup -iqvf /dev/rmt0 < listfile

# find /home/aix | backup -iqvf /dev/rmt0

# cd /home/aix

# find . | backup -iqvf /backup/aix.backup

Absolute Paths

Relative Paths

# restore -Tvf /backup/aix.backup

# restore -xvf /backup/aix.backup

# restore -xvf /tmp/aix.backup ./file1

# restore -Tvf /backup/aix.backup

# restore -xvf /backup/aix.backup

# restore -xvf /tmp/aix.backup ./file1

List files

Extract (restore)files

Extract individualfile

7/23/2019 AN121STUD


Student Notebook




5.2

empty -f: device

Popular restore flags

-T: List files

-x: Extract files

For further information see the man pages.

7/23/2019 AN121STUD


Student Notebook




Figure 11-16. Backup and restore by inode AN121.1

Notes:

Backup by inode is useful for performing full (level 0) and incremental backups of

filesystems. Backup by inode should only be completed when the filesystem is unmounted!

Note: The command will complete if the filesystem is in use, but the following warningmessage is displayed, “backup: 0511-251 The file system is still mounted; data may

not be consistent.”

Popular backup by inode flags

-u: update /etc/dumpdates will backup transaction history

-0-9: backup level, 0 is full, 1…9 represents incremental change since level n-1

-f: device

Popular restore by inode flags

-r: restore files

For further information see the man pages.


IBM Power Systems

Backup and restore by inode

• Only supported if filesystems are unmounted!

# backup -u -0 -f /tmp/databkup_21Oct_level0 /data


# cat /etc/dumpdates

/dev/rfslv00 1 Tue Oct 21 15:45:21 2008

/dev/rfslv00 0 Tue Oct 21 15:40:54 2008



# cat /etc/dumpdates

/dev/rfslv00 1 Tue Oct 21 15:45:21 2008

/dev/rfslv00 0 Tue Oct 21 15:40:54 2008 Incremental backup

Full backup

Backup history

# restore -rqvf /tmp/databkup_21Nov_level0




Must restore first to the last level 0 thenfollowed by each incremental…

7/23/2019 AN121STUD


Student Notebook




5.2

empty When restoring file system archives, the restore command creates and uses a filenamed restoresymtable. This file is created in the current directory. The file is necessary

for the restore command to do incremental file system restores. Do not remove the

restoresymtable file if you perform incremental file system backups and restores.

7/23/2019 AN121STUD


Student Notebook




Figure 11-17. tar command AN121.1

Notes:

The tar command archives and restores files. tar is most commonly used in tandem with

an external compression utility, since it has no built-in data compression facilities.

Here is a list of the commonly used options:

-c creates a tar backup.

-x extracts (restores) one or more files from a tar file.

-t reads the content of the tar file (verify the backup).

-v verbose output - displays files as they are backed up and restored.

-f identifies the file or device holding the tar image.-h follows symbolic links.

-u appends files to an existing archive.-p preserves file permissions, ignoring the present umask value.

-B forces a consistent blocking factor to help ensure this copy is made correctly.

The final .tar file is usually called a tarball.


IBM Power Systems

tar command

• tar is derived from tape ar chive – Create a tar backup (-c)

– List files in a tar backup (-t)

– Extract files from a tar backup (-x)

– Copying directories and files using tar

# tar –cvf /dev/rmt0 /home

# tar -cvf /backup/home.tar /home

# tar –cvf /dev/rmt0 /home

# tar -cvf /backup/home.tar /home

# tar –tvf /dev/rmt0# tar –tvf /dev/rmt0

# tar –xvf /dev/rmt0# tar –xvf /dev/rmt0

# cd /data

# tar –cf | (cd /data_backup && tar xBpf -)

# cd /data

# tar –cf | (cd /data_backup && tar xBpf -)

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-18. cpio command AN121.1

Notes:

cpio copies file archives in from, or out to tape, disk, or another location on the local

machine.

Here is a list of the commonly used options:

-o command reads file path names from standard input and copies these files tostandard output, along with path names and status information.

-i command reads from standard input an archive file created by the cpio -o

command and copies from it the files with names that match the Patternparameter.

-p copies files to another directory on the same system.

-d creates directories as needed.

-v verbose (print files)


IBM Power Systems

cpio command

• cpio is derived from copy in and out – Create a cpio backup (-o)

– List files in a cpio backup (-t)

– Extract files from a cpio backup (-i)

– Copy the contents of the current location to /mydir

# find /home | cpio –ov > /backup/home.bk# find /home | cpio –ov > /backup/home.bk

# cpio -itv < /backup/home.bk# cpio -itv < /backup/home.bk

# cpio –idv < /backup/home.bk# cpio –idv < /backup/home.bk

# find . -depth | cpio -pd /mydir# find . -depth | cpio -pd /mydir

7/23/2019 AN121STUD


Student Notebook




Figure 11-19. pax command AN121.1

Notes:

The pax command extracts, writes, and lists members of archive files; copies files and

directory hierarchies.

Rather than sort out the incompatible options that have crept up between tar and cpio,along with their implementations across various versions of UNIX, the IEEE designed a

new archive utility. Pax means “peace” in Latin, so the utility is named to create peacebetween the tar and cpio.


IBM Power Systems

pax command

• tar and cpio syntax differ slightly between UNIX platforms. – IEEE addressed this problem with ‘pax’, meaning peace in Latin.

– Create a pax backup of /home (-w)

– List files in a pax backup (-v)

– Extract files in a pax backup (-r)

# pax -wf /backup/home_pax.ar /home# pax -wf /backup/home_pax.ar /home

# pax -rvf /backup/home_pax.ar# pax -rvf /backup/home_pax.ar

# pax -v –f /backup/home_pax.ar# pax -v –f /backup/home_pax.ar

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-20. dd command AN121.1

Notes:

The dd command reads in standard input or the specified input file, converts it, and then

writes to standard out or the named output.

The common options are:

if= specifies the input file.

of= specifies the output file.

conv= designates the conversion to be done.

Copying specific blocks

The dd command is also useful when you need to copy specific blocks of data. For

example, if a file system’s superblock (stored in the first block of the file system) is corrupt,a copy is kept at the 31st block. The dd command can copy that 31st block back to the first

to repair the file system. The command is:

# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4


IBM Power Systems

dd command

• The primary purpose of dd is the low-level copying andconversion of raw data. – Copy tape to tape. Tape1 block size=1KB. Tape2 block size=2KB

– Perform a raw data backup of /home to tape, then restore

– Convert /etc/passwd from ascii to ebcdic

# dd if=/dev/rmt0 ibs=1024 obs=2048 of=/dev/rmt1# dd if=/dev/rmt0 ibs=1024 obs=2048 of=/dev/rmt1

# tar -cvf - /home | dd obs=1024k of=/dev/rmt0

# tar -cvf - /home | rsh <system> dd obs=1024k of=/dev/rmt0

# dd if=/dev/rmt0 ibs=1024k | tar xvf -

# tar -cvf - /home | dd obs=1024k of=/dev/rmt0

# tar -cvf - /home | rsh <system> dd obs=1024k of=/dev/rmt0

# dd if=/dev/rmt0 ibs=1024k | tar xvf -

# dd if=/etc/passwd of=/etc/passwd.ebcdic conv=ebcdic# dd if=/etc/passwd of=/etc/passwd.ebcdic conv=ebcdic

Writing to a tapedrive on a remote

machine

7/23/2019 AN121STUD


Student Notebook




Figure 11-21. Compression commands (1 of 2) AN121.1

Notes:

Files which are archived are usually further compressed to reduce their size. Compress,

uncompress and zcat commands are standard commands across UNIX platforms for

compressing and uncompressing files.


IBM Power Systems

Compression commands (1 of 2)

• Archives created with backup utilities are usually compressed. – Reduce the size of the backup. – This can be done using a number of utilities, such as compress.

• Examples (using compress, uncompress, and zcat):

# compress -v /tmp/data.tar

/tmp/data.tar: Compression: 95.50% This file is replaced

with /tmp/data.tar.Z.

# uncompress /tmp/data.tar.Z

/tmp/data.tar.Z: This file is replaced with /tmp/data.tar.

# zcat /tmp/data.tar.Z | tar -xvf -

# compress -v /tmp/data.tar

/tmp/data.tar: Compression: 95.50% This file is replaced

with /tmp/data.tar.Z.

# uncompress /tmp/data.tar.Z/tmp/data.tar.Z: This file is replaced with /tmp/data.tar.

# zcat /tmp/data.tar.Z | tar -xvf -zcat, expands a

compressed file tostandard out.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 11-22. Compression commands (2 of 2) AN121.1

Notes:

gzip is a software application used for file compression. gzip is short for GNU zip. The

program is very popular and is a free replacement for the compress program which was

predominately used in early UNIX systems.

Another popular and free compression utility is bzip2 which is based on a lossless data

compression algorithm. Bzip2 compression is generally more effective than gzip. Theusage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip

respectively.


IBM Power Systems

Compression commands (2 of 2)

• Examples (gzip and gunzip)

# gzip -v /tmp/data.tar

/tmp/data.tar: 97.7% -- replaced with

/tmp/data.tar.gz

# gunzip -v /tmp/data.tar.gz

/tmp/data.tar.gz: 97.7% -- replaced with

/tmp/data.tar

# tar -cvf - /data | gzip -c > data_tar.gz

# gunzip -c data_tar.gz | tar xvf -

# gzip -v /tmp/data.tar

/tmp/data.tar: 97.7% -- replaced with

/tmp/data.tar.gz

# gunzip -v /tmp/data.tar.gz

/tmp/data.tar.gz: 97.7% -- replaced with

/tmp/data.tar

# tar -cvf - /data | gzip -c > data_tar.gz

# gunzip -c data_tar.gz | tar xvf -

Creates acompressed

tarball (.tar.gz) ofthe /data

directory.

Decompresses andextracts the

compressed tarball(.tar.gz).

7/23/2019 AN121STUD


Student Notebook




Figure 11-23. Good practices AN121.1

Notes:

• Take regular backups. Always take regular backups of data. The most efficient way of

doing this is through regular automated incremental backups, as done through products

like TSM.

• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to

view the contents. With mksysb tapes, you can position the tape to the correct markerand verify the contents without having to restore the data.

• Check the tape devices. The tapechk command can be used to check a number of

files on a tape. If no argument is specified, then the first block on the tape is checked. Ifa number is specified, that number of files are checked. You can also position the tape

before tapechk is run by specifying a second number. For example, tapechk 2.1 readstwo files after skipping past the first file.The tapechk command can be used to detect

malfunctioning hardware.

• Label your tapes. There is no way to know what is on the tape by looking at it. Thelabel should at least list the tape files, the commands used to create the tape, the date

created, and the block size.


IBM Power Systems

Good practices

• Take regular backups.

• Verify your backups. – Check the tape device(s). – Label tapes.

• Keep old backups.

• Keep a copy of the backups securely offsite.

• Test recovery procedures before you have to use them!

• Consider deploying an enterprise storage managementsolution like Tivoli Storage Manager (TSM).

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Keep old backups. Keep old backups in case something goes wrong with the newones.

• Keep a copy of backups securely offsite. Store a set of backups off site in case

something happens to your site.

• Test recovery procedures. Test your recovery procedure before you have to. Knowthat you can recover before you have to recover.

• Consider deploying an enterprise storage solution. Enterprise storage solutions likeTivoli Storage Manager provide centralized, automated storage management and data

protection. TSM storage management software protects you from the risks of data lossand helps you reduce complexity, manage costs, and address compliance with data

retention and availability requirements.

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Checkpoint

1. What is the difference between the following two commands?• find /home/fred | backup -ivf /dev/rmt0

• cd /home/fred; find . | backup -ivf /dev/rmt0 ___________________________________________________ ___________________________________________________ ___________________________________________________

2. On a mksysb tape, if you entered tctl rewind and then tctl -f/dev/rmt0.1 fsf 3, which element on the tape could you look at? _________________________________________________________ _________________________________________________________

3. Which command could you use to restore these files? _________________________________________________________

4. True or False: smit mksysb backs up all file systems, provided theyare mounted. ________________________________________________ _________________________________________________________

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Exercise 11

Backup and restore

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit summary


• Explain how to back up the operating system• Create and restore a mksysb image• Explain and understand the role of both the image.data

and bosinst.data files• Back up and restore a custom volume group

• Use standard AIX/UNIX backup, restore, andcompression utilities

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 12. Security and user administration 12-1

5.2

empty Unit 12.Security and user administration


This unit describes the key concepts related to AIX security and user

administration.



• Define the concepts of users and groups, and explain how andwhen these should be allocated on the system

• Describe ways of controlling root access on the system

• Explain the uses of SUID, SGID, and SVTX permission bits

• Administer user accounts and groups

• Understand the basic concepts and implementation of RBAC

• Identify the data files associated with users and security


Accountability:


• Exercise

References


SG24-7424 AIX 6.1 Advanced Security Features: Introduction andConfiguration (redbook)

SG24-7559 AIX Version 6.1 Differences Guide (redbook)



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives








7/23/2019 AN121STUD


Student Notebook




5.2

empty 12.1. Security and user concepts

7/23/2019 AN121STUD


Student Notebook




Figure 12-2. Security and user concepts AN121.1

Notes:


IBM Power Systems

Security and user concepts

After completing this topic, you should be able to:

• Understand user accounts and groups• Describe the role of RBAC• Identify key security logs• Understand and apply file permissions

– Including the role of the umask parameter

• Change file ownership and group assignment

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-3. User accounts AN121.1

Notes:

Importance of user accounts

The security of the system is based on a user being assigned a unique name, a unique

user ID (UID) and password, and a primary group ID (GID). When the user logs in, the UIDis used to validate all requests for file access. The UID, associated groups, and GIDs can

be seen by the id command.

File ownership

When a file is created, the UID associated with the process that created the file is assignedownership of the file. Only the owner or root can change the access permissions.

Automatically created user accounts

There are several user accounts automatically created. root, for example, is one. Some

user accounts are not made for login but only to own certain files. adm, sys, and bin areexamples of that type of account.


IBM Power Systems

User accounts

• Each user has a unique name, numeric ID, and password.

• File ownership is determined by a numeric user ID.• The owner is usually the user who created the file, but

ownership can be transferred by root.

• Default users: – root Superuser

– adm, sys, bin, ... IDs that own system files butcannot be used for login

# id


groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)

# id


groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)

7/23/2019 AN121STUD


Student Notebook




Figure 12-4. Groups AN121.1

Notes:

Function of groups

Users that require shared access to a set of files are placed in groups. Each group has

a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when itis created. A user can belong to multiple groups.

Predefined groups

There are several groups predefined on an AIX system. For example, the system

group is root's group and the staff group is for all ordinary users.

Planning and administering groups

The creation of groups to organize and differentiate the users of a system or network ispart of systems administration. The guidelines for forming groups should be part of the

security policy. Defining groups for large systems can be quite complex, and once asystem is operational, it is very difficult to change the group structure. Investing time

and effort in devising group definitions before your system arrives is recommended.


IBM Power Systems

Groups

• A group is a set of users, all of whom need access to a givenset of files.

• Every user is a member of at least one group and can be amember of several groups.

• The user has access to a file if any group in the user’sgroupset provides access. To list the groupset, use thegroups command.

• The user's real group ID is used for file ownership on creation.To change the real group ID, use the newgrp command.

• Default groups: – System administrators: system – Ordinary users: staff

7/23/2019 AN121STUD


Student Notebook




5.2

empty Groups should be defined as broadly as possible and be consistent with your securitypolicy. Do not define too many groups because defining groups for every possible

combination of data type and user type can lead to impossible extremes.

A group administrator is a user who is allowed to assign the members andadministrators of a group. It does not imply that the user has any administrative abilities

for the system.

Types of groups

There are three types of groups on the system:

• User Groups

- User groups should be made for people who need to share files on the

system, such as people who work in the same department, or people who areworking on the same project.

• System Administrator Groups

- System administrators are automatically members of the system group.

Membership of this group allows the administrators to perform some of thesystem tasks without having to be the root user.

• System Defined Groups

- Several system-defined groups exist. staff is the default group for allnon-administrative users created in the system. security is another

system-defined group with limited privileges for performing securityadministration. The system-defined groups are used to control certain

subsystems.

Use of the newgrp commandA user's real group identification is used to determine the group ownership of a filecreated by that user. The newgrp command changes a user's real group identification.

If you provide a group name as a parameter to the newgrp command, the systemchanges the name of your real group to the group name specified (if the group name

specified is part of your groupset). If no group name is provided as a parameter, the

newgrp command changes your real group to the group specified as your primary

group in the /etc/passwd file.

Example:

$ id

uid=206(secc) gid=7(security) groups=1(staff)

$ newgrp staff

$ id

uid=206(secc) gid=1(staff) groups=7(security)

7/23/2019 AN121STUD


Student Notebook




Figure 12-5. Group hierarchy AN121.1

Notes:

Rights to administrative functions

As indicated on the visual, membership in some groups confers rights to the use of certain

administrative functions. Membership in the staff group does not provide rights to the useof administrative functions.

Common groups

Common groups on the system (and their intended uses) are as follows:

• system for most configuration and standard hardware and software maintenance • printq for managing queuing.

- Typical commands which can be run by members of this group are: enable,

disable, qadm, qpri, and so forth.

• security to handle most passwords and limits control

- Typical commands which can be run by members of this group are: mkuser,

rmuser, pwdadm, chuser, chgroup, and so forth.


IBM Power Systems

Group hierarchy

system security

printqadm

audit

shutdown

staff

Rights toadministrative

functions

Ordinaryusers

7/23/2019 AN121STUD


Student Notebook




5.2

empty • adm most monitoring functions such as performance, cron, accounting staff, defaultgroup assigned to all new users

- You may want to change this in /usr/lib/security/mkuser.defaults.

• audit for auditors

• shutdown allows use of the shutdown command.

7/23/2019 AN121STUD


Student Notebook




Figure 12-6. User hierarchy AN121.1

Notes:

Capabilities of members of certain groups

The ability to perform certain system tasks (like creating users) depends upon the standard

AIX file permissions. Most system administration tasks can be performed by users otherthan root if those users are assigned to groups such as system, security, printq, cron,

adm, audit, or shutdown. In particular, a user in the security group can add, remove, orchange other users and groups.

Purpose of user hierarchy

To protect important users and groups from users in the security group, AIX has three

levels of user hierarchy: root, admin users and groups, and normal users and groups. Only

root can add, remove, or change an admin user or admin group. Therefore, you can define

a user that has a high level of access, but is protected from users in the security group.


IBM Power Systems

User hierarchy

• As well as admin groups, AIX has admin users.

• An admin user has the admin group “system” (guid 0) set asthe primary group.

• Only root can add, remove, or change an admin user or admingroup.

• Any user on the system can be defined as an admin userregardless of the group they are in.

• This approach is limited. AIX 6 includes enhanced RBAC.

root

normal user

admin user (admin flag set to true)

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-7. Role based access control AN121.1

Notes:

Why do we need RBAC?

The difficulty with permission (or even access control list) based access control is that

you must secure the needed resource rather than the command. It was often difficult toknow which resources were the ones needed. In some cases we are dealing with kernel

resources. In addition, a given resource may have multiple uses and a single groupaccess to it may not work. Allowing a program to be root with suid allowed one to

bypass the resource permissions, but suid itself was a potential exposure. With

Enhanced Resource Based Access Control (RBAC), resource access is controlledthrough privileged commands and then only users with the proper authorization areallowed to execute the privileged command. The authorization and privileges are fine

grained.

Legacy RBAC

Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.Even though a user was assigned a role, that user was often still unable to execute the

associated tasks until a requisite command was converted to a set uid executable and


IBM Power Systems

Role based access control

• Enhanced RBAC is a major new feature in AIX 6.

• With Enhanced RBAC: – Authorizations can be hierarchical.

– root can be disabled altogether.

– Can limit or eliminate UNIX based security add-ons like sudo

– Definitions are stored in the kernel table to enhance security.

– Applies also to devices and files

– Support for WPARs

• Authorizations, such as the ability to shutdown the system, areassigned to roles

• Roles such as System Administrator, are assigned to users

Authorizations

Roles1

Roles

Users2

7/23/2019 AN121STUD


Student Notebook




the user was made a member of the associated group. In addition, the legacyframework was implemented without involvement of the kernel.

Enhanced RBAC

Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC

framework involves the kernel and thus is more secure. The new framework is alsomore granular and extensive than the legacy RBAC. Once a role is assigned to a user,

they have the authorization to do the related tasks without having to play with filepermissions or group membership. While the framework supports user defined

privileged commands, authorizations, and roles, AIX 6.1 provides 10 predefined rolesthat can be used without additional RBAC configuration. The details of the RBAC

framework is outside the scope of this course, however more detail with a simpleexample is included in topic two of this unit.

Sudo

Sudo (su “do”) is free add-on software for UNIX systems which enables a systemadministrator to delegate authority to give certain users, or groups of users, the ability to

run some, or all, commands as root or another user while providing an audit trail of thecommands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-8. Controlling access to the root account AN121.1

Notes:

Guidelines for root account password

If the root password is known by too many people, no one can be held accountable. The

root password should be limited to just two or three administrators. The fewer people whoknow root's password, the better. The system administrator should ensure that distinct

root passwords are assigned to different machines. You may allow normal users to havethe same passwords on different machines, but never do this for root.

Use of the su command

Attempts to become root through su can be investigated. Successful and unsuccessful

attempts might be logged by the audit system.

PATH variable for root account

Do not include unsecured directories in the value of PATH for the root account. Note that

root's PATH is used by many implicit system functions, not just by a user logged in as root.


IBM Power Systems

Controlling access to the root account

• Restrict access to privileged logins.

• Root's passwords should be changed on an unannouncedschedule by the system administrator.

• Assign different root passwords to different machines.

• System administrators should always login as themselves firstand then su to root instead of logging in as root. This helpsprovide an audit trail for root usage.

• Do not include unsecured directories in root's PATH.

# chuser login=false root

# chuser login=false root

7/23/2019 AN121STUD


Student Notebook




Figure 12-9. Security logs AN121.1

Notes:

The sulog file

The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the

following information is recorded: date, time, terminal name, and login name. The file alsorecords whether the login attempt was successful, and indicates a success by a plus sign

(+) and a failed login by a minus sign (-).

The utmp and wtmp files

The /etc/utmp file contains a record of users logged into the system, and the

/var/adm/wtmp file contains connect-time accounting records. To obtain information from

either file use the who command with the file name. The who command normally examinesthe /etc/utmp file, but you can specify either one of the files just mentioned as an argument

to the command.

The last command

The last command can also be used to display, in reverse chronological order, all previouslogins and logoffs still recorded in the /var/adm/wtmp file. The /var/adm/wtmp file collects


IBM Power Systems

Security logs

/var/adm/sulog

/var/adm/wtmp

/etc/security/failedlogin

/etc/utmp

Audit trail ofsu

activity

Log of successful logins

List of users currently

logged in

Information on failedlogin attempts

7/23/2019 AN121STUD


Student Notebook




5.2

empty login and logout records as these events occur, and holds them until the records areprocessed by the accounting commands.

For example:

# last root displays all the recorded logins and logoffs by the user root.

# last reboot displays the time between reboots of the system.

The utmpd daemon

AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the

/etc/utmp file. This daemon monitors the validity of the user process entries at regular

intervals. The default interval time would be 300 seconds. The syntax of the command is:

/usr/sbin/utmpd [ Interval ]

To start utmpd from the /etc/inittab, add the following entry to the file:

utmpd:2:respawn:/usr/sbin/utmpd

The failedlogin file

The /etc/security/failedlogin file maintains a record of unsuccessful login attempts. The

file can be displayed using the who command with the file as an argument.

7/23/2019 AN121STUD


Student Notebook




Figure 12-10. File/Directory permissions AN121.1

Notes:

Permission bits

There are a number of permission bits associated with files and directories. The standard r

(read), w (write), and x (execute) permissions, define three levels of access for the user(owner), group, and others. In addition, there are three permission bits known as SUID (set

UID), SGID (set GID), and SVTX (sticky bit).

The SUID bit

SUID on an executable file means that when the file runs, the process runs with aneffective UID of the owner of the file. SUID is not supported on shell scripts.

SUID has no meaning on a directory.

The SGID bit

SGID on an executable file means that when the file runs, the process runs with aneffective GID of the group owner of the file.


IBM Power Systems

File/Directory permissions

Must be owner of files todelete files from directory

SVTX--------

Files created in directoryinherit the same group asthe directory

SGIDRun program witheffective GID of group

--------SUIDRun program with

effective UID of owner

Give access to directoryxUse file name to executeas a command

Create and remove files indirectory

wModify content of file

List content of directoryr Read content of file

DirectoryPerm. BitFile

7/23/2019 AN121STUD


Student Notebook




5.2

empty SGID on a directory means that any file or directory created within the directory will havethe same group ownership as the directory rather than the real group ID or primary group of

the user.

The SGID permission bits are propagated down through the directory structure, so that anydirectory created in a directory with the SGID bit set, also inherits that bit.

The SVTX bit

SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.

Traditional UNIX used SVTX to keep a program in memory after it had completed running,but with memory management routines, this is no longer necessary. SVTX is known as the

sticky bit.

SVTX on a directory means that even if the directory has global write permission (forexample, /tmp), users cannot delete a file within it, unless they either own the file, or the

directory.

7/23/2019 AN121STUD


Student Notebook




Figure 12-11. Reading permissions AN121.1

Notes:

How SUID, SGID, and SVTX settings are indicated

The SUID bit is indicated by an S or s in the slot normally reserved for the execute

permission for owner (user). The SGID bit is indicated by an S or s in the slot normallyreserved for the execute permission for group. The SVTX bit is indicated by a T or t in the

slot normally reserved for the execute permission for others. Since this slot must show ifexecute is on/off and whether the additional permission bit is on/off, the uppercase S or T is

used to indicate that the execute permission is off. The lowercase s or t indicates the

execute permission is on.


IBM Power Systems

Reading permissions

SUID SUID SGID SGID sticky stickyonly + x only + x bit bit

only + x

r wr x

sS

r w x

sS

w x

tT

owner group other

# ls -ld /usr/bin/passwd /usr/bin/crontab /tmp

-r-sr-xr-x root security ... /usr/bin/passwd

-r-sr-sr-x root cron ... /usr/bin/crontab

drwxrwxrwt bin bin ... /tmp

# ls -ld /usr/bin/passwd /usr/bin/crontab /tmp

-r-sr-xr-x root security ... /usr/bin/passwd

-r-sr-sr-x root cron ... /usr/bin/crontab

drwxrwxrwt bin bin ... /tmp

7/23/2019 AN121STUD


Student Notebook




5.2

empty Discussion of examples on visual

Three examples of files that use these additional permissions are shown on the visual:

• The passwd command allows users to change their passwords even thoughpasswords are stored in a restricted area.

• The crontab command allows users to create a crontab file even though access to the

directory where crontab files reside is restricted for ordinary users. • Permission bit settings for /tmp allow everyone to write to the directory, but only the

owner of a file can remove a file from the /tmp directory.

7/23/2019 AN121STUD


Student Notebook




Figure 12-12. Changing permissions AN121.1

Notes:

Setting the additional permission bits

To set the additional permission bits, you use the same command (chmod) as you do to

set the regular permission bits.

Using octal notation to set the additional permission bits

Using the octal notation, you are probably familiar with setting permissions using acommand like: # chmod 777 file1. When you issue this command, the more complete

command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourthposition determines whether the additional bits are turned on.

You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the

same. To set the additional bits, you are affecting the x position in either the user, group, orother area. If you assign numeric values to user (4), group (2), and other (1), these are the

values that you insert into the fourth position to set the additional bit:

• SUID is indicated in the user's area. Therefore use a 4 in the fourth position.

• SGID is indicated in the group area. Therefore use a 2 in the fourth position.


IBM Power Systems

Changing permissions

# chmod 4 7 7 7 file1 SUID

# chmod 2 7 7 7 file1 SGID

# chmod 1 7 7 7 dir1 SVTX

4SUID

2SGID

1SVTX

owner r w x4 2 1

groupr w x4 2 1

other r w x4 2 1

# chmod u+s file1 SUID

# chmod g+s file1 SGID

# chmod +t dir1 SVTX

OR

7/23/2019 AN121STUD


Student Notebook




5.2

empty • SVTX is indicated in the others area. Therefore use a 1 in the fourth position.

Using the symbolic method to set the additional permission bits

You can also use the symbolic method to set the additional permission bits. The visualshows how to set the values using the symbolic method.

7/23/2019 AN121STUD


Student Notebook




Figure 12-13. umask AN121.1

Notes:

Function of umask

The umask specifies what permission bits are set on a new file when it is created. It is an

octal number that specifies which of the permission bits are not set.

Default value of umask

If no umask was used, then files would be created with permissions of 666 and directorieswould be created with permissions of 777. The system default umask is 022 (indicating

removal of the 2 bit, or write from the group and others area). Therefore, removing write

from group and other, results in an initial permission for files of 644 and, for directories,

755. Execute permission is never set initially on a file.

Changing the umask to enhance security

The default setting of the umask is 022. For tighter security you should make the umask

027, or even 077.


IBM Power Systems

umask

• The umask governs permissions on new files and directories.

• System default umask is 022.• 022 calculation Files: 666 Directories: 777

umask: 022 umask: 022644 755rw-r--r-- rwxr-xr-x

• A umask of 027 is recommended.

• 027 calculation Files: 666 Directories: 777umask: 027 umask: 027

640 750rw-r----- rwxr-x---

• /etc/security/user specifies default and individual user umaskvalues.

7/23/2019 AN121STUD


Student Notebook




5.2

empty The umask command

To view or change the value of the umask for the current session, use the umask

command.

Values stored in /etc/security/user file

The umask is specified in /etc/security/user. The default stanza in this file specifies the

system wide default, but a value can be specified on a per-user basis.

7/23/2019 AN121STUD


Student Notebook




Figure 12-14. Changing ownerships and groups AN121.1

Notes:

Using chown to change ownership

As illustrated on the visual, the chown command can be used by root to change the

ownership on a file.

Using chgrp to change group ownership

The chgrp command is used to change the group ownership of a file. Any owner of a filecan change the group ownership to any group in their groupset. The root user can change

the group ownership to any group on the system.

Changing both ownership and group ownership

The chown command can be used by root to set both the ownership, and groupownership, of a file. As illustrated on the visual, this can be done two different ways.


IBM Power Systems

Changing ownerships and groups

The chown command:

The chgrp command:

Changing both user and group ownership:

# chown fred file1# chown fred file1

# chgrp staff file1# chgrp staff file1

# chown fred:staff file1

- OR -

# chown fred.staff file1

# chown fred:staff file1

- OR -

# chown fred.staff file1

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. Which file contains an audit trail of su activity?

_____________________________ 2. If the following command was run:

chmod 6754 file1What would the file permissions be for file1? _ _ _ _ _ _ _ _ _

3. A binary executable with the SUID flag set is owned by user root.User michael executes the binary. The executable runs underwhich user, root or michael? _______________

4. A shared directory is created on the system. What flag must beset to ensure only the owner of the files can delete them? _______________

5. Why is an umask of 027 recommended? ________________________________________________

7/23/2019 AN121STUD


Student Notebook




Figure 12-16. Topic summary AN121.1

Notes:


IBM Power Systems

Topic summary

Having completed this topic, you should be able to:

• Understand user accounts and groups• Describe the role of RBAC• Identify key security logs• Understand and apply file permissions

– Including the role of the umask attribute

• Change file ownership and group assignment

7/23/2019 AN121STUD


Student Notebook




5.2

empty 12.2. User and group administration

7/23/2019 AN121STUD


Student Notebook




Figure 12-17. User and group administration AN121.1

Notes:


IBM Power Systems

User and group administration


• Understand the login sequence from a system console• Understand the login initialization process• Add, list, change, and delete users and groups• Set and change passwords

– Recover root password if lost or forgotten

• Understand the key elements of RBAC and configure asimple RBAC implementation

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-18. Console login sequence AN121.1

Notes:

Introduction

When a user attempts to log in, AIX checks a number of files to determine if entry is

permitted to the system and, if permitted, what parts of the system the user can access.This section provides an overview of the checks performed during the login process.

The getty process

Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is

started for each port in the list providing a login prompt on the terminal attached to that port.The actual message displayed, also known as the herald, by the getty process is defined

in /etc/security/login.cfg. Once the message is displayed, the getty process waits for auser to make a login attempt.

Entry of username and password

When a user is ready to log in, they enter their user name at the login prompt. The login

program is passed the user name and password. The login credentials are checkedagainst /etc/passwd and /etc/security/passwd files.


IBM Power Systems

Console login sequence

getty process

Login: userid and passwd

Spawned by inittab

User verification check

Set up the environment.

Display /etc/motd

Enter login shell

Valid?yes

noLogin failed

Settings in

/etc/security/login.cfg

/etc/passwd /etc/security/passwd

/etc/environment /etc/security/environ

/etc/security/limits /etc/security/user

$HOME/.hushlogin

/etc/profile$HOME/.profile

Log entry in:

/etc/security/failedlogin

7/23/2019 AN121STUD


Student Notebook




Validation

If the password is incorrect or if an invalid user name was given, then the login fails, and anentry is made in the file /etc/security/failedlogin. Use the command who

/etc/security/failedlogin to view this file. The number of failed attempts is also tracked (byuser account) in /etc/security/lastlog. The login prompt is redisplayed for another attempt.

It is possible to set the characteristics for a user to prevent unlimited attempts on an

account. If the number of attempts exceeds the maximum allowable failed attempts, theaccount is locked. If a user successfully enters the user name and password, the uswstanza in /etc/security/login.cfg is checked. This stanza sets the maximum number of

concurrent logins for a user account. If that number is exceeded, the login is denied and amessage is displayed to the user.

Setup of user's environment

If everything is successful to this point, then the user's environment is set using

/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.The login program sets the current directory to the user's HOME directory and displays the

content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date of thelast successful login, and the number of unsuccessful login attempts since the last

successful login.

Passing of control to shell

Finally, control is passed to the login shell (as defined in /etc/passwd) which will read

/etc/environment and run /etc/profile and $HOME/.profile when using Korn or Bourneshells.

Results of a user logging out

When a user logs out, the shell terminates and a new getty process is spawned for thatport.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-19. User initialization process AN121.1

Notes:

The /etc/environment file

/etc/environment is used to set variables. No commands should be placed in this file. Only

root can change this file.

The /etc/profile file

/etc/profile will be read and executed during every login. Like the /etc/environment file, thisfile can be changed only by root.

The $HOME/.profile and $HOME/.kshrc files$HOME/.profile and $HOME/.kshrc can be customized by the user. The user can overwrite

any variable set in /etc/environment and /etc/profile.


IBM Power Systems

User initialization process

LOGIN

/etc/environment

/etc/profile

$HOME/.kshrc

Establishes base environmentsets PATH, TZ, LANG, andNLSPATH

Shell script run at all loginssets TERM, MAILMSG, andMAIL

User's personal file tocustomize their environmentPATH, ENV, PS1

$HOME/.profile

User's personal file to customizethe Korn shell environmentset –o vi, alias

7/23/2019 AN121STUD


Student Notebook




Common Desktop Environment (CDE) considerations

If you are using CDE, .profile is not read by default. In the user’s HOME directory, the

.dtprofile file is used to establish the environment when working with CDE. .dtprofile

replaces the function of .profile in the CDE environment. If you want to use both, in the

.dtprofile, uncomment the line near the end of the file that references the

DTSOURCEPROFILE variable.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-20. Message of the day AN121.1

Notes:

Using the /etc/motd file

The message of the day (motd ) is a convenient way to communicate information, such as

installed software version numbers or current system news, to all users. The message ofthe day is contained in the /etc/motd file. To change the message of the day, simply edit

this file.


IBM Power Systems

Message of the day

• The file /etc/motd contains text that is displayed every time auser logs in.

• This file should only contain information necessary for theusers to see.

• If the $HOME/.hushlogin file exists in a user's home directory,then the contents of the /etc/motd file are not displayed to thatuser.

******************************************************************

* *

* *

* AIX Version 6.1 TL 02 HACMP 5.5.0.0. + WPAR ckp *

* *

* Eduction AIX AN12 Build version 318 *

* *

* *

******************************************************************

nimmaster:/

******************************************************************

* *

* *

* AIX Version 6.1 TL 02 HACMP 5.5.0.0. + WPAR ckp ** *

* Eduction AIX AN12 Build version 318 *

* *

* *

******************************************************************

nimmaster:/

7/23/2019 AN121STUD


Student Notebook




Figure 12-21. Security & Users AN121.1

Notes:

The Security & Users menu

The Security & Users menu is used to manage user and group IDs on the system. The

menu consists of the seven options described below.

Users

This option is used to add users to the system, delete existing users and change thecharacteristics of existing users.

GroupsThis option is used to add groups to the system, delete groups, and change the

characteristics of existing groups.

Passwords

This option is used to change the password for a user. It is also required when setting

up a new user or when a user has forgotten their password.

Login Controls


IBM Power Systems

Security & Users

# smit security

Security & Users


Users

Groups

Passwords

Login Controls

PKI

LDAP

Role Based Access Control (RBAC)

Trusted Execution

Security & Users


Users

Groups

Passwords

Login Controls

PKI

LDAPRole Based Access Control (RBAC)

Trusted Execution

7/23/2019 AN121STUD


Student Notebook




5.2

empty This option provides functions to restrict access for a user account or on a particularterminal.

PKI

PKI stands for X.509 Public Key Infrastructure certificates. This option is used to

authenticate users using certificates and to associate certificates with processes asproof of a user's identity.

LDAP

LDAP stands for Light Directory Access Protocol. It provides a way to centrallyadminister common configuration information for many platforms in a networked

environment. A common use of LDAP is the central administration of userauthentication. The SMIT option here allows us to configure this platform as either an

LDAP client or an LDAP server.

Roles Based Access Control (RBAC)

This option sets up user roles. User roles allow root to give authority to an ordinary user

to perform a portion of root's functions.

Trusted Execution

Trusted Execution (TE) refers to a collection of features that are used to verify the

integrity of the system and implement advanced security policies, which together can beused to enhance the trust level of the complete system.

7/23/2019 AN121STUD


Student Notebook




Figure 12-22. SMIT users AN121.1

Notes:

Add a User

Add user accounts.

Change a User's Password

Make password changes.

Change/Show Characteristics of a User

Changes the many characteristics that are part of the user account. The password

restrictions are part of this area.

Lock/Unlock a User's Account

This is used to temporarily disable an account. It is a good security practice to disable

accounts if they are not expected to be used for a reasonably long period of time, as whensomeone is on an extended leave of absence.

Reset User's Failed Login Count


IBM Power Systems

SMIT users

# smit users

Users


Add a User


Change / Show Characteristics of a User

Lock / Unlock a User's Account


Remove a User

List All Users

Users


Add a User



Lock / Unlock a User's Account


Remove a UserList All Users

7/23/2019 AN121STUD


Student Notebook




5.2

empty If the administrator has set a limit to the number of failed attempts that can be made on anaccount before locking it, this resets that count.

Remove a User

Removes the user account, but not files owned by that user

List all users

Runs the lsuser command

7/23/2019 AN121STUD


Student Notebook




Figure 12-23. Listing users AN121.1

Notes:

Function of the lsuser command

The lsuser command is used to list the attributes of all users (ALL) or individual users on

the system.

Using SMIT to list users

When the List All Users option in SMIT is used, the user name, ID and home directoryare listed.

Commonly used lsuser flagsWhen the lsuser command is issued directly, the data may be listed in line format, in

colon format (-c), or in stanza format (-f). Individual attributes or all attributes may beselected. The output can also be generated for individual users.

Sources of information listed

The information reported by lsuser is gathered from the security files: /etc/passwd,

/etc/security/limits, and /etc/security/user.


IBM Power Systems

Listing users

The lsuser command:

lsuser [-c | -f] [-a attribute …] {ALL | username …}

Example:

# lsuser -a id home ALL

root id=0 home=/

daemon id=1 home=/etc

bin id=2 home=/bin

sys id=3 home=/usr/sys

adm id=4 home=/var/admuucp id=5 home=/usr/lib/uucp

guest id=100 home=/home/guest

alex id=333 home=/home/mancunian

# lsuser -a id home ALL

root id=0 home=/

daemon id=1 home=/etc

bin id=2 home=/bin

sys id=3 home=/usr/sys

adm id=4 home=/var/admuucp id=5 home=/usr/lib/uucp

guest id=100 home=/home/guest

alex id=333 home=/home/mancunian

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-24. Add a user to the system AN121.1

Notes:

Ways of adding a user

The mkuser command or SMIT can be used to add a user. User attributes can be specified

to override the default values.

User name

The only value that must be specified, is the user name. Traditionally, this name wasrestricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be

changed to allow names as long as 255 characters. The limit is modified in theChange/Show Attributes of the Operating System panel (smit chsys).

Resources involved in user creation process

The following resources are involved in the user creation process:

• Default ID numbers stored in etc/security/.ids

• The usr/lib/security/mkuser.sys shell script used to set up a user ID.

• Default values for characteristics stored in usr/lib/security/mkuser.default


IBM Power Systems

Add a user to the system

# smit mkuser

Add a User



[TOP] [Entry Fields]

* User NAME [alex]

User ID [333] #

ADMINISTRATIVE USER? false +

Primary GROUP [] +

Group SET [] +

ADMINISTRATIVE GROUPS [] +

ROLES [] +

Another user can SU TO USER? true +

SU GROUPS [ALL] +

HOME directory []

Initial PROGRAM []

User INFORMATION []

[MORE...32]

Add a User



[TOP] [Entry Fields]

* User NAME [alex]

User ID [333] #


Primary GROUP [] +

Group SET [] +


ROLES [] +


SU GROUPS [ALL] +HOME directory []

Initial PROGRAM []

User INFORMATION []

[MORE...32]

mkuser id=333 alex

7/23/2019 AN121STUD


Student Notebook




• Default values for characteristics stored in /etc/security/user

• The default .profile stored in etc/security/.profile

Some of these resources are discussed further in the material that follows.

The /usr/lib/security/mkuser.default file

The /usr/lib/security/mkuser.default file contains the defaults for the mkuser command.

This file can only be edited by the root user. This file contains the following information:

user:

pgrp = staff

groups = staff

shell = /usr/bin/ksh

home = /home/$USER

admin:

pgrp = system

groups = system

shell = /usr/bin/ksh

home = /home/$USER

The user stanza of this file is picked up if an ordinary user is being added, and the adminstanza is picked up, if an administrative user is being added.

The /etc/security/.ids file

If the user ID is not specified, then a default ID number is chosen from the/etc/security/.ids file. Administrative users are given IDs starting from six, and normalusers are given IDs starting from 200.

The /usr/lib/security/mkuser.sys shell script

The shell script /usr/lib/security/mkuser.sys is run during the user creation process.

This creates the user's home directory and creates the .profile file. This shell script can bemodified to perform any function that is required when setting up the user.

List of user characteristics

The full list of user characteristics contains entries which are not often used. Many of thesefields may be left empty with no ill effect. For the complete list, refer to SMIT (fastpath smit

mkuser).

Setting a password

When a new user is created, the ID is disabled (an asterisk “*” is placed in the password

field of the /etc/passwd file). To enable the ID, a password must be set with the Change a

User’s Password option or the passwd or pwdadm command.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-25. Change / Show Characteristics of a User AN121.1

Notes:

Changing user characteristics

The Change/Show Characteristics of a User option, which runs the chuser

command, allows any of the user characteristics listed previously, except the user name, tobe changed. This can only be executed by root or a member of the security group. Only

root can change an admin user. This SMIT screen holds exactly the same attributes as theAdd a User screen.

The chuser command

The following command can be used to change characteristics of a user:

# chuser attribute=value username


IBM Power Systems

Change/Show characteristics of a user

# smit chuser


[Entry Fields]

* User NAME alex

User ID [333]

#


Primary GROUP [staff] +

Group SET [staff,security] +


ROLES [] +


SU GROUPS [ALL] +

HOME directory [/home/alex]

Initial PROGRAM [/usr/bin/ksh]

User INFORMATION []

EXPIRATION date (MMDDhhmmyy) [0]

Is this user ACCOUNT LOCKED? false +

User can LOGIN? true +

User can LOGIN REMOTELY(rsh,tn,rlogin)? true +

[MORE...48]


[Entry Fields]

* User NAME alex

User ID [333]

#


Primary GROUP [staff] +

Group SET [staff,security] +


ROLES [] +


SU GROUPS [ALL] +

HOME directory [/home/alex]

Initial PROGRAM [/usr/bin/ksh]User INFORMATION []

EXPIRATION date (MMDDhhmmyy) [0]

Is this user ACCOUNT LOCKED? false +

User can LOGIN? true +

User can LOGIN REMOTELY(rsh,tn,rlogin)? true +

[MORE...48]

chuser groups='staff,security' alex

7/23/2019 AN121STUD


Student Notebook




Figure 12-26. Remove a user from the system AN121.1

Notes:

Ways to remove a user

The Remove a User from the System option in SMIT, or the rmuser command, can

be used to remove any user from the system. Only the root user may removeadministrative users.

The -p option of rmuser

The -p option removes authentication information from the /etc/security/* files. Typically,

this information is the user password, as well as other login restrictions which have beenpreviously set for the ID.

Removing the user's files

The user's home directory and associated files are not removed by this option. They must

be removed separately by the administrator. To do this, you can use the -r option on thermbv command to recursively remove files. Remember to back up any important files

before removing the user's home directory.


IBM Power Systems

Remove a user from the system

• The rmuser command or SMIT can be used to delete a user

from the system

• When you remove a user, that user’s home directory is notdeleted. Therefore, you must remember to manually clean upthe directories of users you remove. Remember to back up

important files first!

# rmuser –p team01# rmuser –p team01

# rm -r /home/team01# rm -r /home/team01

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-27. Passwords AN121.1

Notes:

Setting an initial password

When a user ID is created with SMIT or with the mkuser command, the user ID is disabled.

(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or

pwdadm command must be used to set up the initial password for the user.

Entry of passwords (things to be aware of)

When passwords are entered, they are not displayed. When changing a password, the new

password is requested a second time for verification.

The ADMCHG flag

If root or a member of the security group sets the password for a user, the ADMCHG flagis set in the flags field in /etc/security/passwd. The user is then prompted to change the

password at the next login.


IBM Power Systems

Passwords

• A new user ID cannot be used until a password isassigned.

• Two commands for changing passwords:

• SMIT invokes the passwd command for root and thepwdadm if non-root.

• An ordinary user can use the passwd command tochange own password

• Only root or member of security group can changepassword of another user

# pwdadm <username>

OR

# passwd [username]

# pwdadm <username>

OR

# passwd [username]

root or security(group) only

7/23/2019 AN121STUD


Student Notebook




Recovering from a forgotten password

There is no way to examine an existing password on the system. The only way to recoverfrom a forgotten password, is for an administrator or root, to set a new one for the user.

Invocation of passwd command by SMIT

The option Passwords on the Users menu of SMIT uses the passwd command.

Using the passwd command

Ordinary users who use passwd to change their passwords, are first prompted for the oldpassword, and then they are asked twice for a new password. When root uses passwd to

set a user's password, passwd only prompts twice for the new password.

Using the pwdadm command

Members of the security group, can use pwdadm to change the passwords ofnon-administrative accounts. Members of the security group are first prompted to enter

their own password, and then prompted twice to enter the user's new password. The root

user is only prompted twice for the new password.

Users with ADMIN flag set

Only root can change the password for a user who has the ADMIN flag set in

/etc/security/passwd.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-28. Regaining root's password AN121.1

Notes:

If the root password is lost, just follow the steps as shown in the visual.


IBM Power Systems

Regaining root's password

1. Boot from optical media, NIM, or a bootable tape.

2. Select Access a Root Volume Group from theMaintenance menu.

3. Follow the options to activate the root volume group andobtain a shell.

4. Once a shell is available, execute the passwd command tochange root's password.

5. Enter the following command:# sync ; sync

6. Reboot the system.

Maintenance

>>> 1 Access a Root Volume Group


3 Access Advanced Maintenance Functions

4 Erase Disks

Maintenance

>>> 1 Access a Root Volume Group


3 Access Advanced Maintenance Functions

4 Erase Disks

7/23/2019 AN121STUD


Student Notebook




Figure 12-29. SMIT groups AN121.1

Notes:

Purpose of groups

The purpose of groups is to give a common set of users the ability to share files. The

access is controlled using the group set of permission bits.

Group management restrictions

Only root and members of the security group can create groups. root and security groupmembers, can select a member of the group to be the group administrator. This privilege

allows the user to add and remove users from the group.

Predefined groups

There are a number of predefined groups on AIX systems, like the system group (which is

root's group), and the staff group (which contains the ordinary users).


IBM Power Systems

SMIT groups

# smit groups

Groups


List All Groups

Add a Group

Change / Show Characteristics of a Group

Remove a Group

Groups


List All Groups

Add a Group

Change / Show Characteristics of a Group

Remove a Group

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-30. Listing groups AN121.1

Notes:

The lsgroup command

The lsgroup command is used to list all groups, or selected groups, on the system. The

data is presented in line format by default, in colon format (-c), or in stanza format (-f).

Commonly used options of the lsgroup command

The -c option displays the attribute for each group, in colon separated records.

The -f option displays the group attributes in stanza format with each stanza identified by a

group name.


IBM Power Systems

Listing groups

The lsgroup command:

lsgroup [-c | -f] [-a attribute …] {ALL | groupname …}

Example:

# lsgroup –f -a id users ALL

system:

id=0

users=root,esaadmin,pconsole

staff:

id=1

users=ipsec,ted,sshd,alex,local,tyrone,daemon

bin:

id=2

users=root,bin

...

# lsgroup –f -a id users ALL

system:

id=0

users=root,esaadmin,pconsole

staff:

id=1users=ipsec,ted,sshd,alex,local,tyrone,daemon

bin:

id=2

users=root,bin

...

7/23/2019 AN121STUD


Student Notebook




Figure 12-31. Add a Group AN121.1

Notes:

The mkgroup command

The mkgroup command is the command used to create a new group. The group name,

traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 andlater, the maximum name length can be modified to be as large as 255 characters.

Limit on group membership

A user may belong to no more than 32 groups.

The mkgroup/SMIT optionsThe mkgroup -a option is used to indicate that the new group is to be an administrative

group. Only the root user can add administrative groups to the system.

• ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,

ADMINISTRATOR list is a list of members from the USER list that are allowed tochange the characteristics of a group and add or remove members.


IBM Power Systems

Add a Group

# smit mkgroup

Add a Group



[Entry Fields]

* Group NAME [techies]

ADMINISTRATIVE group? false +

Group ID [101] #

USER list [alex,tyrone] +

ADMINISTRATOR list [] +Projects [] +

Initial Keystore Mode [] +

Keystore Encryption Algorithm [] +

Keystore Access [] +

Add a Group



[Entry Fields]



Group ID [101] #

USER list [alex,tyrone] +

ADMINISTRATOR list [] +Projects [] +

Initial Keystore Mode [] +

Keystore Encryption Algorithm [] +


mkgroup -A id=101 users=alex,tyrone techies

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,Projects, for tracking resource usage in the Advanced Accounting subsystem.

The following fields are related to Encrypted File Systems. This topic is outside the scope

of this class. Attend AU47, AIX Security, for training in this area.

• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or othersecurity privileged system users, to reset the user's key store password. Otherwise, if

the user forgets their key store password, they will not be able to access their EncryptedFile System files. If the guard mode is selected, then root cannot reset the user's key

store password.

• Keystore Encryption Algorithm: This option specifies the algorithm for the

user's key, within the key store. This key protects the encrypting key of files the user

creates, within the Encrypted File System.

• Keystore Access: The key store enables the user to utilize files in the Encrypted File

System. The selection of file will create a key store file associated with this user. It isrecommended that file is selected. Select none for no key store to be created. All other

EFS (efs_*) attributes will not have any effect.

7/23/2019 AN121STUD


Student Notebook




Figure 12-32. Change or remove a group AN121.1

Notes:

The chgroup command

The chgroup command is used to change the characteristics of a group. It can only be run

by root or a member of the security group.

Group attributes

The group attributes are:

• Group ID (id=groupid): It is not advisable to change the group ID, but it is occasionally

done immediately after a group has been created to match the ID of a previouslydeleted group, or a specific group ID needed for a particular software package.

• ADMINISTRATIVE group? (admin=true|false): Only the root user can change agroup to be an administrative group, or make changes to an existing administrative

group.

• USER list (users=usernames): This is a comma separated list of the names of all the

members of the group. The group may be their primary group or an additional one.


IBM Power Systems

Change or remove a group

# smit chgroup

Change a Group



[Entry Fields]



Group ID [101] #

USER list [alex,tyrone,ted] +

ADMINISTRATOR list [alex] +

Projects [] +

Initial Keystore Mode [] +Keystore Encryption Algorithm [] +


Change a Group



[Entry Fields]



Group ID [101] #

USER list [alex,tyrone,ted] +

ADMINISTRATOR list [alex] +

Projects [] +

Initial Keystore Mode [] +Keystore Encryption Algorithm [] +


chgroup users=alex,tyrone,ted adms=alex techies

To remove a group: # rmgroup techies

7/23/2019 AN121STUD


Student Notebook




5.2

empty • ADMINISTRATOR list (adms=adminnames): This is the list of group administrators.

• Projects (projects=projectnames): As previously mentioned, this attribute was addedto support the Advanced Accounting subsystem.

The chgrpmem command

The chgrpmem command can be used by any user to change either the administrators, or

the members of a group, for which the user running the command, is a group administrator.The rmgroup command

The rmgroup command is used to remove a group from the system. This command has

no options and the only parameter is the group name. Only the root user can delete anadministrative group.

7/23/2019 AN121STUD


Student Notebook




Figure 12-33. RBAC overview AN121.1

Notes:

There are over 250 built in pre-defined authorizations, such as manage devices, create

WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.

Authorizations are assigned to commands and files which are considered privileged. Byprivileged, we mean that we want to allow them to bypass traditional access controls.

These authorizations are then assigned to roles which, in turn, are assigned to users.Users can then switch roles to perform the necessary administrative actions.

Custom user-defined authorizations and roles can also be created. However, this requires

the kernel security tables to be updated. To do this, execute the setkst command.


IBM Power Systems

RBAC overview

• RBAC configuration is stored within the Kernel Security Tables(KST).

Authorizations

Roles1

2

Operating System

Administration

CreateSystem WPARs

Manage Devices

Roles

Users

User and Group AccountAdministration

SystemAdministrator

Privileged commands and files

System Operator

Command= /usr/sbin/shutdownAuth = aix.system.boot.shutdown

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-34. RBAC defined roles and authorizations AN121.1

Notes:

There are, by default, 10 predefined system roles and 254 authorizations. They can be

listed with the lsrole and lsauth commands respectively.

To list the roles and the assigned authorizations, type:

# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg

Role Definitions:

isso - Information system security officer

The ISSO role is responsible for creating and assigning roles, and is thus the mostpowerful user-defined role on the system. Some of the ISSO responsibilities include:

• Establishing and maintaining security policy

• Setting passwords for users

• Network configuration

• Device administration


IBM Power Systems

RBAC defined roles and authorizations

# lsrole -c -a dfltmsg ALL |grep -v "#name"|grep ":"

AccountAdmin:User and Group Account AdministrationBackupRestore:Backup and Restore Administration

DomainAdmin:Remote Domain Administration

FSAdmin:File System Administration

SecPolicy:Security Policy Administration

SysBoot:System Boot Administration

SysConfig:System Configuration Administration

isso:Information System Security Officer

sa:System Administrator

so:System Operator

# lsrole -c -a dfltmsg ALL |grep -v "#name"|grep ":"

AccountAdmin:User and Group Account Administration

BackupRestore:Backup and Restore Administration

DomainAdmin:Remote Domain Administration

FSAdmin:File System Administration

SecPolicy:Security Policy Administration

SysBoot:System Boot Administration

SysConfig:System Configuration Administration

isso:Information System Security Officer

sa:System Administrator

so:System Operator

# lsauth -f ALL |grep dfltmsg |sed 's:dfltmsg=::g'

Operating System AdministrationDevice Administration

Configure Devices

Configure the Random Device

Configure TTY Devices

Manage Devices

Change Attributes of a Device

…….removed for clarify …

# lsauth -f ALL |grep dfltmsg |sed 's:dfltmsg=::g'

Operating System AdministrationDevice Administration

Configure Devices

Configure the Random Device

Configure TTY Devices

Manage Devices

Change Attributes of a Device

…….removed for clarify …

roles

authorizations

7/23/2019 AN121STUD


Student Notebook




sa - System administrator

The SA role provides the functionality for daily administration and is responsible for:

• User administration (except password setting)

• File system administration

• Software installation update

• Network daemon management

• Device allocation

so - System operator

The SO role provides the functionality for day to day operations and is responsible for:

• System shutdown and reboot

• File system backup, restore, and quotas

• System error logging, trace, and statistics

• Workload administration

AccountAdmin - User and group account administrator

The AccountAdmin role provides the functionality for users and group definitions and is

responsible for:

• Define, modify, and remove users

• Define, modify, and remove groups

BackupRestore - Backup and restore administrator

The BackupRestore role provides the functionality for backup and restore operations for filesystems, using various commands such as:

• cpio, pax, tar, backup and restore

DomainAdmin - Remote domain administrator

The DomainAdmin role provides the functionality for managing network securitymechanisms such as:

• kerberos, ldap, NIS, and PKI

FSAdmin - File system administrator

The FSAdmin role provides the functionality for managing file systems and has the ability

to:

• Create, modify, and remove file systems

• Mount and unmount file systems

• Defrag file systems

• Format file system logs

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Manage file system user quotas

• Create and manage JFS2 snapshots

SecPolicy - Security policy administrator

The SecPolicy role provides the functionality for security administration and is responsible

for most of what the ISSO covers, except for:

• Domain Administration

• System Configuration

SysBoot - System boot administrator

The SysBoot role provides the functionality for system shutdown and booting through thefacilities for:

• halt, shutdown, and reboot

SysConfig - System configuration

The SysConfig role provides the functionality for system configuration and is responsiblefor such components as:

• inittab

• System console

• Kernel extensions

• uname

• Resource sets

• Date and time zone

• Software license management

• Performance tunables

• Diagnostics

7/23/2019 AN121STUD


Student Notebook




Figure 12-35. RBAC (basic) implementation steps AN121.1

Notes:

A key part in implementing RBAC, is planning. Start by making a note of all the

administration tasks which may need to be performed, then allocate them to roles, and

assign the roles to userids.

RBAC is enabled by default in AIX 6, and can be checked with the lsattr command as

shown on the visual.


IBM Power Systems

RBAC (basic) implementation steps

• Steps to configure RBAC

1. Ensure RBAC is enabled (default true, AIX6.1).

2. Plan which predefined administration roles need to be assigned tousers.

3. Assign AIX predefined roles to the relevant users.

• Using chuser command

4. User would then switch to the role and perform the necessaryoperations.

• To switch roles, use swrole command

# lsattr -El sys0 |grep RBAC

enhanced_RBAC true Enhanced RBAC Mode

# lsattr -El sys0 |grep RBAC

enhanced_RBAC true Enhanced RBAC Mode

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-36. RBAC example (1 of 2) AN121.1

Notes:

The visual demonstrates how to provide a user with the capability to start, stop, and reboot

the system.

If you are not sure if the system authorization, aix.system.boot.shutdown , containsthe shutdown command, then the RBAC privileged command file can be checked (stored in

/etc/security), as follows:

/etc/security # grep shutdown privcmds

/usr/sbin/exec_shutdown:

accessauths = aix.system.boot.shutdown

/usr/sbin/shutdown:

accessauths = aix.system.boot.shutdown


IBM Power Systems

RBAC example (1 of 2)

• Example: Let's give permission for user, alex, to start, stop,and reboot the system. – First, find the predefined role.

– Add the ‘SysBoot’ role to user alex.

# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg | \

grep -p shutdown

SysBoot:

authorizations=aix.system.boot.halt,aix.system.boot.info,aix.system.

boot.reboot,aix.system.boot.shutdown

dfltmsg=System Boot Administration

# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg | \

grep -p shutdown

SysBoot:

authorizations=aix.system.boot.halt,aix.system.boot.info,aix.system.

boot.reboot,aix.system.boot.shutdown

dfltmsg=System Boot Administration

# chuser roles=SysBoot alex

# rolelist -u alex

SysBoot System Boot Administration

# chuser roles=SysBoot alex

# rolelist -u alex


Confirm theSysBoot role hasbeen allocated to

user alex.

7/23/2019 AN121STUD


Student Notebook




Figure 12-37. RBAC example (2 of 2) AN121.1

Notes:

The rolelist command provides role and authorization information to the invoker, about

their current roles, or the roles assigned to them.

The swrole command creates a new role session, spawed in a sub shell, with the rolesthat are specified by the role parameter (in this example, SysBoot). To exit the new role sub

shell, type:

# exit rolelist –e or # exit rolelist SysBoot


IBM Power Systems

RBAC example (2 of 2)

– As user, alex, shut down and reboot the system

alex $ rolelistSysBoot System Boot Administration

alex $ rolelist -e

rolelist: There is no active role set

alex $ rolelist -a

SysBoot aix.system.boot.create

aix.system.boot.halt

aix.system.boot.info

aix.system.boot.reboot

aix.system.boot.shutdown

alex $ swrole SysBoot

alex $ alex's Password:

alex $ rolelist -e


alex $ shutdown –Fr

alex $ rolelistSysBoot System Boot Administration

alex $ rolelist -e

rolelist: There is no active role set

alex $ rolelist -a

SysBoot aix.system.boot.create

aix.system.boot.halt

aix.system.boot.info

aix.system.boot.reboot

aix.system.boot.shutdown

alex $ swrole SysBootalex $ alex's Password:

alex $ rolelist -e


alex $ shutdown –Fr

SysBoot role isnow active

Lists the assignedroles

Lists the activeroles

Lists the assignedauthorizations

Switch to roleSysBoot

Perform a systemreboot.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. What is the difference between the commands, pwdadm

and passwd? ___________________________________________

2. Which password change command does SMIT use?

3. True or False: When you delete a user from the system,all the user's files and directories are also deleted.

4. True of False: RBAC is disabled by default on AIX 6.1.

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Topic summary


• Understand the login sequence from a system console• Understand the login initialization process• Add, list, change, and delete users and groups• Set and change passwords

– Recover root password if lost or forgotten

• Understand the key elements of RBAC and configure a simpleRBAC implementation

7/23/2019 AN121STUD


Student Notebook




5.2

empty 12.3. Security files

7/23/2019 AN121STUD


Student Notebook




Figure 12-40. Security files AN121.1

Notes:


IBM Power Systems

Security files


• Identify and understand key security files• Understand how to validate the user environment• Document the system security policy and set-up

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-41. Security files introduction AN121.1

Notes:

Introduction

The security on the system is controlled by a number of ASCII files. Key files are listed

on the visual and briefly described below.

/etc/passwd

The /etc/passwd file lists the valid users, and the user ID, primary group, homedirectory, and default login shell for each of these users.

/etc/groupThe /etc/group file lists the valid groups, their group IDs, and members.

The /etc/security directory

The /etc/passwd and /etc/group files have global read access to all users. A numberof other files control the attributes of users. These files are in the /etc/security directory,

which can only be accessed by root or the security group.


IBM Power Systems

Security files introduction

• Files used to contain user attributes and control access:

– /etc/passwd Valid users (not passwords) – /etc/group Valid groups

– /etc/security Directory not accessibleto normal users

– /etc/security/passwd User passwords

– /etc/security/user User attributes, passwordrestrictions

– /etc/security/group Group attributes

– /etc/security/limits User limits

– /etc/security/environ User environment settings

– /etc/security/login.cfg Console Login settings

7/23/2019 AN121STUD


Student Notebook




/etc/security/passwd

/etc/security/passwd contains the encrypted password and update information forusers.

/etc/security/user

/etc/security/user contains extended user attributes.

/etc/security/group

/etc/security/group contains extended group attributes.

/etc/security/limits

/etc/security/limits contains process resource limits for users.

/etc/security/environ

/etc/security/environ contains environment variables for users. This file is not often

used.

/etc/security/login.cfg/etc/security/login.cfg is a configuration file for the login program. This file containssecurity enhancements that limit the logins on a port, for example, the number of login

attempts and the valid login programs (shells).

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-42. /etc/passwd file AN121.1

Notes:

Role of the /etc/passwd file

The /etc/passwd file lists the users on the system and some of their attributes. This file

must be readable by all users, because commands such as ls access it.

Fields in the /etc/passwd file

The fields in the /etc/passwd file are:

• User name: Up to eight alphanumeric characters (not all uppercase)

• Password: On older UNIX systems, this contained the encrypted password. On AIX, iteither contains an exclamation mark (!) to refer to the /etc/security/passwd file or an

asterisk (*), which means the user has no password assigned.

• UID: The user ID number for the user

• GID: The ID of the primary group to which this user belongs

• Information: Any descriptive text for the user


IBM Power Systems

/etc/passwd file

# cat /etc/passwd

root:!:0:0::/:/usr/bin/ksh

daemon:!:1:1::/etc:

bin:!:2:2::/bin:

sys:!:3:3::/usr/sys:

adm:!:4:4::/var/adm:

uucp:!:5:5::/usr/lib/uucp:

guest:!:100:100::/home/guest:

nobody:!:4294967294:4294967294::/:

pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh

sshd:*:202:201::/var/empty:/usr/bin/kshalex:!:333:1::/home/alex:/usr/bin/ksh

tyrone:!:204:1::/home/tyrone:/usr/bin/ksh

ted:*:205:1::/home/ted:/usr/bin/ksh

# cat /etc/passwd

root:!:0:0::/:/usr/bin/ksh

daemon:!:1:1::/etc:

bin:!:2:2::/bin:

sys:!:3:3::/usr/sys:

adm:!:4:4::/var/adm:

uucp:!:5:5::/usr/lib/uucp:

guest:!:100:100::/home/guest:

nobody:!:4294967294:4294967294::/:

pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh

sshd:*:202:201::/var/empty:/usr/bin/ksh

alex:!:333:1::/home/alex:/usr/bin/ksh

tyrone:!:204:1::/home/tyrone:/usr/bin/ksh

ted:*:205:1::/home/ted:/usr/bin/ksh

! = Passwd is set /etc/security/passwd* = no password set

7/23/2019 AN121STUD


Student Notebook




• Directory: The login directory of the user and the initial value of the $HOME variable

• Login program: Specifies the initial program or shell that is executed, after a userinvokes the login command, or su command

Using index files for better login performance

In AIX, additional files can be created to be used as index files for the /etc/passwd,

/etc/security/passwd, and /etc/security/lastlog files. These index files provide for betterperformance during the login process. Use the mkpasswd -f command to create theindexes. The command mkpasswd -c can be used to check the indexes, and rebuild any

that look suspicious.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-43. /etc/security/passwd file AN121.1

Notes:

Role of the /etc/security/passwd file (commonly referred to as the shadow password

file)

The /etc/security/passwd file contains the encrypted user passwords and can only beaccessed by root. The login, passwd, pwdadm, and pwdck commands, which run with

root authority, update this file. This file is in stanza format with a stanza for each user.

Index files

As previously mentioned, in AIX, additional files can be created to be used as index files for

/etc/security/passwd and some related files. These index files provide for better

performance during the login process. These indexes are created using the mkpasswd

command.

Entries in /etc/security/passwd

Valid entries in /etc/security/passwd are:

• Password: Either the encrypted password asterisk (*) for invalid, or blank for nopassword


IBM Power Systems

/etc/security/passwd file

# cat /etc/security/passwd

root:password = etNKvWlXX5EFk

lastupdate = 1145381446

flags =

daemon:

password = *

bin:

password = *

alex:

password = XAkhucsiyVwAA

lastupdate = 1225381869flags =

tyrone:

password = RWWoFp5iuL.JI


flags = ADMCHG,ADMIN,NOCHECK

# cat /etc/security/passwd

root:password = etNKvWlXX5EFk


flags =

daemon:

password = *

bin:

password = *

alex:

password = XAkhucsiyVwAA

lastupdate = 1225381869flags =

tyrone:

password = RWWoFp5iuL.JI


flags = ADMCHG,ADMIN,NOCHECK

7/23/2019 AN121STUD


Student Notebook




• Lastupdate: The date and time of the last password update in seconds from 1 January1970

• Flags:

- ADMCHG: The password was last changed by an administrator or root.

- ADMIN: The user's password can only be changed by root.

- NOCHECK: Password restrictions are not in force for this user.

See /etc/security/user for password restrictions.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-44. /etc/security/user file AN121.1

Notes:

admin

This attribute defines the administrative status of the user. Possible values: true or false

login

This attribute defines whether a user can login. Possible values: true or false

su

This attribute defines whether other users can switch to this user account. The su

command supports this attribute. Possible values: true or false

daemon

This attribute defines whether the user can execute programs using the system resource

controller (SRC). Possible values: true or false


IBM Power Systems

/etc/security/user file

default:

admin = falselogin = true

su = true

daemon = true

rlogin = true

sugroups = ALL

admgroups =

ttys = ALL

auth1 = SYSTEM

auth2 = NONE

tpath = nosak

umask = 000

expires = 0

SYSTEM = "compat"

logintimes =

pwdwarntime = 0

account_locked = false

loginretries = 0

histexpire = 0

histsize = 0

minage = 0

default:

admin = falselogin = true

su = true

daemon = true

rlogin = true

sugroups = ALL

admgroups =

ttys = ALL

auth1 = SYSTEM

auth2 = NONE

tpath = nosak

umask = 000

expires = 0

SYSTEM = "compat"logintimes =

pwdwarntime = 0


loginretries = 0

histexpire = 0

histsize = 0

minage = 0

* default continued ...

maxage = 0

maxexpired = -1

minalpha = 0

minother = 0

minlen = 0

mindiff = 0

maxrepeats = 8

dictionlist =

pwdchecks =

root:

admin = true

SYSTEM = "compat"

loginretries = 0


registry = files

admgroups =

alex:

admin = false

* default continued ...

maxage = 0

maxexpired = -1

minalpha = 0

minother = 0

minlen = 0

mindiff = 0

maxrepeats = 8

dictionlist =

pwdchecks =

root:

admin = true

SYSTEM = "compat"

loginretries = 0account_locked = false

registry = files

admgroups =

alex:

admin = false

7/23/2019 AN121STUD


Student Notebook




rlogin

This attribute defines whether the user account can be accessed by remote logins. rlogin

and telnet commands support this attribute. Possible values: true or false

sugroups

This attribute defines which groups can switch to this user account. Alternatively, you may

explicitly deny groups by preceding the group name with an exclamation mark (!). Possiblevalues: list of valid groups separated by commas, ALL or *

admgroups

This attribute lists the groups that a user administers. The value is a comma-separated listof valid group names.

ttys

This attribute defines which terminals can access the user account. Alternatively you may

explicitly deny terminals by preceding the terminal name with an exclamation mark (!).Possible values: list of device paths separated by commas, ALL or *

auth1

This attribute defines the primary authentication method for a user. The commands login,

telnet, rlogin, and su, support these authentication methods.

auth2

This attribute defines the secondary authentication methods for a user. It is not a

requirement to pass this method to log in.

tpath

This attribute defines the user's trusted path characteristics. Possible values: nosak, notsh,always or on (For more information refer to the online documentation.)

umask

This attribute defines the default umask for the user. Possible values: 3-digit octal value

expires

This attribute defines the expiration time for the user account. Possible values: a valid datein the form MMDDHHMMYY or 0. If 0, the account does not expire. The 'YY' supports the

last two digits of the years 1939 to 2038. If 0101000070, then the account is disabled.

SYSTEM

This attribute can be used to describe multiple or alternate authentication methods the usermust use successfully, before gaining access to the system. Possible tokens are:

• Files: Allows only local users access to the system

• Compat: The normal login procedure and therefore allows local and NIS users accessto the system

• DCE: The Distributed Computing Environment authentication

7/23/2019 AN121STUD


Student Notebook




5.2

empty logintimes

This attribute defines the times a user can login.

pwdwarntime

This attribute defines the number of days before a forced password change warning

informs the user of the impending password change. Possible values: a positive integer or

0 to disable this featureaccount_locked

This attribute defines whether the account is locked. Locked accounts cannot be used for

login or su. Possible values: true or false

loginretries

This attribute defines the number of invalid login attempts before a user is not allowed tologin. Possible values: a positive integer or 0 to disable this feature

histexpire

This attribute defines the period of time in weeks that a user will not be able to reuse apassword. Possible values: an integer value between 0 and 260. 26 (approximately 6

months) is the recommended value

histsize

This attribute defines the number of previous passwords which cannot be reused. Possiblevalues: an integer between 0 and 50

minage

This attribute defines the minimum number of weeks between password changes. The

default is 0. Possible values: 0 to 52

maxage

This attribute defines the maximum number of weeks a password is valid. The default is 0,

which is equivalent to unlimited. Possible values: 0 to 52

maxexpired

This attribute defines the maximum number of weeks after maxage that an expiredpassword can be changed by a user. The default is -1, which is equivalent to unlimited.

Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to be enforced

(root is exempt from maxexpired)minalpha

This attribute defines the minimum number of alphabetic characters in a password. The

default is 0. Possible values: 0 to 8

minother

This attribute defines the minimum number of non-alphabetic characters in a password.

The default is 0. Possible values: 0 to 8

7/23/2019 AN121STUD


Student Notebook




minlen

This attribute defines the minimum length of a password. The default is 0. Range: 0 to 8

Note that the minimum length of a password is determined by minlen and/or “minalpha +minother”, whichever is greater. “minalpha + minother” should never be greater than 8. If

“minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.

mindiffThis attribute defines the minimum number of characters in the new password that were

not in the old password. The default is 0. Possible values: 0 to 8

maxrepeats

This attribute defines the maximum number of times a given character can appear in apassword. The default is 8, which is equivalent to unlimited. Possible values: 0 to 8

dictionlist

This attribute defines the password dictionaries used when checking new passwords. The

format is a comma separated list of absolute path names to dictionary files. A dictionary filecontains one word per line where each word has no leading or trailing white space. Words

should only contain 7 bit ASCII characters. All dictionary files and directories should bewrite protected from everyone except root. The default is valueless which is equivalent to

no dictionary checking.

pwdchecks

This attribute defines external password restriction methods used when checking new

passwords. The format is a comma separated list of absolute path names to methods ormethod path names relative to /usr/lib. A password restriction method is a program

module that is loaded by the password restrictions code at run time. All passwordrestriction methods and directories should be write protected from everyone except root.

The default is valueless, which is equivalent to no external password restriction methods.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 12-45. Group files AN121.1

Notes:

The /etc/group file

The fields in the /etc/group file are:

• Group: Up to eight alphanumeric characters (not all uppercase)

• Password: This field is not used in AIX and should contain an exclamation mark (!)

• ID: The group ID

• Members: A comma-separated list of the users who belong to this group

The /etc/security/group file

The /etc/security/group file is a stanza file with one stanza for each group. The validentries are:

• admin: Defines whether the group is an administrative group; values are true or false

• adms: A comma-separated list of the users who are administrators for the group

• If admin=true, this stanza is ignored because only root can change an administrative

group.

• projects: A list of project names to be associated with the group


IBM Power Systems

Group files

# cat /etc/group

system:!:0:root,esaadmin,pconsole

staff:!:1:ipsec,sshd,alex,tyrone,tedbin:!:2:root,bin

sys:!:3:root,bin,sys

adm:!:4:bin,adm

uucp:!:5:nuucp,uucp

...

# cat /etc/group

system:!:0:root,esaadmin,pconsole

staff:!:1:ipsec,sshd,alex,tyrone,tedbin:!:2:root,bin

sys:!:3:root,bin,sys

adm:!:4:bin,adm

uucp:!:5:nuucp,uucp

...

# cat /etc/security/group

system:

admin = true

staff:admin = false

bin:

admin = true

...

techies:

admin = false

adms = alex

# cat /etc/security/group

system:

admin = true

staff:admin = false

bin:

admin = true

...

techies:

admin = false

adms = alex

7/23/2019 AN121STUD


Student Notebook




Figure 12-46. /etc/security/login.cfg file AN121.1

Notes:

herald

This attribute specifies the initial message to be printed out when getty or login prompts

for a login name. This value is a string that is written out to the login port. If the herald is notspecified, then the default herald is obtained from the message catalog associated with the

language set in /etc/environment.

logintimes

This attribute defines the times a user can use this port to login.

logindisable

This attribute defines the number of unsuccessful login attempts before this port is locked.Use this in conjunction with logininterval.

logininterval

This attribute defines the number of seconds during which logindisable unsuccessfulattempts must occur before a port is locked.


IBM Power Systems

/etc/security/login.cfg file

default:

herald = "Authorized use only.\n\rlogin:"

logintimes =

logindisable = 0

logininterval = 0

loginreenable = 0

logindelay = 0

* Other security attributes (usw stanza):

usw:

shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh

/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin

/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin

/snappd

maxlogins = 32767

logintimeout = 60

auth_type = STD_AUTH

default:

herald = "Authorized use only.\n\rlogin:"

logintimes =logindisable = 0

logininterval = 0

loginreenable = 0

logindelay = 0

* Other security attributes (usw stanza):

usw:

shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh

/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin

/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin

/snappd

maxlogins = 32767

logintimeout = 60

auth_type = STD_AUTH

7/23/2019 AN121STUD


Student Notebook




5.2

empty loginreenable

This attribute defines the number of minutes after a port is locked, that it automaticallyunlocked.

logindelay

This attribute defines the delay in seconds between unsuccessful login attempts. This

delay is multiplied by the number of unsuccessful logins. Therefore, if the value is two, thenthe delay between unsuccessful logins is two seconds, then four seconds, then sixseconds, and so forth.

Other security attributes (usw stanza):

shells

The list of valid login shells for a user; chuser and chsh will only change a user's login shell

to one of the shells listed here.

maxlogins

This attribute defines the maximum number of simultaneous logins allowed on the system.logintimeout

This attribute defines the number of seconds the user is given to enter their password.

auth_type

This attribute determines whether PAM or the standard UNIX authentication mechanism

will be used by PAM-aware applications. Valid values: STD_AUTH, PAM_AUTH

The chsec command

Changes to the /etc/security/login.cfg file can be done by the command chsec:

# chsec -f /etc/security/login.cfg -s default -a pwdprompt=”Password:”

To reset to the default value:

# chsec -f /etc/security/login.cfg -s default -a pwdprompt=

7/23/2019 AN121STUD


Student Notebook




Figure 12-47. Validating the user environment AN121.1

Notes:

Use of validation commands

The commands listed on the visual can be executed by root or any user in the security

group to clean up after a change to the user configuration. Because they run with rootpermissions, they give administrative users the ability to make necessary changes to the

/etc/security/passwd file in a controlled way, without knowing the root password.

The usrck command

The usrck command verifies the validity of the user definitions in the user database files,by checking the definitions for all the users or for the users specified by the user parameter.

You must select a flag to indicate whether the system should try to fix erroneous attributes.


IBM Power Systems

Validating the user environment

• pwdck verifies the validity of local authentication information:

– pwdck {-n|-p|-t|-y} {ALL | username }

– Verifies that /etc/passwd and /etc/security/passwd are consistentwith each other and with /etc/security/login.cfg and /etc/security/user

• usrck verifies the validity of a user definition:

– usrck {-l|-b|-n|-p|-t|-y} {ALL | username }

– Checks each user name in /etc/passwd, /etc/security/user , /etc/security/limits and /etc/security/passwd

– Checks are made to ensure that each has an entry in /etc/group and /etc/security/group.

• grpck verifies the validity of a group:

– grpck {-n|-p|-t|-y} {ALL | groupname }

– Verifies that the files /etc/passwd, /etc/security/user , /etc/groupand /etc/security/group are consistent

7/23/2019 AN121STUD


Student Notebook




5.2

empty Options for pwdck, usrck, and grpck commands

All the options for pwdck, usrck, and grpck are as follows:

-n Reports errors but does not fix them

-p Fixes errors but does not report them

-t Reports errors and asks if they should be fixed

-y Fixes errors and reports them

Additional options for usrck, are as follows:

-b Reports users who are not able to access the system and the reasons, with the

reasons displayed in a bit-mask format

-l Scans all users or the users specified by the User parameter to determine if theusers can access the system

7/23/2019 AN121STUD


Student Notebook




Figure 12-48. Documenting security policy and setup AN121.1

Notes:

Planning user and group administration

Plan and organize your user and group administration. Every user does not need their own

group. Good planning up front reduces any reorganizing of users and groups later on.

Use of the sticky bit

Always protect your shared directories by setting the sticky bit. Then users will not removeeach other’s files accidentally, or intentionally.


IBM Power Systems

Documenting security policy and setup

• Identify the different types of users and what data they willneed to access.

– Consider using enhanced RBAC with AIX 6.1 to perform systemadministration tasks (as opposed to using root).

• Organize groups around the type of work that is to be done.

• Organize ownership of data to fit with the group structure.

• Set SVTX on shared directories.

• Note: Further topics, such as LDAP, SSH,

trusted execution, encrypted filesystems, aixpert,RBAC (detailed), and IPSec, are covered in the

AIX Security course: AU47GSecurity

Policy andSetup

SecurityPolicy and

Setup

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. If an ordinary user forgets their password, can the system

administrator find out by querying the system as to what theuser's password was set to? ______

Why or why not? _______________________________________

2. True or False: An asterisk “mary:*:” in the second field of the/etc/passwd file, means there is a vaild password set in theshadow password file for user mary.

3. Password restrictions are set in which of the following files?/etc/passwd/etc/security/passwd/etc/security/restrictions/etc/security/user

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Topic summary


• Identify and understand key security files• Understand how to validate the user environment• Document the system security policy and set-up

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Exercise 12

Security and useradministration

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit summary








7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 13. Scheduling 13-1

5.2

empty Unit 13. Scheduling


This unit describes how jobs can be scheduled on the system.



• Understand the role of the cron daemon

• Use crontab files to schedule jobs on a periodic basis• Use the at command to schedule a job or series of jobs at some

time in the future

• Use the batch command to schedule jobs in a queue, to alleviate

immediate system demand


Accountability:


• Exercise

References

Online AIX 6.1 Commands Reference

AIX 6.1 Files Reference

AIX Version 6.1 Operating system and device

management



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives



• Use crontab files to schedule jobs on a periodic basis

• Use the at command to schedule a job or series of jobs at

some time in the future

• Use the batch command to schedule jobs in a queue to

alleviate immediate system demand

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-2. The cron daemon AN121.1

Notes:

Function of the cron daemon

The system process that enables batch jobs to be executed on a timed basis, is the

cron daemon. Many people rely on cron to execute jobs. Jobs are submitted to the

cron daemon in a number of different ways:

• The at and batch facilities are used to submit a job for one-time execution.

• crontab files are used to execute jobs periodically - hourly, daily, weekly.

Starting of cron

The cron process is usually started at system startup by /etc/inittab. It runs constantlyas a daemon. If killed, it is automatically restarted.


IBM Power Systems

The cron daemon

• Responsible for running scheduled jobs

• Starts:

– crontab command events

(regularly scheduled jobs)

– at command events

(one time only execution at specified time)

– batch command events(run when CPU load is low)

7/23/2019 AN121STUD


Student Notebook




Changing how cron event types are handled

The /var/adm/cron/queuedefs file defines how the system handles different cron

daemon event types. The file specifies the maximum number of processes per eventtype to schedule at one time, the nice value of the event type, and how long to wait

before retrying to execute a process. This file is empty as shipped, but can be modifiedto change how the cron daemon handles each event type.

For example, by default, crontab events are inspected every 60 seconds, run at a nice

value of 2 higher than the default, and there may be up to 100 executingsimultaneously.

This may be changed by modifying the /var/adm/cron/queuedefs file.

For example, if crontab jobs were to run at a nice value of 10 higher than the default,

with files inspected every two minutes, and with up to 200 jobs allowed, then thefollowing entry should be made to the file:

c.200j10n120w

| | | || | | wait period (in seconds)

| | |

| | nice value

| |

| jobs

|

cron

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-3. crontab files AN121.1

Notes:

Scheduling a job

The cron daemon starts processes at specified times. It can be used to run regularlyscheduled jobs using files in the /var/spool/cron/crontabs directory, or it can be used

to schedule a command for one-time-only execution using the at command.

The /var/adm/cron/cron.deny file

All users by default have the privilege to set up scheduled jobs to be monitored by cron.This is because the file /var/adm/cron/cron.deny, which denies privileges to users,

exists and is empty. As the administrator, you can restrict access to cron by adding usernames to this text file.


IBM Power Systems

crontab files

• Used to start regularly occurring jobs

• Schedule is defined in:

/var/spool/cron/crontabs/$USER

• Files to control crontab privileges of users:

– /var/adm/cron/cron.deny lists users who cannot usecrontab

– /var/adm/cron/cron.allow lists users who can usecrontab

• An empty cron.deny exists by default.

7/23/2019 AN121STUD


Student Notebook




The /var/adm/cron/cron.allow file

Another file that also restricts users’ privileges, is /var/adm/cron/cron.allow. To use

this file, you should remove the cron.deny file and create the cron.allow file to list theusers that are allowed to use cron. If cron.allow exists and is empty, no user is able to

use cron, that includes root. If both cron.allow and cron.deny exist, then cron.allow is the file that is used. If neither cron.allow nor cron.deny exists, then only root can

use cron.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-4. Format of a crontab file AN121.1

Notes:

Viewing a crontab file

Each user can view their crontab file by using the command crontab -l.

The user’s crontab file contains the schedule of jobs to be run on behalf of that user.There is a separate crontab file for each user of the crontab facility. This file is located

in /var/spool/cron/crontab/$USER.


IBM Power Systems

Format of a crontab file

To view current crontab:

# crontab -l

...

#0 3 * * * /usr/sbin/skulker

#45 2 * * 0 /usr/lib/spell/compress

#45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null0 11 * * * /usr/bin/errclear -d S,O 30

0 12 * * * /usr/bin/errclear -d H 90

0 15 * * * /usr/lib/ras/dumpcheck >/dev/null 2>&1

0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null

...

...

#0 3 * * * /usr/sbin/skulker

#45 2 * * 0 /usr/lib/spell/compress

#45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null0 11 * * * /usr/bin/errclear -d S,O 30

0 12 * * * /usr/bin/errclear -d H 90

0 15 * * * /usr/lib/ras/dumpcheck >/dev/null 2>&1

0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null

...

Format of entries:

minute hour date-of-month month day-of-week command

7/23/2019 AN121STUD


Student Notebook




Format of crontab file entries

The format for the lines in this file is as follows:

minute (0-59)

hour (0-23)

date of the month (1-31)

month of the year (1-12)day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)

command

Fields are separated by spaces or tabs. To indicate a field is always true, use anasterisk (*). To indicate multiple values in a field, use a comma (,). A range can also be

specified by using a hyphen (-).

Examples of crontab entries

Here are some examples of crontab entries:

• To start the backup command at midnight, Monday through Friday:

0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0

• To execute a command called script1 every 15 minutes between 8 a.m. and 5 p.m.,

Monday through Friday:

0,15,30,45 8-17 * * 1-5 /home/team01/script1

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-5. Editing a crontab file AN121.1

Notes:

Creating or updating a crontab file

To schedule a job, you must create a crontab file. The cron daemon keeps the

crontab files in memory, so you cannot update the crontab entries by just modifying

the file on disk.

Using crontab -e to edit the crontab file

To edit the crontab file, one method is to use crontab -e. This opens your crontab filewith the editor set with the EDITOR variable. Edit the file as you normally would any file.

When the file is saved, the cron daemon is automatically refreshed.


IBM Power Systems

Editing a crontab file

• One way to edit a crontab file:

• A safer method:

# crontab -e# crontab -e

# crontab -l > /tmp/crontmp

# vi /tmp/crontmp

# crontab /tmp/crontmp

# crontab -l > /tmp/crontmp

# vi /tmp/crontmp

# crontab /tmp/crontmp

7/23/2019 AN121STUD


Student Notebook




Another method of updating your crontab file

The crontab -l command always shows the crontab file that cron is using on your

behalf. Another method to update the file is to use the command crontab -l >

mycronfile. This command creates a copy of the current crontab file and enables you

to safely edit the mycronfile file without affecting the current crontab file. To submityour changes, use the command: crontab mycronfile. The content of the mycronfile

file replaces the content of your file in the crontab directory, and refreshes the cron daemon, all at once. Now, you also have a backup of the crontab file in mycronfile.

Removing your crontab file

Use the command crontab -r if you would like to remove your current crontab file.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-6. The at and batch commands AN121.1

Notes:

Use of the at command

The at command submits a job for cron to run once, rather than on a recurring basis, ata specified time. It reads the commands to execute from standard input. The at

command mails you all output from standard output and standard error for thescheduled commands, unless you redirect that output.

Examples of keywords or parameters that can be used with at are: noon, midnight, am,

pm, A for am, P for pm, N for noon, M for midnight, today, tomorrow.

The time can be specified as an absolute time or date (for example, 5 pm Friday), orrelative to now (for example, now + 1 minute).

The Bourne shell is used by default to process the commands. If -c is specified the C

shell is run, and if -k is specified the Korn shell is run. If you specify the -m option, at sends you mail to say that the job is complete.


IBM Power Systems

The at and batch commands

• The at command submits a uniquely occurring job to be run

by cron at a specified time.

• The batch command submits a job to be run when the

processor load is sufficiently low.

# at 5 pm Friday

banner hello > /dev/pts/0

<ctrl-d>

job user.time.a will be run at date

# for hosts in lpar50 lpar51 lpar52

do

rsh $host "echo '<<EOF nohup shutdown -Fr' | at now "

done

# at 5 pm Friday

banner hello > /dev/pts/0

<ctrl-d>

job user.time.a will be run at date

# for hosts in lpar50 lpar51 lpar52

do

rsh $host "echo '<<EOF nohup shutdown -Fr' | at now "

done

# batch

banner hello world > /dev/pts/0

<ctrl-d>

# batch

banner hello world > /dev/pts/0

<ctrl-d>

7/23/2019 AN121STUD


Student Notebook




Controlling use of at

The at command can only be used by root unless one of the following files exists:

• /var/adm/cron/at.deny

If this file exists, anybody can use at, except those listed in it. An empty at.deny file

exists by default. Therefore, all users can use at by default.

• /var/adm/cron/at.allow

If this file exists, only users listed in it can use at (root included).

Use of the batch command

The batch command submits a job to be run when the processor load is sufficiently low.

Like the at command, the batch command reads the commands to be run from

standard input and mails you all output from standard output and standard error for thescheduled commands, unless you redirect that output.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 13-7. Controlling at jobs AN121.1

Notes:

Listing at jobs

To list at jobs use the at -l command or the atq command. The root user can look atanother user's at jobs by using the command atq <user >.

Removing at jobs

To cancel anat

job, useat -r

oratrm

followed by the job number. Use the commandatrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root usercan cancel all jobs for another user, using atrm <user >.


IBM Power Systems

Controlling at jobs

• To list at jobs:at -l [user ]

atq [user ]

• To cancel an at job:

at -r job

atrm [job | user ]

• To cancel all your at jobs:

atrm -

# at –l

root.1118077769.a Mon Jun 6 10:09:29 2007

root.1118078393.a Mon Jun 6 10:19:53 2007

test2.1118079063.a Mon Jun 6 10:31:03 2007

# at –l

root.1118077769.a Mon Jun 6 10:09:29 2007

root.1118078393.a Mon Jun 6 10:19:53 2007

test2.1118079063.a Mon Jun 6 10:31:03 2007

# at -r test2.1118079063.a

at file: test2.1118079063.a deleted

# at -r test2.1118079063.a

at file: test2.1118079063.a deleted

7/23/2019 AN121STUD


Student Notebook




Figure 13-8. Documenting scheduling AN121.1

Notes:

Overview

It is important to have correct, up-to-date information regarding your system, in case ofan unexpected system failure.

Maintain as much documentation as possible about all aspects of the system by

following the recommendations we have given throughout the course.


IBM Power Systems

Documenting scheduling

• Have a copy of each user's crontab file

• Have a copy of the /etc/inittab file

Scheduling Records

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. True or False: The at.allow and at.deny files must be used to

specify which users are allowed and denied use of the atcommand.

2. Give a crontab entry that would specify that a job should runevery Thursday at 10 past and 30 minutes past every hour. _____________________________________________

3. How would you schedule a script named myscript, to run 10

minutes from now? _____________________________________________ _____________________________________________ _____________________________________________ _____________________________________________

7/23/2019 AN121STUD


Student Notebook





Notes:

Introduction

This lab gives you the opportunity to schedule jobs using both at and crontab.

The exercise can be found in your Student Exercises Guide .


IBM Power Systems

Exercise 13

Scheduling

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary



• Use crontab files to schedule jobs on a periodicbasis

• Use the at command to schedule a job or series of

jobs at some time in the future

• Use the batch command to schedule jobs in a

queue to alleviate immediate system demand

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 14. TCP/IP networking 14-1

5.2

empty Unit 14.TCP/IP networking


This unit describes the essential TCP/IP and networking concepts

required in order to work with and configure TCP/IP in AIX.



• Define TCP/IP layering terminology • Describe the TCP/IP startup flow on AIX

• Configure Virtual LANs

• Describe IP addressing

• Configure TCP/IP basic functions on AIX • Explain how Ports and Sockets are used • Use standard TCP/IP facilities

• Configure NFS • Set up VNC


Accountability:

• Checkpoint


References


management

System Management Guide: Communications and

Networks



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives

After completing this unit, you should be able to:• Define TCP/IP layering terminology• Describe the TCP/IP startup flow on AIX• Configure Virtual LANs• Describe IP addressing• Configure TCP/IP basic functions on AIX

– IP configuration, routing, aliasing

• Explain how Ports and Sockets are used• Use standard TCP/IP facilities to:

– Log in to another system – Transfer files – Run commands

• Configure NFS• Set up VNC

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-2. What is TCP/IP? AN121.1

Notes:

TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name

is Internet Protocol Suite or IP Stack.

TCP/IP is a set of protocols or rules which define various aspects of how two computers ina network may communicate with each other. A protocol is a set of rules which describes

the mechanisms and data structures involved. Using these definitions, vendors can writesoftware to implement the protocols for particular systems.

There are many different protocols which cover the aspects of addressing hosts in the

network, data representation and encoding, message passing, interprocesscommunications, and application features, such as how to send mail or transfer files across

the network.

Where possible, the protocols are defined independently of any operating system, networkhardware, or machine architecture. In order to implement TCP/IP on a system, interface

software must be written to allow the protocols to use the available communicationshardware.


IBM Power Systems

What is TCP/IP?

- Transmission Control Protocol/Internet Protocol- Set of protocols (rules) which define how computers (hosts)

communicate on a network- Designed for Heterogeneous systems- Supports different network types- Made up of Open Standards

- Request for comments (RFCs)

- Protocol of the Internet, defined in 5 layers

7/23/2019 AN121STUD


Student Notebook




This means that heterogeneous environments can be created where machines fromdifferent manufacturers can be connected together, and different types of networks can be

interconnected.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-3. TCP/IP layering AN121.1

Notes:

The TCP/IP protocol suite consists of lots of different protocols, which are described in

many thousands of RFCs. Most of these protocols and RFCs are either application specific

(such as RFC 959, which describes the FTP protocol), or describe how data should betransferred over a specific architecture (such as RFC 894, which describes IP over

Ethernet). For now, it is important to understand the working and interdependency of only afew core protocols. Since these protocols are built on top of each other, where one protocol

uses another protocol to get things done, the interdependency is almost as important asunderstanding each protocol independently.

From top to bottom we find the following protocols:

• Applications use either the User Datagram Protocol (UDP) or the Transmission

Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to

the right process, and make use of IP to arrange delivery to the right host. Thedifference between UDP and TCP is that TCP implements a mechanism of

acknowledgements, whereby reliability can be guaranteed. UDP does not have such amechanism, making UDP less reliable.


IBM Power Systems

TCP/IP layering

Physical

TCPReliable delivery to

correct program

SNMP FTP DNS DHCP VNC

SSH SMTP NFS LDAP MAIL

IP IPsec ICMP

Application

Transport

Networkinterface

Internet

Application

Presentation

Transport

Session

Network

Physical

Data Link

OSI 7 layer

modelTCP/IP layer model

UDPUnreliable delivery to

correct program

LAN(Ethernet, FDDI, ....)

Examples:

1000Base-TX/SX/LX

IEEE 802.11x

WAN(ATM, Leased lines, ....)

Examples:

SONET

T/ E -carrier links

xDSL

Medium (connectors, cabling, distance)

- Router

- Layer 3 switch

- Firewall

- Switch

- Bridge

- NIC

- NIC

- Repeater

- Layer 7 switch

Commonnetwork

devices

7/23/2019 AN121STUD


Student Notebook




• The Internet layer is responsible for end-to-end (source to destination) packet deliveryincluding routing through intermediate hosts. Internet Control Message Protocol

(ICMP) messages are typically generated in response to errors in IP datagrams or fordiagnostic or routing purposes. The IPsec protocol is responsible for securing Internet

Protocol (IP) communications by authenticating and encrypting each IP packet of a datastream.

• The Network interface is the protocol layer which transfers data between hosts. Inorder to do this, a physical medium is required such as copper or fiber and hence thenetwork interface and physical layers are closely related.

Common network devices

• Repeater. A repeater is an electronic device that receives a signal and retransmits

them at a higher level, higher power or both, so that the signal can cover longerdistances without degradation. Because repeaters work with the actual physical signal,

and do not attempt to interpret the data being transmitted, they operate on the Physicallayer, the first layer of the OSI model.

• Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allowcomputers to communicate over a computer network. It is both a layer 1 (physical layer)

and layer 2 (data link layer) device, as it provides physical access to a networkingmedium and provides a low-level addressing system through the use of MAC

addresses.

• Bridge. A bridge is a hardware device for linking two networks that work with the sameprotocol. Unlike a repeater, which works at the physical level, a bridge works at the

logical level (on layer 2), which means that it can filter frames so that it only lets pastdata whose destination address corresponds to a machine located on the other side of

the bridge. • Switch. A network switch is a device that connects network segments. The term

commonly refers to a network bridge that processes and routes data at the Data link

layer (layer 2) of the OSI model.

- Layer 3. Switches that additionally process data at the network layer (layer 3 andabove), are often referred to as Layer 3 switches or multi-layer switches. A layer 3

switch can perform some or all of the functions normally performed by a router.

- Layer 4. Layer 4 switches process data a the transport layer and are alwaysvendor-dependent. An example of a layer 4 switch, is a Firewall which performs

transport layer function such as: Network Address Translation (NAT), IP filtering andpacket encryption/decryption.

- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the

application layer of the OSI model), can redirect data based on advancedapplication data contained in the data packets, for example, an awareness of the

type of the file being sent by FTP. For this reason, a layer 7 switch can be used forload balancing, by routing the incoming data flow to the most appropriate servers,

which have a lower load or are responding more quickly.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-4. TCP/IP start-up flow AN121.1

Notes:

TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the

second phase processing which will in turn initialize the network interfaces and set up

routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip script. This script can be edited directly to comment or uncomment subsystem startup. The

inetd daemon is responsible for loading network programs upon request, such as ftp, telnetetc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based

applications such as NFS, NIM, HACMP, can be started.


IBM Power Systems

TCP/IP start-up flow

Run time init

Partition Activation

/sbin/rc.boot calls cfgmgr

/etc/rc.tcpip

/etc/rc.nfs

Process /etc/rc.net

Starts TCP/IP subsystemssyslogdsnmpd

sendmailportmap

Inetd /etc/inetd.conf Login

Process /etc/inittab

7/23/2019 AN121STUD


Student Notebook




Figure 14-5. Ethernet adapters AN121.1

Notes:

Brief history of Ethernet

The original Ethernet is called Experimental Ethernet today. It was developed by Robert

Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. Thefirst Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was

derived from Experimental Ethernet. Today, there are many different standards, under theumbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for

all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).

For further information see http://www.ieee802.org/3 Ethernet adapter support on AIX

• TX 10/100/1000Mb up to 100m using traditional copper

• SX 1000Mb up to 550m using multi-mode fiber

• LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)

• SR (short range) 10Gb up to 300m using multi-mode fiber


IBM Power Systems

Ethernet adapters

• Many types supported on AIX – Traditional copper (TX). – Single-mode and multi-mode fiber (SX, LX, SR, LR)

• Each adapter (entX) has two interfaces (enX and etX). – enX interface, uses the ‘standard DIX’ ethernet frame format

• Originally designed by Digital, Intel and Xerox

– etX interface, uses IEEE802.3 frame format, (same as DIX exceptType field is replaced by Length)

# lsdev -Cl ent0

ent0 Available 01-08 10/100/1000 Base-TX PCI-X Adapter

# lscfg -v -l ent0 |grep Network

Network Address.............001125BF9018

# lsdev -Cc if

en0 Available 01-08 Standard Ethernet Network Interface

et0 Defined 01-08 IEEE 802.3 Ethernet Network Interface

# lsdev -Cl ent0

ent0 Available 01-08 10/100/1000 Base-TX PCI-X Adapter

# lscfg -v -l ent0 |grep Network

Network Address.............001125BF9018

# lsdev -Cc if

en0 Available 01-08 Standard Ethernet Network Interface

et0 Defined 01-08 IEEE 802.3 Ethernet Network Interface

Adapter Card ent0Layer 1 and 2 physical device

Interface en0 and et0

Layer three logical devices

IP addresses areassigned to the

interfaces. In thiscase, en0.

MACAddress

7/23/2019 AN121STUD


Student Notebook




5.2

empty • LR (long range) 10Gb up to 25km using single-mode fiber

In virtually all cases, on AIX you will configure the en (DIX) interface, et interfaces are rarely(if at all) used.

Note: Fiber versus Fibre. When talking about networks and Fiber it is important to know

when to use the correct spelling. Fiber refers to the medium (wire), whereas Fibre refers tothe protocol, as in, Fibre channel.

7/23/2019 AN121STUD


Student Notebook




Figure 14-6. Virtual LAN AN121.1

Notes:

Virtual LAN (VLAN)

VLANs are used to divide networks into smaller, more manageable chunks. This helps to

reduce the size of the broadcast domain and helps with security through isolation. IEEE802.1Q is the standard for VLANs. It aims to:

• Define an architecture to logically partition bridged LANs and provide services to

defined user groups, independent of physical location.

• Allow interoperability between multivendor equipment.


IBM Power Systems

Virtual LAN

• VLANs divide physical networks into logical networks. – To form smaller more manageable sub-networks – Provide greater flexibility – Aides performance and security through isolation – Ports in a VLAN share broadcast traffic and belong to the same

broadcast domain.

• The industry standard VLAN protocol is IEEE 802.1Q.

VLAN 1

VLAN 2

Trunk Building 2Building 1

Broadcastdomain

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-7. IEEE 802.1Q VLAN tagging (1 of 2) AN121.1

Notes:

802.1Q VLAN

In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet

carries a VLAN ID, called a Tag . This allows VLANs to be configured across multipleswitches. Packets can leave the switch tagged or untagged, depending on the setting for

that port's VLAN membership properties. When using 802.1Q, four bytes are added to theEthernet frame, of which 12 bits are used for the VLAN ID. Theoretically, there can be up to

4096 VLANs per network.


IBM Power Systems

IEEE 802.1Q VLAN tagging (1 of 2)

• VLANs are created by assigning a VLAN ID (VID) to switchports

• By default, all switch ports are assigned a default VLAN ID,referred to as a PVID (Port VLAN ID)

• When an untagged packet enters a port it will be automaticallytagged with the port’s PVID.

• The packet can only travel to a destination port which belongsto the same VLAN group.

• Ports can belong to multiple VLAN groups.• Packets can either leave the switch port tagged or untagged.

7/23/2019 AN121STUD


Student Notebook




Figure 14-8. IEEE 802.1Q VLAN tagging (2 of 2) AN121.1

Notes:

AIX implementation supports the IEEE 802.1Q VLAN tagging standard, with the capability

to support multiple VLAN IDs running on Ethernet adapters. Each VLAN ID is associated

with a separate Ethernet interface to the upper layers (for example, IP), which createsunique logical Ethernet adapter instances per VLAN, for example, ent1, ent2, and so on.

For example, you may only have one physical Ethernet adapter on the system, but want tocreate multiple networks.


IBM Power Systems

IEEE 802.1Q VLAN tagging (2 of 2)

ent0ent1 VLAN 1 network Aent2 VLAN 2 network Bent3 VLAN 3 network C

Network

• Packets can also be tagged by the operating system, in thiscase from AIX. – This is useful if you want to create multiple networks from a single

Ethernet adapter.

• A host tagged packets, if permitted, are unaffected by the

PVID setting.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-9. VLAN group example AN121.1

Notes:

The example in the visual shows three VLANs split across three Ethernet switches. VLANs

100 and 200 are used to segregate hosts and users from the finance and sales groups

respectively.


IBM Power Systems

VLAN group example

• VLAN 100 is used by the finance group.• VLAN 200 is used by the sales group.

Trunk LinkTrunk Link

7/23/2019 AN121STUD


Student Notebook




Figure 14-10. AIX VLAN tagging AN121.1

Notes:

Use smit addvlan fast path to configure VLANs. Start by selecting a base adapter, which

will be used to send the packets, and assign a VLAN tag. Optionally, you can also specify a

priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are createdusing the same base adapter. You can specify a value from 0-7, where 0 is the default

priority, 1 is the highest, and then in increasing numerical order from 2 through 7.

After you have configured a VLAN, configure the IP interface (for example, en2) for

standard Ethernet.


IBM Power Systems

AIX VLAN tagging

• To assign a VLAN ID in AIX, a VLAN adapter must be created. – Go to smit addvlan, and select a base Ethernet adapter.

Available Network Adapters

Move cursor to desired item and press Enter. Use arrow keys to scroll.


ent0 Available 01-08 10/100/1000 Base-TX PCI-X Adapter (14106902)

Available Network Adapters

Move cursor to desired item and press Enter. Use arrow keys to scroll.



Add A VLAN

[Entry Fields]

VLAN Base Adapter ent1

* VLAN Tag ID [33] +#

VLAN Priority [] +#

Add A VLAN

[Entry Fields]

VLAN Base Adapter ent1

* VLAN Tag ID [33] +#

VLAN Priority [] +#

# lsdev -Cc adapter



ent2 Available VLAN

# lsdev -Cc adapter



ent2 Available VLAN

Packets which getsent from adapter

ent2, are senttagged (33) out of

ent1.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-11. IP and subnet addressing (1 of 2) AN121.1

Notes:

In order to be able to deliver the IP packet to the correct destination host, every host needs

an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,

the IP address is not written in its binary form, but in the so-called “decimal dot” notation,where the 32 bits are grouped into four groups of eight bits each, and those eight bits are

written in decimal form, separated with dots. The subnet mask allows us to identify the twokey pieces of information in the IP address. The address of the network and the host

identification (host ID).

Several addresses and address ranges are reserved for special purposes. The mostimportant ones are listed here:

• The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for theloopback address. Hosts use the loopback address to send messages to themselves.

• Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an

identification for the network itself. It is not a valid IP address to be assigned to a host.


IBM Power Systems

IP and subnet addressing (1 of 2)

• Each host on a network has an assigned unique IP addressand associated subnet mask. – 32 bits, divided into four octets

– The network address = 129.33.0.0 (129.33/16) – The broadcast address = 129.33.255.255 – The first host on the network = 129.33.0.1 – The last host on the network = 129.33.255.254

• Every TCP/IP host contains a special address called theloopback which is assigned an address of 127.0.0.1.

10000001 00100001 10010111 00000111

11111111 11111111 00000000 00000000

129 . 33 . 151 . 7

255 . 255 . 0 . 0

Network identification Host identification

/16

7/23/2019 AN121STUD


Student Notebook




• Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved asthe local broadcast address. Data sent to this address is delivered to all systems on the

local network.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-12. IP and subnet addressing (1 of 2) AN121.1

Notes:

IP addresses need to be assigned in such a way that they are unique across the whole

Internet. That is why there is a special organization that does this. This is the Internet

Assigned Number Authority, or IANA. They are responsible for assigning groups ofaddresses, called classes , to organizations. They do not do this directly, but have

contracted out that responsibility to the InterNIC (http://www.internic.net), who in turndelegates this to local ISPs.

In additional to classes A to C, there are also classes D and E. Class D addresses are

reserved for multicasting. Multicasting is a limited area type of broadcasting. There is nonetwork or host portion in a multicast address. It is an integer number registered with theInterNIC that identifies a group of machines. Class E, is for experimental use only.

Class A and B addresses contain lots of hosts, and therefore, need to be broken down into

smaller more manageable chunks. This is achieved through a process known assubnetting. On the other hand, class C addresses contain very few hosts, which can also

be subnetted into smaller chunks, but very often need to be aggregated together to formlarger networks. This is achieved through a process known as supernetting.


IBM Power Systems

IP and subnet addressing (1 of 2)

• Network addresses by default are divided into classes:

Class Default subnet mask Range No. of networks No. of hosts A 255.0.0.0 (/8) 1-127 128 16.7 millionB 255.255.0.0 (/16) 128-191 16384 65534C 255.255.255.0 (/24) 192-223 2.1 Million 254

• Network assignment is managed by the IANA (Internet Assigned Numbers Authority) through ISPs. – Network addresses are generally, either broken up and assigned to

physical networks (subnetting), or aggregated together (supernetting). – This is achieved by manipulating the subnet mask.

7/23/2019 AN121STUD


Student Notebook




Figure 14-13. Subnetting example AN121.1

Notes:

The default subnet mask for a class B network is 255.255.0.0. This translates to one

network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often

have hundreds, if not thousands of physical networks split across both local andgeographically dispersed locations. The only way to do this is to split the network address

into more manageable chunks. This is achieved by borrowing bits from the host ID andusing them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical

networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have tosubtract two from the number of hosts, because all zeros are reserved for the network and

all ones are reserved for the broadcast address.


IBM Power Systems

Subnetting example

• Company bigbucks.com has acquired the class B network address of 129.33.0.0. They need to spilt the address range so they can have up to

128 physical networks and up to 510 hosts per network.

10000001 00100001 0000000 0 00000000

11111111 11111111 1111111 0 00000000

129 . 33 . 0 . 0

255 . 255 . 254 . 0

Network identification Host identification

/23

Assigned by thisorganization to thenetwork

The number of possiblephysical (sub) networks

is:2^7 = 128.

The number of hosts pernetwork is:

(2^9)-2 = 510.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-14. Supernetting example AN121.1

Notes:

Having four class C addresses is four physical networks each with up to 254 hosts. Each

network would require a router to route packets between them. Supernetting is the

opposite to subnetting and borrows bits from the network portion of the IP address. In theexample, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to

255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part ofthe 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.


IBM Power Systems

Supernetting example

• Company losechange.com has acquired four class C networkaddresses: 222.180.108.0 through to 222.180.111.0. However, they

would like to aggregate these networks together to form one globalnetwork.

11111100 10110100 011011 00 00000000

11111111 11111111 111111 00 00000000

222 . 180 . 108 . 0

255 . 255 . 252 . 0

Network identificationHost identification

/22

One class C networkNetwork address =

222.180.108.0/22The number of hosts

(2^10)-2 = 1022

7/23/2019 AN121STUD


Student Notebook




Figure 14-15. How is TCP/IP configured on AIX? (1 of 2) AN121.1

Notes:

AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the

system. The essential items you will require are:

• Hostname of the machine

• IP address and network mask

• Interface to be configured

Desirable items are:

• Default Gateway for the environment

• DNS parameters (namserver and domain name)This information populates the /etc/resolv.conf file, as follows:

nameserver 10.47.1.33domain lpar.co.uk

Cable type is generally not required and can be left as N/A. Start now will refresh or start,

the TCP/IP subsystems. Note: they should already be running!


IBM Power Systems

How is TCP/IP configured on AIX? (1 of 2)

• There are many ways. However, in most cases you start withsmit mktcpip.

Minimum Configuration & Startup

To Delete existing configuration data, please use Further Configuration menus



[Entry Fields]

* HOSTNAME [waldorf]

* Internet ADDRESS (dotted decimal) [10.47.1.18]

Network MASK (dotted decimal) [255.255.0.0]

* Network INTERFACE en0

NAMESERVERInternet ADDRESS (dotted decimal) [10.47.1.33]

DOMAIN Name [lpar.co.uk]

Default Gateway

Address (dotted decimal or symbolic name) [10.47.0.1]

Cost [0] #

Do Active Dead Gateway Detection? no +

Your CABLE Type N/A +

START Now no +

Minimum Configuration & Startup

To Delete existing configuration data, please use Further Configuration menus



[Entry Fields]

* HOSTNAME [waldorf]

* Internet ADDRESS (dotted decimal) [10.47.1.18]

Network MASK (dotted decimal) [255.255.0.0]

* Network INTERFACE en0

NAMESERVER

Internet ADDRESS (dotted decimal) [10.47.1.33]DOMAIN Name [lpar.co.uk]

Default Gateway

Address (dotted decimal or symbolic name) [10.47.0.1]

Cost [0] #

Do Active Dead Gateway Detection? no +

Your CABLE Type N/A +

START Now no +

A one stop shop forTCP/IP config on

AIX.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-16. How is TCP/IP configured on AIX? (2 of 2) AN121.1

Notes:

If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be

used. All fields are optional, but essential items are:

• IP address and network mask

• Interface to be configured

• State of the interface, default is DOWN – so do not forget to switch this to UP – this is avery common configuration error.

The network specific options are beyond the scope of this class.


IBM Power Systems

How is TCP/IP configured on AIX? (2 of 2)

• smit tcpip should only be used for the first adapter. In a multi-homed host, subsequent adapters should be configured withsmit chinet.

Change / Show a Standard Ethernet Interface

[Entry Fields]

Network Interface Name en1

INTERNET ADDRESS (dotted decimal) [192.168.0.1]

Network MASK (hexadecimal or dotted decimal) [255.255.255.0]

Current STATE up +

Use Address Resolution Protocol (ARP)? yes +

BROADCAST ADDRESS (dotted decimal) []

Interface Specific Network Options('NULL' will unset the option)

rfc1323 []

tcp_mssdflt []

tcp_nodelay []

tcp_recvspace []

tcp_sendspace []

Apply change to DATABASE only no +

Change / Show a Standard Ethernet Interface

[Entry Fields]

Network Interface Name en1

INTERNET ADDRESS (dotted decimal) [192.168.0.1]

Network MASK (hexadecimal or dotted decimal) [255.255.255.0]

Current STATE up +

Use Address Resolution Protocol (ARP)? yes +

BROADCAST ADDRESS (dotted decimal) []

Interface Specific Network Options

('NULL' will unset the option)

rfc1323 []

tcp_mssdflt []

tcp_nodelay []

tcp_recvspace []

tcp_sendspace []

Apply change to DATABASE only no +

7/23/2019 AN121STUD


Student Notebook




Figure 14-17. Command line TCP/IP configuration AN121.1

Notes:

As well as SMIT, TCP/IP configuration can be driven from the command line. There are two

ways to handle this:

• The AIX way, in which configuration is stored in the AIX internal database (ODM). Thisway, the configuration remains after shutdown/restart.

• The traditional BSD UNIX way. This way configuration does not survive restarts unless

the commands are entered into the /etc/rc.net file.

The /etc/rc.net file is executed by cfgmgr during system boot. The /etc/rc.net fileconfigures AIX style configuration and optionally traditional BSD UNIX configuration. If only

traditional BSD style networking is required, then the following command can be run: #

chdev -l inet0 -a bootup_option=yes. Doing this, causes AIX to process the

/etc/rc.bsdnet instead of rc.net file at boot time. Commands such as hostname, ifconfig,route etc should be appended to /etc/rc.bsdnet as appropriate.


IBM Power Systems

Command line TCP/IP configuration

• There are two ways to configure network resources: – AIX ODM (chdev or SMIT) – Directly, using BSD UNIX commands: hostname, ifconfig, route

(valid until reboot)

• Setting the hostname – ODM: # chdev –l inet0 –a hostname=sys1

– Directly: # hostname sys1

• Adding an IP address to an adapter – ODM: # chdev -l en0 -a netaddr=192.168.0.1 –a \

netmask=255.255.255.0 -a state=up

– Directly: # ifconfig en0 192.168.0.1 255.255.255.0 up• If the direct method is used, place the commands at the end

of: – /etc/rc.net

or – /etc/bsdnet (if inet0 bootup_option=yes)

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-18. Verifying network interfaces AN121.1

Notes:

The netstat –i command shows the state of all configured interfaces. The –n flag shows

network addresses as numbers. When this flag is not specified, the netstat command

interprets addresses, where possible, and displays them symbolically.

The ifconfig –a command is used to display information about all interfaces in the system.

The key flags are UP and RUNNING, which show the interface is available and active.


IBM Power Systems

Verifying network interfaces

• netstat

• ifconfig

# netstat -inName Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll

en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0

en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0

lo0 16896 link#1 1201 0 1214 0 0

lo0 16896 127 localhost 1201 0 1214 0 0

lo0 16896 ::1 0 1201 0 1214 0 0

# netstat -in

Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs Coll

en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0

en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0

lo0 16896 link#1 1201 0 1214 0 0

lo0 16896 127 localhost 1201 0 1214 0 0

lo0 16896 ::1 0 1201 0 1214 0 0

# ifconfig -a

en0:flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK

SUM_OFFLOAD(ACTIVE),CHAIN>

inet 10.47.1.23 netmask 0xffff0000 broadcast 10.47.255.255

tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1

lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>

inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255

inet6 ::1/0


# ifconfig -a

en0: flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECK

SUM_OFFLOAD(ACTIVE),CHAIN>



lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>


inet6 ::1/0


7/23/2019 AN121STUD


Student Notebook




Figure 14-19. Name resolution AN121.1

Notes:

Systems use different methods for mapping host names to IP addresses. The method

depends upon the environment in which a system is going to participate.

• Flat Network: This method provides name resolution through the file /etc/hosts andworks well in small, stable environments.

• DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in atree like database structure. It was created due to the growth of the Internet and

designed for large networks.

• NIS Server (Network Information System): This method provides a centralized serverfor administration of configuration, and other files, within a LAN environment.

• LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol

for querying and modifying directory services running over TCP/IP. Tivoli DirectoryServer (TDS) is IBM's version of an LDAP server


IBM Power Systems

Name resolution

• Name resolution can be achieved through severalmechanisms: local hosts file, DNS, NIS, and LDAP.

• Local /etc/hosts file:

• The default name resolution order is: – bind (DNS), NIS=auth, local

• To change the default order to local then bind: – Append to /etc/netsvc.conf

• hosts = local, bind

– Set environment variable NSORDER in /etc/environment• NSORDER=local,bind• Change is effective at next login or process start• NSORDER overrides /etc/netsvc.conf

127.0.0.1 loopback localhost

10.10.1.1 system1 nimserver

10.10.1.2 system2

10.10.1.3 system3

127.0.0.1 loopback localhost

10.10.1.1 system1 nimserver

10.10.1.2 system2

10.10.1.3 system3

7/23/2019 AN121STUD


Student Notebook




5.2

empty Default Name resolution

The existence of /etc/resolv.conf determines how a system resolves hostnames and IPaddresses within a domain or flat network.

• If /etc/resolv.conf exists, then the system will attempt to query a DNS server.

• If /etc/resolv.conf does not exist, the system will check to see if NIS is being used and

if the server is available. NIS is authoritative. This means, that if the NIS clientsubsystem is running, and it is not successful in obtaining an answer, then the processstops.

• Finally, the local /etc/hosts file is checked.

Overriding the default name resolution

The default Name resolution can be overwritten in two ways:

• Append to the /etc/netsvc.conf file and specify host ordering. Use the hosts attribute

followed by the name of the resource to use. The resources listed depend on whatname resolution processes are running on the network.

• Create an environment variable NSORDER. NSORDER overrides any name resolution

specified in the /etc/netsvc.conf file.

7/23/2019 AN121STUD


Student Notebook




Figure 14-20. Routing implementation (1 of 2) AN121.1

Notes:

A route does not define the complete path. It defines only the path segment from one host

to a gateway that can forward packets to a destination, or from one gateway to another.

Routes are defined in the kernel routing table. Each routing table entry has twocomponents:

• Destination address, where you want to end up

• Gateway address, where the packet gets sent on its way to its final destination

TCP/IP searches the route table for a best match on the destination in the following order:

• A host route. defines a route to a specific host. The routing IP algorithm still sees ahost address as a network; it is simply a perfect match.

• A network route. defines a route to any of the hosts on a specific network through a

gateway.

• A default route. defines a route to use when the destination did not match any host

route or network specific route. In most hosts, the only type of route the administratorneeds to define is a default route, also known as the default gateway.


IBM Power Systems

Routing implementation (1 of 2)

9.19.99.17

sys17

sys13

sys11

sys11e

9.19.99.13

9.19.99.20

9.19.98.11

9.19.99.11

sys1

sys5

sys10

9.19.98.1

9.19.98.5

9.19.98.10

destinationaddress

deliver viagateway

9.19.98.1 9.19.99.11

9.19.98/24 9.19.99.11

default 9.19.99.20

sys20

sys20e

Internet

152.64.10.1

default router

subnet mask

255.255.0.0

(/16)

subnet mask

255.255.255.0(/24)

Host Route

Network Route

Default Route

7/23/2019 AN121STUD


Student Notebook




5.2

empty Hosts should not forward IP datagrams unless specifically configured as a router. MostBSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is

used to control this behavior. The no command is used to view or change the value ofipforwarding.

To change it: # no -o ipforwarding=<value>

The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).

7/23/2019 AN121STUD


Student Notebook




Figure 14-21. Routing implementation (2 of 2) AN121.1

Notes:

Routes can also be manipulated through SMIT (smit route). See the route man page for

further details.


IBM Power Systems

Routing implementation (2 of 2)

• Route syntax: route [add/delete/change] [destination] [gateway] – Add a default gateway

– Add a host or network route

– Delete a host route

– Empty or flush the routing table

– Configure an AIX host as a router

# route add 0 9.19.99.20# route add 0 9.19.99.20

# route add 9.19.98.1 9.19.99.11

# route add –net 9.19.98 9.19.99.11

# route add 9.19.98.1 9.19.99.11

# route add –net 9.19.98 9.19.99.11

# route delete 9.19.98.1 9.19.99.11# route delete 9.19.98.1 9.19.99.11

# route -f# route -f

# no –o ipforwarding=1# no –o ipforwarding=1

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-22. Multipath routing AN121.1

Notes:

From AIX5L, multiple routes can be configured to the same destination. This configuration

is known as multipath routing (MPR). MPR allows us to load balance between gateways or

prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection(DGD). This enables the system to dynamically change the weight on a route if a router has

failed. There are two methods of DGD, active and passive. The passive mode has lessoverhead on the network, but can be slow to respond to an outage. Active has more

overhead on the network but is more responsive to an outage, because icmp (ping)packets are used to periodically poll/detect if a router is up or down. Active DGD is

deployed by using the –active_dgd option on the route command.

The default MPR policy is Weighted Round-Robin which will load balance by default. This

is defined by the network option mpr_policy. There are 5 policies to choose from:

• Weighted Round-Robin (1): Based on user-configured weights assigned to the multipleroutes, through the route command, round-robin is applied. If no weights are

configured, then it behaves identical to plain round-robin.

• Random (2): Chooses a route at random.


IBM Power Systems

Multipath routing

• AIX will allow you to add multiple routes to the samedestination. It is known as MPR (multipath routing). – This is for load balancing and high availability.

# route add 0 10.47.0.1 weight 1 –active_dgd

# route add 0 10.47.0.254 weight 10 –active_dgd

# route add 0 10.47.0.1 –weight 1 –active_dgd

# route add 0 10.47.0.254 –weight 1 –active_dgd

Default Router110.47.0.1


Host10.47.1.18

Primary

Backup



Host10.47.1.18

Primary

Primary

1

1

2

2

7/23/2019 AN121STUD


Student Notebook




• Weighted Random (3): Chooses a route based on user-configured weights and arandomization routine. The policy adds up the weights of all the routes and picks a

random number between zero and the total weight. Each of the individual weights areremoved from the total weight, until this number is zero. This picks a route in the range

of the total number of routes available.

• Lowest Utilization (4): Chooses a route with the minimum number of current

connections going through it.

• Hash-based (5): A hash-based algorithm chooses a route by hashing based on the

destination IP address.

To change the MPR policy type: # no –o mpr_policy=<number>

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-23. Additional configuration, IP aliasing AN121.1

Notes:

IP aliasing is used widely in clustering technologies (such as HACMP), and in WPARs. It is

very useful if the network is being transitioned to another IP subnet or network range.


IBM Power Systems

Additional configuration, IP aliasing

• IP aliasing is a popular function which allows multiple IPaddresses to be assigned to a single IP interface.

• This technology is popular with clustering technologies, suchas PowerHA (HACMP).

# netstat -in -I en1 | grep –v link

Name Mtu Network Address ZoneID Ipkts Ierrs Opkts Oerrs

en1 1500 192.168.0 192.168.0.1 0 0 6 0

# ifconfig en1 alias 172.31.0.1 255.255.0.0




en1 1500 192.168.0 192.168.0.1 0 0 7 0

en1 1500 172.31 172.31.0.1 0 0 7 0

en1 1500 10 10.47.33.33 0 0 8 0



en1 1500 192.168.0 192.168.0.1 0 0 6 0





en1 1500 192.168.0 192.168.0.1 0 0 7 0

en1 1500 172.31 172.31.0.1 0 0 7 0

en1 1500 10 10.47.33.33 0 0 8 0

7/23/2019 AN121STUD


Student Notebook




Figure 14-24. Testing for remote connectivity AN121.1

Notes:

The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP

ECHO_RESPONSE from a host or router. If the host is operational and on the network, it

responds to the echo.

The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,

but there is an option (-c) to specify the number of packets sent. The ping command sendsone datagram per second and prints one line of output for every response received. It

calculates round trip times and packet loss statistics, and displays a brief summary upon

completion.Be very careful of some options like –f. This will cause ICMP packets to flood the network.

Ping is most useful to test basic connectivity between hosts, but that it can not tell us anything about where the break is in the path. On the other hand, if ping cannot get a

response, traceroute can sometimes still give us information that helps to identify theoutage.

traceroute is useful for displaying all the routers between end to end host connectively. It

may turn out that the remote host is OK but a router has failed along the path. Traceroute


IBM Power Systems

Testing for remote connectivity

• Note: Sometimes the protocols used by ping (icmp) andtraceroute (udp) are blocked by firewalls or IPSec filters.

# ping sys1

PING sys1: (192.108.14.2): 56 data bytes

64 bytes from 192.108.14.2: icmp_seq=0 ttl=255 time=0 ms

64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms

^C

----seraph PING Statistics----

2 packets transmitted, 2 packets received, 0% packet loss

# traceroute sys1

trying to get source for sys1

source should be 10.47.1.31

traceroute to seraph (192.108.14.2) from 10.47.1.31 (10.47.1.31), 30 hops max

outgoing MTU = 1500

1 merovingian.lpar.co.uk (10.47.1.30) 1 ms 0 ms 0 ms

2 7.7.7.1 (7.7.7.1) 0 ms 0 ms 0 ms3 sys1 (192.108.14.2) 0 ms 0 ms 0 ms

# ping sys1

PING sys1: (192.108.14.2): 56 data bytes

64 bytes from 192.108.14.2: icmp_seq=0 ttl=255 time=0 ms64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms

^C

----seraph PING Statistics----

2 packets transmitted, 2 packets received, 0% packet loss

# traceroute sys1

trying to get source for sys1

source should be 10.47.1.31

traceroute to seraph (192.108.14.2) from 10.47.1.31 (10.47.1.31), 30 hops max

outgoing MTU = 1500

1 merovingian.lpar.co.uk (10.47.1.30) 1 ms 0 ms 0 ms

2 7.7.7.1 (7.7.7.1) 0 ms 0 ms 0 ms

3 sys1 (192.108.14.2) 0 ms 0 ms 0 ms

7/23/2019 AN121STUD


Student Notebook




5.2

empty works by increasing the “time-to-live” value of each successive batch of packets sent. Thefirst three packets sent have a time-to-live (TTL) value of one (implying that they are not

forwarded by the next router and make only a single hop). The next three packets have aTTL value of 2, and so on. When a packet passes through a host, normally the host

decrements the TTL value by one, and forwards the packet to the next host. When a packetwith a TTL of one reaches a host, the host discards the packet and sends an ICMP time

exceeded (type 11) packet to the sender. The traceroute utility uses these returningpackets to produce a list of hosts that the packets have traversed en route to the

destination. The three timestamp values returned for each host along the path are thedelay (known as latency) values typically in milliseconds (ms) for each packet in the batch.

If a packet does not return within the expected timeout window, a star (asterisk) istraditionally printed. Traceroute may not list the real hosts. It indicates that the first host is

at one hop, the second host at two hops, and so on. IP does not guarantee that all thepackets take the same route. Also note, that if the host at hop number N does not reply, the

hop will be skipped in the output.

7/23/2019 AN121STUD


Student Notebook




Figure 14-25. Ports and sockets AN121.1

Notes:

Each process that wants to communicate with another process needs to identify itself in

some way. The logical construct used by TCP/IP to accomplish this task is called a port.

A port uniquely identifies an application (also called network services). The source portnumber and the destination port number are contained in the header of each TCP segment

or UDP packet.

Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called

well-known published ports and are reserved for standard applications like telnet and ftp.

When a datagram arrives at its destination based on the destination address, IP checks the

protocol. The data delivered to the transport protocol contains the destination port numberthat tells the transport protocol to which application process the data needs to go.

A socket is a combination of IP address and port number and protocol family, which

uniquely identifies a single network process. A socket is also referred to as acommunication end point. A pair of sockets uniquely identifies the end to end connection.

Socket communication can be viewed with the netstat –a command.


IBM Power Systems

Ports and sockets

• A port identifies the application on the host.• Server side ports are well-known and fixed.

– Stored in /etc/services• Client side ports are dynamic > 1023.

– Every client connection uses a new port• A Socket is a combination of IP address, protocol, and port

number.• A pair of sockets define a unique application network

connection.• TCP and UDP both implement ports independent of each

other.

# grep "^ftp " /etc/services

ftp 21/tcp # File Transfer [Control]

ftp 21/udp # File Transfer [Control]

neo:/ # ftp trinity

neo:/ # netstat -a |grep trinity

tcp 0 0 neo.57413 trinity.ftp ESTABLISHED

# grep "^ftp " /etc/services

ftp 21/tcp # File Transfer [Control]

ftp 21/udp # File Transfer [Control]

neo:/ # ftp trinity

neo:/ # netstat -a |grep trinity

tcp 0 0 neo.57413 trinity.ftp ESTABLISHED

Socket connectionresulting from theftp communication

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-26. inetd daemon AN121.1

Notes:

The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads

its configuration from the /etc/inetd.conf file. This file contains the names of the services

that inetd listens for requests and starts as needed, to handle these requests. The file isused to enable and disable network services, such as ftp. To disable ftp on the host, edit

the inetd.conf file, locate and comment out the ftp program, then refresh the inetddaemon.


IBM Power Systems

vi /etc/inetd.conf, locate and comment out ftp line

#ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd

telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a

shell stream tcp6 nowait root /usr/sbin/rshd rshd

refresh –s inetd

0513-095 The request for subsystem refresh was completed successfully.

vi /etc/inetd.conf, locate and comment out ftp line

#ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd

telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a

shell stream tcp6 nowait root /usr/sbin/rshd rshd

refresh –s inetd

0513-095 The request for subsystem refresh was completed successfully.

inetd daemon

• Known as the ‘super server daemon’• Loads a network program based upon request

– Example network programs• ftp, tftp, login, telnet, shell, exec, bootp, time.

– To enable or disable a network program, comment or uncomment theappropriate line, and refresh the inetd daemon.

– Example: disable ftp

7/23/2019 AN121STUD


Student Notebook




Figure 14-27. Remote UNIX commands AN121.1

Notes:

The commands, telnet, rsh, rexec, rlogin, and rsh are all part of the bos.net.tcp.client fileset

which is installed by default. Any passwords entered using these commands are

transferred over the network in clear text and can be easily captured using packet sniffingtools. rsh, rexec, and rlogin commands can be configured so that the client user does not

have to supply a password. This introduces further vulnerabilities in the system. Ideally allr* commands, including telnet, should be disabled. They can be replaced by SSH.

Openssh, including secure copy and file transfer commands, can be installed using the AIXexpansion pack media.


IBM Power Systems

Remote UNIX commands

• Logging into a UNIX box remotely

• Running commands remotely on a UNIX box

• By default, all data, including passwords, are transferredacross the network in clear text (exception ssh) – There are several types of ssh software available for AIX.

• OpenSSH is contained on the AIX Expansion Pack.

# rsh trinity -l root# rlogin trinity -l root

# telnet trinity

# ssh root@trinity

# rsh trinity -l root# rlogin trinity -l root

# telnet trinity

# ssh root@trinity

# rsh trinity -l root date

# rexec trinity date

# ssh root@trinity date

# rsh trinity -l root date

# rexec trinity date

# ssh root@trinity date

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-28. Transferring files over a network (1 of 2) AN121.1

Notes:

The ftp command is possibility the most widely used program for transferring files across a

network. The remote user name specified at the login prompt, must exist, and have a valid

password defined at the remote host.

FTP is an unsecure protocol, as all data including passwords are transferred across the

network unencrypted. These passwords are very easy to sniff and capture. AIX 6 has anew secure feature (-s) which use Transport Layer Security (TSL) to encrypt data. To use

the secure (–s) option, OpenSSL must be installed, minimum level 0.9.7.

To gain a list of all ftp subcommands, type help in an interactive session or see the manpage.


IBM Power Systems

Transferring files over a network (1 of 2)

# ftp waldorf

Connected to waldorf.lpar.co.uk.220 waldorf.lpar.co.uk FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008)

ready.

Name (waldorf:root):

331 Password required for root.

Password:

ftp> prompt

Interactive mode off.

ftp> mput file*

200 PORT command successful.

150 Opening data connection for file1.

226 Transfer complete.



226 Transfer complete.200 PORT command successful.



ftp> bye

221 Goodbye.

# ftp waldorf

Connected to waldorf.lpar.co.uk.220 waldorf.lpar.co.uk FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008)

ready.

Name (waldorf:root):

331 Password required for root.

Password:

ftp> prompt

Interactive mode off.

ftp> mput file*






226 Transfer complete.200 PORT command successful.



ftp> bye

221 Goodbye.

• ftp

AIX 6.1 has newsecure option (-s) which

uses TLS

7/23/2019 AN121STUD


Student Notebook




Figure 14-29. Transferring files over a network (2 of 2) AN121.1

Notes:

The rcp command is used to copy one or more files between the local host and a remote

host. The scp command is part of OpenSSH and is designed to replace rcp.

Moving files around the network can be neatly done with tar + rsh/ssh. The commandshown in the visual means: create an archive of /tmp/files and write this to standard out (in

this case the rsh command). The file will be transferred to system waldorf anddecompressed/written to directory/backup, if it exists.

To determine the transfer speed you can get between two hosts on a network, a good,

simple test is to use ftp and dd. In the visual, 100MB of data was transferred over thenetwork to /dev/null in 1.36 seconds.


IBM Power Systems

Transferring files over a network (2 of 2)

# rcp files* waldorf:/tmp/files

# scp file* root@waldorf:/tmp/files

### Using tar and rsh (or ssh) to transfer files over a network ###

# tar cf - /tmp/files | rsh waldorf “cd /backup && tar xBfp –”

### Using ftp and dd to test network performance ###

ftp> put "|dd if=/dev/zero bs=1M count=100" /dev/null


150 Opening data connection for /dev/null.

100+0 records in.

100+0 records out.

226 Transfer complete.104857600 bytes sent in 1.36 seconds (7.529e+04 Kbytes/s)

local: |dd if=/dev/zero bs=1M count=100 remote: /dev/null

# rcp files* waldorf:/tmp/files

# scp file* root@waldorf:/tmp/files

### Using tar and rsh (or ssh) to transfer files over a network ###

# tar cf - /tmp/files | rsh waldorf “cd /backup && tar xBfp –”

### Using ftp and dd to test network performance ###

ftp> put "|dd if=/dev/zero bs=1M count=100" /dev/null


150 Opening data connection for /dev/null.

100+0 records in.

100+0 records out.

226 Transfer complete.104857600 bytes sent in 1.36 seconds (7.529e+04 Kbytes/s)

local: |dd if=/dev/zero bs=1M count=100 remote: /dev/null

• rcp, scp and tar

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-30. Network File System AN121.1

Notes:

Network File System (NFS) is a facility for sharing files in a heterogeneous environment of

machines, operating systems, and networks. The NFS function is built into the kernel of the

operating system so it is transparent to applications and users. NFS is based on aclient/server model, where the server stores files and provides clients with access.


IBM Power Systems

Network File System

• File sharing between heterogeneous systems in a TCP/IPnetwork

• Transparent access to remote files and directories• Based on a client/server model• Filesets:

– Server: bos.net.nfs.server – Client: bos.net.nfs.client

nfs_server /home

client1 client2

/data

/home

/data

/data

7/23/2019 AN121STUD


Student Notebook




Figure 14-31. NFS server configuration (1 of 2) AN121.1

Notes:

The mknfs command configures the system to run the NFS daemons. The mknfs

command accepts the following flags:

-B Adds an entry to the inittab file to execute the /etc/rc.nfs file on systemrestart and executes the /etc/rc.nfs file immediately to start the NFS

daemons

-I Adds an entry to the inittab file to execute the /etc/rc.nfs file on systemrestart

-N Starts the /etc/rc.nfs file to start the NFS daemons immediately, when

started this way, the daemons run until the next system restart

When NFS is started the follow daemons are invoked:

• The biod daemon runs on all NFS client systems. When a user on a client wants toread or write to a file on a server, the biod daemon sends this request to the server. The

biod daemon is activated during system startup and runs continuously.


IBM Power Systems

NFS server configuration (1 of 2)

• Server configuration – Starting NFS (now and at system restart)

• /usr/sbin/mknfs –B

– Stopping NFS (now)

• /usr/sbin/rmnfs –N

# lssrc –g nfs

biod nfs 352444 active

nfsd nfs 221328 active

rpc.mountd nfs 315524 active

rpc.statd nfs 364738 active

rpc.lockd nfs 258262 active

# lssrc –g nfs

biod nfs 352444 active

nfsd nfs 221328 active

rpc.mountd nfs 315524 active

rpc.statd nfs 364738 active

rpc.lockd nfs 258262 active

# lssrc –g nfs

biod nfs inoperative

nfsd nfs inoperative

rpc.mountd nfs inoperative

rpc.statd nfs inoperative

rpc.lockd nfs inoperative

# lssrc –g nfs

biod nfs inoperative

nfsd nfs inoperative

rpc.mountd nfs inoperative

rpc.statd nfs inoperative

rpc.lockd nfs inoperative

7/23/2019 AN121STUD


Student Notebook




5.2

empty • The nfsd daemon runs on the server and handles client requests for file systemoperations.

• The rpc.mountd daemon answers client requests to mount file systems. The mountd

daemon finds out which file systems are available by reading the /etc/xtab file. The

/etc/xtab file is created when file systems are exported on the server. This process is

covered in the next visual.

• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFSimplements an advisory locking mechanism, meaning if a program, and does not pay

any attention to the locking messages it receives, it can go ahead and access the file. Inthe event of a server crash, the locking information will be recovered. The status

monitor maintains information on the location of connections as well as the status in the

/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd

daemon queries these files and tries to reestablish the connection it had prior totermination.

The rmnfs command changes the configuration of the system to stop running NFS

daemons. It accepts the same flags as mknfs.

7/23/2019 AN121STUD


Student Notebook




Figure 14-32. NFS server configuration (2 of 2) AN121.1

Notes:

In order to configure an NFS server, you have to first decide:

• What directories you want to export

• Which clients you want to have access the directories and files

• The permissions (for example, read-write, read-only) clients will have when accessing

the files

In the example shown in the visual:

• /home is exported to the world with read-write permissions. For security reasons, theclients root user does not have root privileges when accessing the files remotely. The

root user is mapped to the nobody user (UID 2).

• /usr/man directory is exported to the world with read-only permissions.

• /data directory is exported to systems: kenny, kyle, and eric. Systems, kenny and kyle

have read-write access and their root users have root privileges when accessing the


IBM Power Systems

NFS server configuration (2 of 2)

• To export directories:

# vi /etc/exports

/home

/usr/man -ro

/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle

# vi /etc/exports

/home

/usr/man -ro

/data -root=kenny:kyle,access=kenny:kyle:eric,rw=kenny:kyle

# exportfs -va

Exported /usr/man

Exported /data

Exported /home

# exportfs -va

Exported /usr/man

Exported /data

Exported /home

/etc/xtab rpc.mountd

7/23/2019 AN121STUD


Student Notebook




5.2

empty files remotely. System, eric has read-only access and the root user is mapped to usernobody.

Only when the NFS subsystem is activated, using the mknfs command, can directories be

made available. When the /etc/export file has been configured, the exportfs commandis used to make the directories available for client mounting. The exportfs -a command

exports all items listed in the /etc/exports file and automatically copies the entries to the

/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what iscurrently exported. This leaves the /etc/exports file available for updating at any time. The

/etc/xtab file must never the edited directly.

7/23/2019 AN121STUD


Student Notebook




Figure 14-33. Manual NFS client mounting AN121.1

Notes:

The showmount command is useful for viewing which directories are available for

mounting on a particular NFS server. To mount an NFS directory, first create a directory

point and then issue the mount command, as shown in the visual.

Syntax: mount <NFS_server_name> :<server mount point> <client directory mount

point >


IBM Power Systems

Manual NFS client mounting

• The showmount command can be used to query thedirectories exported by the NFS server.

• Mounting an NFS server directory

• Predefined mounts can also be defined using smit mknfsmnt.

kenny:/ # showmount -e nfs_server

export list for nfs_server:

/usr/man (everyone)

/data kenny,kyle,eric

/home (everyone)

kenny:/ # showmount -e nfs_server

export list for nfs_server:

/usr/man (everyone)

/data kenny,kyle,eric

/home (everyone)

# mkdir /data_client_mnt

# mount nfs_server:/data /data_client_mnt

# df /data

Filesystem 512-blocks Free %Used Iused %Iused Mounted on

nfs_server:/data 278528 212920 24% 1317 6% /data_client_mnt

# mkdir /data_client_mnt

# mount nfs_server:/data /data_client_mnt

# df /data

Filesystem 512-blocks Free %Used Iused %Iused Mounted on

nfs_server:/data 278528 212920 24% 1317 6% /data_client_mnt

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-34. Predefined NFS client mounting AN121.1

Notes:

Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use

when manual mounting or to enable remote file systems to be mounted during system start

time.

Key options are:

• Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to

Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. Thedefault NFS security used in most implementations is standard Unix (sys). The other

methods are used in special situations where authentication and encryption is required.These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not

the default version used in AIX and is a large complex topic which is outside the scopeof this class but may wish to refer to the following IBM redbook “Implementing NFSv4

in the Enterprise: Planning and Migration Strategies”, available at:

http://www.redbooks.ibm.com/abstracts/sg246657.html.

• Mode: Read-write or read-only.


IBM Power Systems

Predefined NFS client mounting

/data_client_mnt:

dev = "/data"

vfs = nfs

nodename = nfs_server

mount = false

options = bg,hard,intr,sec=sys

account = false

/data_client_mnt:

dev = "/data"

vfs = nfs

nodename = nfs_server

mount = false

options = bg,hard,intr,sec=sys

account = false

Add a File System for Mounting

* Pathname of mount point [/data_client_mnt] /

* Pathname of remote directory [/data]

* Host where remote directory resides [nfs_server]

* Security method [sys] +

* Mount now, add entry to /etc/filesystems or both? Both +

* /etc/filesystems entry will mount the directory no +

on system restart.

* Mode for this NFS file system read-write +

* Attempt mount in foreground or background background +

* Mount file system soft or hard hard

Note: Many options removed for clarity.

Add a File System for Mounting

* Pathname of mount point [/data_client_mnt] /

* Pathname of remote directory [/data]

* Host where remote directory resides [nfs_server]

* Security method [sys] +

* Mount now, add entry to /etc/filesystems or both? Both +

* /etc/filesystems entry will mount the directory no +

on system restart.

* Mode for this NFS file system read-write +

* Attempt mount in foreground or background background +

* Mount file system soft or hard hard

Note: Many options removed for clarity.

– smit mknfsmnt

– /etc/filesystems

7/23/2019 AN121STUD


Student Notebook




• Attempt mount in: Values: background (default) or foreground

If the attempt to mount the directory fails, the mount will be retried in the background. Ifforeground is selected, the mount request stays in the foreground even, if the mount

request fails.

• Mount type: Values: hard or soft

If the mount is soft, the system returns an error if the server does not respond. If the mountis hard, the client continues trying until the server responds. The hard mount is the default.When a hard mount is selected, an extra option is included in /etc/filesystems: intr. The intr

option allow signals to interrupt an NFS call. This is useful for aborting an NFS mountprocess when the server does not respond.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 14-35. Virtual Network Computing AN121.1

Notes:

Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the

RFB (“remote framebuffer”) protocol to remotely connect to another host/server. It

transmits the keyboard and mouse events from one host to another, relaying the graphicalscreen updates back in the other direction, over a network.

VNC is platform-independent. A VNC viewer on any operating system connects to a VNCserver, running in this case, on AIX. Multiple clients may connect to the VNC server at the

same time. Popular uses for this technology include remote technical support and

accessing files on one's work computer from one's home computer, or vice versa.VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United

Kingdom. The original VNC source code and many modern derivatives are open sourceunder the GNU General Public License.


IBM Power Systems

Virtual Network Computing

• VNC is a ‘free’ graphical desktop sharing system which usesthe RFB protocol to remotely control another computer.

• It is popular in both UNIX and Windows systems.

VNC traffic

VNC AIXServer

VNC viewer eg. UltraVNC

realVNCtightVNC

Can also be tunnelledover an ssh

connection forimproved security

7/23/2019 AN121STUD


Student Notebook




Figure 14-36. VNC configuration AN121.1

Notes:

To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications

CD. No further configuration is required.

# lslpp -l |egrep -i “vnc|zlib)” freeware.vnc.rte 3.3.3.2 COMMITTED Virtual NetworkComputing

freeware.zlib.rte 1.1.3.2 COMMITTED Data compression library

When a VNC session is started, two TCP/IP ports are opened, 59<number> and

58<number>. The 59 port must be used for the vncviewer application. The 59 prefix isgenerally not required. It is implied and hard coded into the viewer application. The 58 port

is used to access VNC over http. To connect in the way, the full port number (including 58)must be supplied.


IBM Power Systems

VNC configuration

• In order to set up a VNC server on AIX, install vnc and zlibfrom the AIX Toolbox for Linux Applications.

• Start a vnc session by typing: – vncserver :<port number>

– To access the AIX desktop VNC session from

• UNIX, type: # vncview neo:33• PC VNC viewer

• Also, access can be done through a web browser over httphttp://neo:5833

# vncserver :33

New 'X' desktop is neo:33

Starting applications specified in //.vnc/xstartup

Log file is //.vnc/neo:33.log

# vncserver :33

New 'X' desktop is neo:33

Starting applications specified in //.vnc/xstartup

Log file is //.vnc/neo:33.log

Note: The TCP/IP portstarted is actually 5933.The “59” is implied and

is not required toconnect.

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1. What are the following used for?

• /etc/rc.tcpip

_____________________________________________

• ssh

_____________________________________________

• VNC _____________________________________________

• /etc/services ______________________________________________

2. What is multipath routing and why should we use it? ______________________________________________

______________________________________________

______________________________________________

3. How can we disable the FTP protocol on AIX?

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 14

TCP/IPimplementation

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary


• Define TCP/IP layering terminology• Describe the TCP/IP startup flow on AIX• Describe IP addressing• Configure TCP/IP basic functions on AIX

– IP configuration, routing, Aliasing

• Explain how Ports and Sockets are used• Use standard TCP/IP facilities to:

– Log in to another system – Transfer files – Run commands

• Configure NFS• Set up VNC

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Unit 15. Introduction to workload partitions 15-1

5.2

empty Unit 15. Introduction to workload partitions


This unit provides an introduction to workload partitioning.



• Understand workload partition (WPAR) concepts

• Create, control, and manage WPARs

• Describe the role of WPAR manager

How you will check your progressAccountability:


References

Online AIX Version 6.1 IBM Workload Partitions for AIX

SG24-7559 AIX Version 6.1 Differences Guide (redbook)SG24-7656 Workload Partition Management in IBM AIX Version

6.1 (redbook)



7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Unit objectives




• Describe the role of WPAR Manager

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-2. Workload partition overview (1 of 2) AN121.1

Notes:

Introduction

Workload Partition (WPAR) is a software-based virtualization feature of AIX 6 that will

provide new capabilities to reduce the number of AIX operating system images thatneed to be maintained when consolidating multiple workloads on a single server.

WPARs will provide a way for clients to run multiple applications inside the sameinstance of an AIX operating system, while providing security and administrative

isolation between applications. WPARs complement logical partitions and can be used

in conjunction with logical partitions if desired. WPAR can improve administrativeefficiency by reducing the number of AIX operating system instances that must bemaintained. WPAR can increase the overall utilization of systems by consolidating

multiple workloads on a single system, and is designed to improve cost of ownership.

Global environment

Workload partitions are created within standard AIX 6 instances. The globalenvironment is the part of an AIX 6 instance, which does not belong to any workload

partition. The global environment is therefore similar to the operating system


IBM Power Systems

WorkloadPartition

ApplicationServer

WorkloadPartition

WebServer

WorkloadPartition

Billing

AIX 6 instance

WorkloadPartition

TestWorkloadPartition

BI

Workload partition overview (1 of 2)

• Workload partitions improve administrative efficiency byreducing the number of AIX images to maintain.

• WPARs act like AIX instances partitioned in software – Appears as a separate instance of AIX – Software-based partitions for

workload management

• Global environment – Owns all the physical resources,

and can be thought of as thetraditional AIX login environment

7/23/2019 AN121STUD


Student Notebook




environment of earlier versions of AIX. This global environment can be hosted within adedicated LPAR or physical system.

The global environment owns all physical resources of the LPAR: network adapters,disks adapters, disks, processors, memory. It allocates CPU and memory resources to

the workload partitions. It provides them access to the network and storage devices.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-3. Workload partition overview (2 of 2) AN121.1

Notes:

There are two types of workload partitions that can reside in a global environment.

• System WPAR is a virtual AIX environment.

• Application WPAR is a light-weight transient environment. It is suitable for execution of

one or more processes.


IBM Power Systems

Workload partition overview (2 of 2)

• Each workload partition (WPAR) – Obtains a regulated share of system resources – Can have unique network attributes and filesystems – Has separate administrative and security domains.

• WPAR prerequisites – AIX 6 and POWER4, 5, or 6

• Two types – System

– Application

• Can be relocated from system to system (LPAR to LPAR) – Requires WPAR manager software and license – WPAR relocation is referred to as “Live Application Mobility”

7/23/2019 AN121STUD


Student Notebook




Figure 15-4. Reasons to use workload partitions AN121.1

Notes:

WPARs provide unique partitioning values.

• Smaller number of OS images to maintain

• Performance efficient partitioning through sharing of application text and kernel data

and text

• Fine-grain partition resource controls

• Simple, lightweight, centralized partition administration

WPARs enable multiple instances of the same application to be deployed acrosspartitions.

• Many WPARs running DB2, Web Sphere, or Apache in the same AIX image

• Greatly increases the ability to consolidate workloads because often the sameapplication is used to provide different business services

• Enables the consolidation of separate discrete workloads that require separate

instances of databases or applications onto a single system or LPAR


IBM Power Systems

Reasons to use workload partitions

• Reduced number of AIX systems to administer

• Encapsulate and control applications

• Rapidly create a new AIX environment in minutes

• Separate security at the WPAR level – Users, RBAC

• Ability to dynamically relocate WPARs to another system

7/23/2019 AN121STUD


Student Notebook




5.2

empty • Reduced costs through optimized placement of work loads between systems to yieldthe best performance and resource utilization

WPAR technology enables the consolidation of diverse workloads on a single server

increasing server utilization rates.

• Hundreds of WPARs can be created. Far exceeding the capability of other partitioning

technologies.

• WPARs support fast provisioning and fast resource adjustments in response to

normal/unexpected demands. WPARs can be created, and resource controls modified,in seconds.

• WPAR resource controls enable the over-provisioning of resources. If a WPAR is below

allocated levels, the unused allocation is automatically available to other WPARs.

• WPARs can be migrated to another partition in response to normal shift in orunexpected change in demand.

WPARs enable development, test, and production cycles of one workload to beplaced on a single system.

• Different levels of applications (production1, production2, test1, test2) can be deployedin separate WPARs.

• Quick and easy roll out or roll back to production environments

• Reduced costs through the sharing of hardware resources

• Reduced costs through the sharing of software resources such as the operatingsystem, data bases, and tools

7/23/2019 AN121STUD


Student Notebook




Figure 15-5. WPAR is built on top of WLM AN121.1

Notes:

WPAR technology sits on top of WLM. WLM has been a standard feature of AIX since

version 4.3.3. WLM allows the control and the management of WPAR resources, such as

CPU, memory, and processes. This means that you can assign specific fractions of CPUand memory, to each WPAR. This is managed through WLM.


IBM Power Systems

WPAR is built on top of WLM

• Workload Manager (WLM) allows WPAR resource control• Resource control allows the administrator to control CPU and

Memory limits.– Plus many advanced options such as max. processes, threads,

pinned memory

AIX

WLM

WPAR

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-6. AIX workload partitions initial state AN121.1

Notes:

The creation of WPARs requires AIX 6 on your system or logical partition. You can use a

variety of tools to create, monitor, and administrate the workload partitions.


IBM Power Systems

AIX workload partitions initial state

• When you install AIX 6, either on a stand-alone machine or

an LPAR, there are no WPARs defined.

• When you log in to AIX 6.1, you log in to the globalenvironment. – From this environment you create, monitor, and administer

WPARs using:• SMIT (smit wpar)• WebSM

• Command line interface• AIX System Director console• WPAR Manager

7/23/2019 AN121STUD


Student Notebook




Figure 15-7. Application WPARs (1 of 2) AN121.1

Notes:

Application Workload Partitions

• Normal WPARs except there is no file system isolation

• Login not supported

• Internal mounts not supported

• Target: Light weight process groups for mobility


IBM Power Systems

Application WPARs (1 of 2)

Application WPAR

Processes

IPCs

/

/home

/usr /var /tmp

hdiskX PTY

Devices and filesystems visible

from globalenvironment in

WPAR

Create and run

Stop and remove

Global environment

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-8. Application WPARs (2 of 2) AN121.1

Notes:

Application workload partitions do not provide the highly virtualized system environment

offered by system workload partitions, rather they provide an environment for segregation

of applications and their resources to enable checkpoint, restart, and relocation at theapplication level.

The Application WPAR represents a shell or an envelope around a specific applicationprocess or processes which leverage shared system resources. It is light weight, quick to

create and remove, and does not take a lot of resources, since it uses the global

environment system file system and device resources. Once the application process orprocesses are finished, the WPAR is stopped. There are no login capabilities for the user. Ifyou need to access the application, you must use an application provided mechanism. All

file systems are shared with the global environment. If an application is using devices, it willuse global environment devices.


IBM Power Systems

Application WPARs (2 of 2)

• Isolate individual applications.

• Light weight; quick to create and remove – Created with wparexec command – Removed when stopped – Stopped when the application finished – File systems and device resources are shared with the global

environment – No user login capabilities

• Can be migrated to another server

7/23/2019 AN121STUD


Student Notebook




Figure 15-9. Creating an application WPAR: wparexec AN121.1

Notes:

Creating an application WPAR

The creation of an application WPAR is simple, since the only mandatory parameter is the

full path of the executable file to run inside the WPAR. The example in the slide shows the

wparexec command starting an application WPAR immediately after creation. This type of

WPAR only exists while the application is running. When the application ends, the WPARalso ends, and all of its resources are freed.

An application WPAR can automatically mount additional files systems when starting,

where the application WPAR has a dependency on a file system. This filesystem isautomatically unmounted when WPAR stops.


IBM Power Systems

Creating an application WPAR: wparexec

• Started when created• Removed when stopped or associated application ends• Created using wparexec• Can optionally have a hostname and IP address

# wparexec -n MyAppWpar /start_myapp

Starting workload partition MyAppWpar.

Mounting all workload partition file systems.

Loading workload partition.

Starting myapp on Mon 22 Dec 12:09:35 2008

Shutting down all workload partition processes.

# wparexec -n MyAppWpar /start_myapp

Starting workload partition MyAppWpar.


Loading workload partition.

Starting myapp on Mon 22 Dec 12:09:35 2008

Shutting down all workload partition processes.

WPAR andapplication

started

Applicationstopped, WPAR

removed

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-10. Application WPAR process space AN121.1

Notes:

When executing the wparexec command, the vinit process is started in the global

environment. WPAR represents a shell or an envelope around a specific application

process or processes which use shared system resources. It is light weight and all filesystems are shared with the global environment. If an application is using devices, it will

use global environment devices.


IBM Power Systems

root@global_env /: # ps -ef |egrep "(wpar|vinit)" \| awk '{print $1,$2,$3,$8,$9,$10}'

UID PID PPID CMDroot 368872 131290 /usr/bin/ksh /usr/sbin/startwpar MyAppWpar root 417934 368872 /usr/lib/corrals/vinit MyAppWpar /start_myapp

Application WPAR process space

Global Environment

WPAR: MyAppWpar

init

srcmstr

PID=1PID=417934

vinit

biod

portmapinetd rpc.statd

Others…

errdemonxmwlmsyncd

cron

/etc/init

/usr/lib/corrals/vinit <wparname><application>

syslogd

Application running

wparexec startwpar

7/23/2019 AN121STUD


Student Notebook




Figure 15-11. System WPARs (1 of 2) AN121.1

Notes:

System Workload Partition

A System WPAR is a self contained, virtual AIX partition, within the global AIX

environment.


IBM Power Systems

System WPARs (1 of 2)

System WPAR

//opt/usr /var /tmp

hdiskXPTY

InetdCron

sendmail

Processes

Devices

File Systems

IPCs

Devices and filesystems visible from

the globalenvironment in

WPAR

Devices and filesystems unique

to WPAR

Global environment

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-12. System WPARs (2 of 2) AN121.1

Notes:

System workload partitions are autonomous virtual system environments with their own

private root file systems, users and groups, login, network space, and administrative

domain.

The systems administrator accesses the WPAR through the administrator console or

through regular network tools such as telnet or ssh. Inter-process communication for aprocess in a WPAR, is restricted to those processes in the same WPAR.

System workload partitions are complete virtualized OS environments, where multiple

services and applications run. It takes longer to create a system WPAR compared to anapplication WPAR, as it builds its own filesystems. A system WPAR is removed only when

requested. It has its own root user, RBAC privileges, and system services like inetd, cron,syslog, and so on.

A system WPAR does not share writable file systems with other workload partitions or the

global environment.


IBM Power Systems

System WPARs (2 of 2)

• Are autonomous virtual system environments – By default:

• /usr/ and /opt filesystems are shared with the global environment• /, /var and /tmp are private for the WPAR own use:

– Have their own unique set of users, groups, and network addresses – Can be accessed from the global environment using the

administration console (clogin) or from the network using regulartelnet or ssh sessions

– Can be stopped and restarted – Integrated with role-based access control (RBAC)

• Granular privilege and security controls within WPAR

– Processes can only see and signal other processes within a WPAR – System services: Mail, NFS client, inetd, syslog, cron, and so on are

executed independently for each WPAR.

7/23/2019 AN121STUD


Student Notebook




Figure 15-13. System WPAR device access AN121.1

Notes:

The global environment can use physical or virtual devices. The hosted WPARs have no

control of, nor can they directly access, the hardware devices. Therefore, the global

environment also owns all physical I/O adapters needed by the workload partitions.


IBM Power Systems

System WPAR device access

• WPARs have no device access to: – Storage devices

• Access to data is performed through file systems that are mounted fromthe global environment.

– Physical network devices – Devices that could provide a more global view of the system such as

/dev/mem or /dev/kmem

• WPARs have device access to: – A limited set of safe pseudo devices such as /dev/null, /dev/zero,

/dev/random, /dev/tty

• WPARs are not capable of creating new devices bythemselves.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-14. Creating a system WPAR: mkwpar AN121.1

Notes:

Creating a System WPAR

System WPARs are created with the mkwpar command. These commands can get quite

complex and many of the flags are beyond the scope of this course.

The example in the visual shows a simple system WPAR being created called wpar1. Thecreation process is as follows:

• Create the filesystems.

• Install AIX or RPM software into the WPAR from the global environment. • Check that the software is correctly synchronized between the global environment and

the WPAR.

• Return the success or failure status.


IBM Power Systems

Creating a system WPAR: mkwpar

# mkwpar –n wpar1

mkwpar: Creating file systems.../

/home

/opt

/proc

/tmp

/usr

/var

……….

Installp: INSTALLING software for:

syncroot: RPM root packages are currently synchronized.

syncroot: Root part is currently synchronized.syncroot: Returns Status = SUCCESS

Workload partition wpar1 created successfully.

mkwpar: 0960-390 To start the workload partition, execute

the following as root: startwpar [-v] wpar1

# mkwpar –n wpar1

mkwpar: Creating file systems...

/

/home

/opt

/proc

/tmp

/usr

/var

……….

Installp: INSTALLING software for:

syncroot: RPM root packages are currently synchronized.

syncroot: Root part is currently synchronized.syncroot: Returns Status = SUCCESS


mkwpar: 0960-390 To start the workload partition, execute

the following as root: startwpar [-v] wpar1

7/23/2019 AN121STUD


Student Notebook




Figure 15-15. System WPAR process space AN121.1

Notes:

The visual shows an example of the processes structure in a system workload partition,

and its interaction with the global environment. The WPAR init process ID is always, within

the WPAR, virtualized to 1 and its parent process 0.

Each system workload partition has its own inittab file and resource manager (srcmstr), so

that it appears to be a standalone operating system.


IBM Power Systems

root@global_env /: ps -eaf |grep –E rcmstr|315476“


root 1 0 0 Jun 29 - 0:00 /etc/initroot 204946 1 0 Jun 29 - 0:00 /usr/sbin/srcmstr root 282812 315476 0 Jul 03 - 1:57 /usr/bin/xmwlm -Lroot 315476 204946 0 Jul 03 - 0:00 /etc/initroot 348392 315476 0 Jul 03 - 0:00 /usr/sbin/srcmstr root 364660 315476 0 Jul 03 - 0:01 /usr/sbin/cron

System WPAR process space

Global Environment

wpar1

init

srcmstr

PID=1PID=315476 cor_wpar1

biod

portmap

inetdrpc.statd

Others…

errdemon

xmwlmsyncd

cron

/etc/init

/etc/init

biod

cronwmwlm

inetdportmap rpc.statd

Others…

# root@wpar1 /: ps –ef

UID PID PPID C STIME TTY TIME CMDroot 1 0 0 Jul 03 - 0:00 /etc/initroot 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetdroot 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogdroot 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmaproot 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -Lroot 307220 1 0 23:06:20 ? 0:00 clogin wpar1root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron

srcmstr

syslogd

syslogd

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-16. Creating a system WPAR with a network definition AN121.1

Notes:

The network connection for a WPAR is implemented using the network alias feature on the

global environment level's physical or virtual network interface. The network alias is a

standard feature that is used to implement both an IP address for each WPAR and allowsfor a WPAR movement to a different system.

Network addresses can also be assigned to application WPARs. This can be achieved asfollows:

# wparexec -c -n wpar30 -N address=10.6.105.130 /wpar30/appstart


IBM Power Systems

glob_env: # ifconfig en0

en0:

flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,M

ULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>




glob_env: # ifconfig en0

en0:






wpar1: # ifconfig en0

en0:





wpar1: # ifconfig en0

en0:





Creating a system WPAR with a network definition

# mkwpar -h wpar1 -r -N interface='en0' \

address='10.47.33.1' -n wpar1

# mkwpar -h wpar1 -r -N interface='en0' \

address='10.47.33.1' -n wpar1

# chwpar -N interface='en0' address='3.3.3.3’ \

netmask='255.0.0.0' wpar1

# chwpar -N interface='en0' address='3.3.3.3’ \

netmask='255.0.0.0' wpar1

glob_env

WorkloadPartition: wpar1

10.47.33.1/163.3.3.3/8

en0 (net)

10.47.110.1/16

10.3.2.201

10.47.0.0

3.0.0.0

Additional networkparameters can be

added aftercreation.

7/23/2019 AN121STUD


Student Notebook




Figure 15-17. WPAR routing AN121.1

Notes:

Each WPAR can use the routing table available in the global environment. However, the

WPAR administrator can decide to enable WPAR specific routing and add or delete routes

as necessary.


IBM Power Systems

WPAR routing

• By default, a system WPAR uses the routing table of the globalenvironment.

• A system WPAR can have its own specific routing table. – In SMIT, set the WPAR specific routing option to yes, or from

command line, use the –i flag.Syntax: -I rtdest=<IP> rtgateway=<IP> [rtnetmask=<IP>] [rttype={net|host}] [rtinterface=<if>]

– Example: To add a specific WPAR default route to wpar1

– To view the routing table for wpar1

Global env # chwpar -I rtdest=default rtgateway=10.47.0.1 wpar1Global env # chwpar -I rtdest=default rtgateway=10.47.0.1 wpar1

Global env # netstat -rn -@ wpar1

Routing tables

WPAR Destination Gateway Flags Refs Use If Exp Groups

Route Tree for Protocol Family 2 (Internet):

wpar1 default 10.47.0.1 UG 7 250 en0 - -

wpar1 10.47/16 10.47.33.30 U 1 39 en0 - -

wpar1 10.47.33.1 127.0.0.1 UGHS 0 0 lo0 - -

wpar1 10.47.255.255 10.47.33.1 UHSb 0 0 en0 - -

Global env # netstat -rn -@ wpar1

Routing tables

WPAR Destination Gateway Flags Refs Use If Exp Groups

Route Tree for Protocol Family 2 (Internet):

wpar1 default 10.47.0.1 UG 7 250 en0 - -

wpar1 10.47/16 10.47.33.30 U 1 39 en0 - -

wpar1 10.47.33.1 127.0.0.1 UGHS 0 0 lo0 - -

wpar1 10.47.255.255 10.47.33.1 UHSb 0 0 en0 - -

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-18. System WPAR file systems space (1 of 2) AN121.1

Notes:

Storage level access in a system WPAR is through a set of file systems assigned to the

WPAR at creation, and mounted within the WPAR during activation. A system WPAR

operates within a localized view of these file systems:

/

/usr

/opt

/tmp/var

/home


IBM Power Systems

System WPAR file systems space (1 of 2)

• There are three primary forms of file system access within asystem WPAR. – Shared-system

• /usr and /opt are shared read-only, by default, from the globalenvironment through namefs mounts.

– NFS hosted• A set of file systems, which can include /usr and /opt, are mounted

(read-only or read/write) from a host system through NFS mounts.

– Non-shared• /tmp, /var , /home, / are separate local file systems (jfs/jfs2) within the

WPAR.

# mkwpar -n wpar1 -l# mkwpar -n wpar1 -l

Creates a WPARwith Non-shared /usr and /opt file

systems.

7/23/2019 AN121STUD


Student Notebook




By default /usr and /opt are shared with the global environment (read only). Alternatively, ifthe application requires read/write access to these directories, the WPAR can have its own

non-shared copies. However, this will significantly increase the time required to create,backup, or restore the WPAR.

File systems can also be hosted through NFS. NFS is mandatory if the live application

mobility feature is to be deployed to move WPARs from box to box (LPAR to LPAR).

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-19. System WPAR file systems space (2 of 2) AN121.1

Notes:

The visual shows an example of the default storage model of a system WPAR. The system

WPAR includes the creation of a base directory. This base directory is the root of the chroot

system WPAR environment. By default, the path to this base directory is /wpars/<name_of_wpar> in the global environment.

By default, the base directory contains 7 filesystems:

• /, /home, /tmp and /var are real filesystems, dedicated to the system partition use.

• /opt and /usr are read-only namefs mounts of the global environment's /usr and /opt.

• The /proc pseudo-file system maps to the global environment /proc pseudo-file system

(/proc in a WPAR only makes available process information for that WPAR).

From the global environment, the file systems and mount points associated with the systemWPAR, are seen as being located within a WPAR-specific sub-directory tree of the global

environment (for example, /wpars/wparname/ ).


IBM Power Systems

{sys02_p2} / # mountNode mounted mounted over vfs date options-------- -------------- --------------- ------ ------------ ----------

/dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8/proc /proc procfs Aug 27 14:06 rw/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw/dev/fs lv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE

• AIX 6 globalenvironment

• System WPAR – /usr > namefs,

nfs mount or local – /opt > namefs,

nfs mount or local

– /proc > namefs

System WPAR file systems space (2 of 2)

{wpar1} / # mountNode mounted mounted over vfs date options-------- ------------- --------------- ------ ------ ---------

/dev/fslv01 / jfs2 Sep 03 14:55 rw,log=INLINE/dev/fslv02 /home jfs2 Sep 03 14:55 rw,log=INLINE/opt /opt namefs Sep 03 14:55 ro/proc /proc namefs Sep 03 14:55 rw/dev/fslv03 /tmp jfs2 Sep 03 14:55 rw,log=INLINE/usr /usr namefs Sep 03 14:55 ro/dev/fslv04 /var jfs2 Sep 03 14:55 rw,log=INLINE

7/23/2019 AN121STUD


Student Notebook




From within the WPAR, the file systems are seen as being rooted at /. For example, if theWPAR is established in /wpars/sample, then the / tmp directory for that WPAR will be seen

as /wpars/sample/tmp from the global environment, but simply as /tmp from within theWPAR.

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-20. WPAR management commands AN121.1

Notes:

The visual describes some popular WPAR commands. For further details, refer to the man

pages.


IBM Power Systems

WPAR management commands

• Basic commands: – Create a system WPAR: /usr/sbin/mkwpar

– Create and run an application WPAR: /usr/sbin/wparexec – List details and status: /usr/sbin/lswpar – Make changes to the WPAR: /usr/sbin/chwpar – Remove a WPAR: /usr/sbin/rmwpar

• Manage system WPARs – Start a WPAR: /usr/sbin/startwpar <wparname> – Stop a WPAR: /usr/sbin/stopwpar -F <wparname> – Reboot a WPAR: /usr/sbin/rebootwpar -F <wparname> – Synchronize the global environment

and WPAR software levels: /usr/sbin/syncwpar • Save and recover system WPARs

– Create a WPAR from a WPAR backup image: /usr/sbin/restwpar – Back up WPAR files: /usr/bin/savewpar – Create a file used by the savewpar and restwpar: /usr/bin/mkwpardata – Restore files from a backup source: /usr/bin/restwparfiles – Lists the contents of a workload partition backup: /usr/bin/lssavewpar

7/23/2019 AN121STUD


Student Notebook




Figure 15-21. Specification file AN121.1

Notes:

The configuration of a workload partition can be stored in human-readable specification

files. These specification files can be generated by the operating system from already

existing workload partitions, or can be edited, created, or modified by hand.

In an environment where a system administrator has to manage several WPARs,

specification files can help clone new WPARs.

These specification files can be used as input to WPAR creation commands, allowing thesystem administrator to automate the startup and handling of multiple workload partitions.


IBM Power Systems

Specification file

• A specification file characterizes the WPAR. – A specification file simplifies the creation of future WPARs.

• # mkwpar -n mywpar -o mywpar.spec – A specification file may be generated from an existing WPAR using –w and –o:

• # mkwpar -e mywpar –w –o /tmp/mywpar.spec

– Creating a WPAR using a specification file• # mkwpar-f mkwpar.spec

FILE:mywpar.spec

general:

name = “mywpar"

hostname = “mywpar"

preserve = "no"

directory = "/wpars/mywpar"privateusr = "no"

devices = "/etc/wpars/devexports"

security:

secfile = "/etc/wpars/secattrs"

mount:

dev = "/usr"

directory = "/usr"

vfs = "namefs"

mountopts = "ro"

FILE:mywpar.spec

general:

name = “mywpar"

hostname = “mywpar"

preserve = "no"

directory = "/wpars/mywpar"privateusr = "no"

devices = "/etc/wpars/devexports"

security:

secfile = "/etc/wpars/secattrs"

mount:

dev = "/usr"

directory = "/usr"

vfs = "namefs"

mountopts = "ro"

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-22. Starting a system WPAR AN121.1

Notes:

The startwpar command activates a workload partition that was defined by the mkwpar

command. It includes:

• Exporting devices from the global environment into the workload partition

• Mounting the workload partition's file systems

• Assigning and activating the workload partition's IP addresses

• Activating the workload partition's WLM class, if any

• Creating the init command

The startwpar command fails if no workload partition exists with the given name.


IBM Power Systems

Starting a system WPAR

• Start WPAR

root@sys02_p1 /: startwpar -v wpar1

Starting workload partition wpar1.


Mounting /wpars/wpar1

Mounting /wpars/wpar1/home

Mounting /wpars/wpar1/opt

Mounting /wpars/wpar1/proc

Mounting /wpars/wpar1/tmp

Mounting /wpars/wpar1/usr

Mounting /wpars/wpar1/var

Loading workload partition.Exporting workload partition devices.

Starting workload partition subsystem cor_wpar1.

0513-059 The cor_wpar1 Subsystem has been started.

Subsystem PID is 282748.

Verifying workload partition startup.

Return Status = SUCCESS.

Start WPAR

cor_<wpar_n

ame>subsystem

started

7/23/2019 AN121STUD


Student Notebook




Figure 15-23. Stopping and removing a system WPAR AN121.1

Notes:

The stopwpar command deactivates a running workload partition. This includes stopping

the following tasks:

• Stopping processes running within the workload partitions

• Unloading the workload partition's WLM class, if any

• Deactivating the workload partition's IP addresses, if any

• Unmounting the workload partition's file systems, if any

• Restarting the system workload partition

• Removing the application workload partition

The stopwpar command fails if one or more processes cannot be stopped, or one or more

file systems cannot be unmounted. In that case, you can force a workload partition to stopby using the –F flag. This will signal running processes more aggressively and force an

unmount of file systems. If there are processes that cannot be stopped, the workloadpartition is placed in the Broken state, and cannot be restarted.


IBM Power Systems

root@sys02_p1 /: stopwpar [–F] wpar1root@sys02_p1 /: stopwpar [–F] wpar1

Stopping and removing a system WPAR

root@wpar1 /: shutdown –Froot@wpar1 /: shutdown –F

root@sys02_p1 /: rmwpar wpar1rmwpar: Removing workload partition wpar1

rmwpar: Removing file system /wpars/ wpar1 /var.

rmlv: Logical volume fslv03 is removed.

rmwpar: Removing file system /wpars/wpar1/usr

…….

rmwpar: Return Status = SUCCESS

root@sys02_p1 /: rmwpar wpar1rmwpar: Removing workload partition wpar1

rmwpar: Removing file system /wpars/ wpar1 /var.

rmlv: Logical volume fslv03 is removed.

rmwpar: Removing file system /wpars/wpar1/usr

…….

rmwpar: Return Status = SUCCESS

• Stopping the WPAR from the global environment

• Stopping the WPAR from within the WPAR

• Removing the WPAR from the global environment

7/23/2019 AN121STUD


Student Notebook




5.2

empty The rmwpar command deletes the specified workload partition from the system. Thisincludes the following tasks:

• Removing the workload partition's configuration data from the system's workload

partition database

• Deleting the workload partition's file systems

• Removing the workload partition's Workload Manager (WLM) profile

7/23/2019 AN121STUD


Student Notebook




Figure 15-24. WPAR status: lswpar AN121.1

Notes:

The lswpar command lists both the state of workload partitions and optionally, their

characteristics.


IBM Power Systems

WPAR status: lswpar

• From the global environment:

• Type = System or Application WPAR• State values

State values Comments

D = Defined System WPAR created with mkwpar and not yet started

A = Active A system WPAR has been started and Daemons are running.

P = Paused Processes are stopped Checkpoint done – Ready to continue

F = Frozen Process stopped checkpoint not done – Usually not seen by the user

T = Transient Intermediate state between Defined and Active

B = Broken System WPAR failed at creation time – need to be removed using rmwpar

root@sys02_p1 /: lswpar

Name State Type Hostname Directory

--------------------------------------------------------------

wpar1 D S wpar1 /wpars/wpar1

oracle D S oracle /wpars/oracle1

db2_95 A S db_serv /wpars/db2_95

apache A A web_serv /

root@sys02_p1 /: lswpar

Name State Type Hostname Directory--------------------------------------------------------------

wpar1 D S wpar1 /wpars/wpar1

oracle D S oracle /wpars/oracle1

db2_95 A S db_serv /wpars/db2_95

apache A A web_serv /

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-25. WPAR logs AN121.1

Notes:

Logs are available in the /var/adm/wpars directory of the global environment when the

WPAR is created, started, stopped, and so forth. These WPAR events are logged in an

event.log file.

Each system WPAR creation is logged in the /var/adm/ras/wpars.<wpar name>.log file.


IBM Power Systems

WPAR logs

• Global environment – /var/adm/wpars/event.log

• System WPAR events – File systems creation, exporting WPAR devices – Starting WPAR and stopping WPAR events

• Application WPAR logs start and stop events

– /var/adm/ras/wpars.<wparname>.log• System WPAR installed filesets and root synchronization results

7/23/2019 AN121STUD


Student Notebook




Figure 15-26. System WPAR management: clogin AN121.1

Notes:

The console of a WPAR is accessed from the global environment. You can log in to a

WPAR using clogin , or a remote mechanism such as rsh, telnet, rlogin , or ssh.

When you need to know whether you are in the global environment or inside a WPAR, youcan execute the uname -W command. This returns 0 if in the global environment, and

non-zero, if inside a WPAR. You can also check the host name or the mounted file systems.


IBM Power Systems

# clogin wpar10 -l bill "id; date“

uid=202(bill) gid=1(staff)Tue 3 Mar 17:16:50 2009

# clogin wpar10 -l bill "id; date“

uid=202(bill) gid=1(staff)

Tue 3 Mar 17:16:50 2009

System WPAR management: clogin

• With a system WPAR, to log in or execute a command, youcan use: – # clogin <WPAR Name>

– # clogin -l “user” “cmd” “args”

– # telnet

– # ssh

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-27. AIX command restrictions in WPARs AN121.1

Notes:

Not all applications can run in a WPAR environment. For example, if they require the ability

to manage devices and storage directly, the restrictions of the WPAR environment will be a

problem.


IBM Power Systems

AIX command restrictions in WPARs

• AIX command restrictions (certain commands are not allowedin WPAR) – LVM commands – File system commands – Special file creation (for example, character and block devices) – Commands accessing /dev/mem – Performance or system tunables are largely restricted to global

environment only.

7/23/2019 AN121STUD


Student Notebook




Figure 15-28. WPAR management: save and restore WPAR AN121.1

Notes:

When the system administrator creates a backup through the mksysb command, the

system administrator usually sends it to a physical device. In a WPAR environment, there

are no physical devices for backup, which means that there is a different way to back up aWPAR. Similar to the savevg command, we can make a backup of the WPAR with the

savewpar command. This saves the files and the configuration of the WPAR. When youhave a system WPAR with shared /usr and /opt, the backup is very small, because it does

not save those file systems. You must be in the global environment to execute the backup.

If you want to save the backup of a WPAR on a DVD, you can use the mkdvd commandwith the –W flag. The –W flag demotes the workload partition to be backed up using the

savewpar command.

The restwpar command creates a workload partition from a workload partition backup

image, created by the savewpar, mkcd, or mkdvd command. A workload partition backupimage contains an image.data file and a workload partition specification file which are

used by default to establish the characteristics of workload partition.


IBM Power Systems

WPAR management: Save and restore WPAR

• savewpar: Backs up files and metadata from a WPAR

• restwpar: Can be used to recreate or to clone a WPAR

# savewpar -Nif /tmp/wpar1.backup wpar1

Creating information file for workload partition wpar1.

Creating list of files to back up.

Backing up 2067 files

2067 of 2067 files (100%)

0512-038 savewpar: Backup Completed Successfully.

# savewpar -Nif /tmp/wpar1.backup wpar1

Creating information file for workload partition wpar1.

Creating list of files to back up.

Backing up 2067 files

2067 of 2067 files (100%)

0512-038 savewpar: Backup Completed Successfully.

# restwpar –F -f /tmp/wpar1.backup

New volume on /tmp/wpar1.backup:



The backup date is: Thu Nov 8 11:04:42 CST 2007


The user is root.

x 2772 ./.savewpar_dir/wpar.spec

x 4641 ./.savewpar_dir/image.data

x 124059 ./.savewpar_dir/backup.data

The total size is 131472 bytes

syncroot: Returns Status = SUCCESS


mkwpar: 0960-390 To start the workload partition, execute the following as root:

startwpar [-v] wpar1.

# restwpar –F -f /tmp/wpar1.backup

New volume on /tmp/wpar1.backup:



The backup date is: Thu Nov 8 11:04:42 CST 2007Files are backed up by name.

The user is root.

x 2772 ./.savewpar_dir/wpar.spec

x 4641 ./.savewpar_dir/image.data

x 124059 ./.savewpar_dir/backup.data

The total size is 131472 bytes

syncroot: Returns Status = SUCCESS


mkwpar: 0960-390 To start the workload partition, execute the following as root:

startwpar [-v] wpar1.

7/23/2019 AN121STUD


Student Notebook




5.2

empty The restwpar command has three major steps:

1. Create the necessary file systems according to the image.data file that is created withthe savewpar command, and mount them.

2. Restore the files in the backup to their proper places. This might include the /usr and

/opt depending on the type of WPAR.

3. Synchronize the WPAR with the global environment.

7/23/2019 AN121STUD


Student Notebook




Figure 15-29. Software installation, shared /usr and /opt AN121.1

Notes:

To install software in shared WPARs, the software must first be installed in the global

environment. When software is installed in AIX, there are two parts, root and user , as

shown in the installation summary below. When software is installed in the globalenvironment, the WPAR /usr already has the software installed, but the root part is private

and therefore is not in sync with the user part of the installation. In order to sync the root and /usr parts of the shared WPAR, either run the syncwpar command from the global

environment, or run the syncroot command from within the WPAR.

Installation Summary--------------------


-------------------------------------------------------------------------------

bos.games 6.1.0.0 USR APPLY SUCCESS

bos.games 6.1.0.0 ROOT APPLY SUCCESS


IBM Power Systems

Software installation, shared /usr and /opt

• Software must be installed in the global environment and thensynchronized with the shared WPARs. – This includes updates to the operating system

• To synchronize shared WPARs: – From the global environment, run # syncwpar <wparname>

or – From within the WPAR, run # syncroot

Global env # installp –acd . bos.games

Global env # syncwpar -A

Global env # installp –acd . bos.games

Global env # syncwpar -A

Synchronizes allWPARS

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-30. Software installation, non-shared /usr and /opt AN121.1

Notes:

The procedure for installing software into a non-shared WPAR is the same as installing into

a regular instance of AIX. There is also a new facility in the AIX SMIT panels which will

enables software to be installed from the global environment in detached (non-shared)WPARs, as shown in the visual.


IBM Power Systems

Software installation, non-shared /usr and /opt

• Non-shared /usr and /opt – Software can be installed from within the WPAR – Same process as AIX (Using SMIT, installp, rpm)

or – Can be installed into the WPAR from the global environment

# smit install_latest

Install Software

[Entry Fields]


* SOFTWARE to install [bos.games] > +



# fields removed for clarity

WPAR Management

Perform Operation in Global Environment no +

Perform Operation on Detached WPARs yes +

Detached WPAR Names [private] +

Remount Installation Device in WPARs yes +

Alternate WPAR Installation Device []

Install Software

[Entry Fields]


* SOFTWARE to install [bos.games] > +

PREVIEW only? (install operation will NOT occur) no +COMMIT software updates? yes +

# fields removed for clarity

WPAR Management

Perform Operation in Global Environment no +

Perform Operation on Detached WPARs yes +

Detached WPAR Names [private] +

Remount Installation Device in WPARs yes +

Alternate WPAR Installation Device []

7/23/2019 AN121STUD


Student Notebook




Figure 15-31. WPAR resource control AN121.1

Notes:

The workload partition resource control is based on the Workload Manager (WLM)

technology which has been incorporated in the AIX kernel since version 4.3.3. Because the

workload partition resource control commands encapsulate and hide WLM details, thesystem administrator does not need to have in-depth knowledge of WLM, in order to use

workload partition resource control.

There are two approaches of specifying CPU and memory allocation: share-based and

percentage-based.

Resource allocation control for each WPAR is performed at the global environment level bythe global administrator. Commands related to resource control are not available within a

workload partition. You can specify resource control attributes using the -R flag of the

mkwpar, chwpar, wparexec, and lswpar commands.


IBM Power Systems

WPAR resource control

• Resource control enables the administrator to control CPU andMemory limits. – In addition to CPU and memory, you can control other values such as

the total number of processes and threads.

• This facility is provided by workload manager (WLM). – No direct WLM knowledge or configuration is required.

• For CPU and memory there are two approaches: – Share-based (on relative importance) – Percentage-based (on fixed limits)

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-32. Shared-based approach AN121.1

Notes:

Share-based approach.

Each workload partition receives its part of the specified resource, according to the ratio of

its own share to the sum of shares of all currently active workload partitions.


IBM Power Systems

Shared-based approach

• To create a WPAR using shared resource controls

• To change or add shared resource controls

System # mkwpar -n wparA -R shares_CPU=10 shares_memory=20

App # wparexec -n wparAPP -R shares_CPU=10 shares_memory=20 <app. path>

System # mkwpar -n wparA -R shares_CPU=10 shares_memory=20

App # wparexec -n wparAPP -R shares_CPU=10 shares_memory=20 <app. path>

# chwpar -R shares_CPU=50 shares_memory=30 wparA

# Note: Same syntax for both system and application WPARs

# chwpar -R shares_CPU=50 shares_memory=30 wparA

# Note: Same syntax for both system and application WPARs

7/23/2019 AN121STUD


Student Notebook




Figure 15-33. Percentage-based approach AN121.1

Notes:

Percentage-based approach.

There are three parameters that should be specified:

• Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed

to have available at all times.

• Soft maximum percentage is the maximum amount of a resource that a WPAR canhave when multiple WPARs contend for that type of resource. If there is a sufficient

amount of that type of resource available, and resource contention does not occur, theWPAR can exceed this limit.

• Hard maximum percentage is the maximum amount of a resource that a WPAR can

ever have. Even if there is a sufficient amount of that type of resource available, andresource contention does not occur, the WPAR cannot exceed this limit.


IBM Power Systems

Percentage-based approach

• Three values: – Minimum: Guaranteed capacity – Soft maximum: Maximum capacity if there is contention for resource – Hard maximum: Absolute maximum, cannot be exceed

• Format: – Minimum%-soft maximum%,hard maximum%

• Both percentage and share value can be set. Percentagetakes precedence.

• To create a WPAR with CPU % resource controls

• To change or add CPU % resource controls

System # mkwpar -n wparA -R CPU=5%-30%,50% memory=5%-10%,25%

App. # wparexec -n wparAPP -R CPU=5%-30%,50% memory=5%-10%,25% <app. path>

System # mkwpar -n wparA -R CPU=5%-30%,50% memory=5%-10%,25%App. # wparexec -n wparAPP -R CPU=5%-30%,50% memory=5%-10%,25% <app. path>

# chwpar -R CPU=10%-20%,70% memory=5%-20%,45% wparA# chwpar -R CPU=10%-20%,70% memory=5%-20%,45% wparA

7/23/2019 AN121STUD


Student Notebook




5.2

empty

Figure 15-34. Workload Partition Manager overview AN121.1

Notes:

IBM Workload Partition (WPAR) Manager is a platform management solution that provides

a centralized point of control for managing workload partitions or WPARs, across a

collection of managed systems running AIX.

It is an optional product, part of the IBM Systems Director family, designed to facilitate the

management of WPARs and application mobility. WPAR Manager also provides advancedfeatures such as policy-based mobility for the automation of WPAR relocation, based on

current performance state. WPAR Manager is a separate chargeable product, not part of

AIX.


IBM Power Systems

Workload Partition Manager overview

• Provides centralized management of WPARs across multiple serversand enables infrastructure optimization

• WPAR Manager components require: – One server LPAR running as manager – One agent on each managed LPAR containing WPARs

• Browser-based single GUI for WPAR management: – Basic lifecycle administration

• Create, view, modify, start, stop, and remove

– Advanced management

• Static and live relocation• Checkpoint, restart• Automated relocation, policy driven• Monitoring, performance reporting• Global load balancing• Recovery

WPAR1 WPAR2 WPAR3

LPAR YWPAR Agent

WorkloadPartitionManager

WebServer

Browser

LPAR1Management Server

WPAR A WPAR B WPAR C

LPAR XWPAR Agent

7/23/2019 AN121STUD


Student Notebook




Figure 15-35. Workload Partition Manager GUI AN121.1

Notes:

WPAR Manager is a JAVA application running in a management server. The WPAR

Manager GUI provides a browser-driven interface to the WPAR management server. The

UI displays information that has been collected through the agents, and also providesmanagement capability such as creation, deletion, and relocation of WPARs. Many of

these tasks can also be accomplished from the command line interface.


IBM Power Systems

Workload Partition Manager GUI

• Access the WPAR Manager from a browser using a system anywhereon the network.

• WPAR Manager console default URLs: – Public: http://<hostname> :14080/ibm/console – Secured: https://<hostname>:14443/ibm/console

• Single point of control formanaging: – System WPARs – Application WPARs

• WPAR Manager is licensed – Covers all embedded technologies

and products:• Agent services• Database• MetaCluster Checkpoint Restart (MCR)

– Customer required to accept license agreement on all installp filesets

Browser based console

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Checkpoint

1.True or False: Workload partitions require Power6 systems.

2.What are the two types of workload partitions?

3.What command builds and starts an application workload partition?

4.How is the network connection for a WPAR implemented?

5.What are the three forms of file system access within a WPAR?

7/23/2019 AN121STUD


Student Notebook





Notes:


IBM Power Systems

Exercise 15

Introduction toworkload partitions

7/23/2019 AN121STUD


Student Notebook




5.2

empty


Notes:


IBM Power Systems

Unit summary




• Describe the role of WPAR Manager

7/23/2019 AN121STUD


Student Notebook




7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Appendix A. Printers and queues A-1

5.3

empty Appendix A. Printers and queues


This unit describes the concepts behind the AIX print spooling

mechanisms in AIX 6.1.



• Describe the purpose and the benefits of a queuing system• Identify the major components that are responsible for processing

a print request

• Add a printer queue and device under different circumstances

• Submit jobs for printing• View the status of the print queues


Accountability:

• Checkpoint questions• Exercise

References

Online AIX 6.1 System Management Guide

Online AIX 5L Version 5.3 Guide to Printers and Printing

7/23/2019 AN121STUD


Student Notebook



A-2 AIX installation © Copyright IBM Corp. 2009

Figure A-1. Unit objectives AN121.1

Notes:


Unit objectives

After completing this unit, you should be able to:• Describe the purpose and the benefits of a queuing system• Identify the major components that are responsible for

processing a print request• Add a printer queue and device under different

circumstances• Submit jobs for printing• View the status of the print queue

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-2. AIX 6.1 printing environments AN121.1

Notes:

Introduction

The visual gives an overview of the different approaches that can be taken to printingunder AIX 5L and later. In the next two visuals, System V printing is compared to the

traditional AIX print subsystem. The remainder of this unit will focus on using the AIXprint subsystem.

Note

You can use either the AIX print subsystem or the System V print subsystem. They will notrun concurrently.


AIX 6.1 printing environments

• Print subsystems:

– AIX print subsystem

– System V print subsystem

• Print directly to a local printer device.

• Print directly to a remote printer through a socket program.

• Infoprint Manager, or similar advanced print managementsystem

7/23/2019 AN121STUD


Student Notebook




Print directly to a local printer device

This is the simplest form of printing. If your printer is directly attached to a serial or

parallel port on the local machine, it is possible to print by sending a file directly to thedevice. For example:

# cat /home/karlmi/myfile > /dev/lp0

In this approach, you lose the ability to serialize (spool) print requests. Only one usermay print at a time. On the other hand, if a printer is dedicated to one use, this may be agood solution. Examples might be logging to a printer, or printing checks.

Print directly to a remote printer through a socket program

This is similar to printing to a device driver, except that in this case, you are sending the

output to a program which makes a connection to the printer over the network.

Print using the System V print subsystem

In this environment, files to be printed are sent to the System V print service daemon,lpsched, using the lp or lpr commands. The print service daemon serializes the jobs,

so they will be printed in the order in which they were submitted. The print service mayfilter the file to format the data so that it matches the types of data acceptable to the

printer. The print service then sends files, one at a time, to the interface program, whichmay do additional filtering before sending the file to the local printer driver or network

printing application.

Print using the AIX print subsystem

In this environment, files to be printed are sent to the AIX print spooler daemon,

qdaemon, using any of the AIX print commands (enq, qprt, lp, or lpr). The spooler

daemon serializes the jobs. The spooler sends jobs, one at a time, to programs thatmay filter the data, before sending it to the local printer driver or network printing

application.

Print using IBM’s Infoprint Manager (or similar advanced printmanagement system)

Infoprint Manager provides serialization and filtering similar to the System V or AIX printsubsystems. In addition, it adds extra capabilities of security, customization, and control

not provided by either System V printing or AIX printing. For additional information, referto the Infoprint Manager Web site:

http://www.printers.ibm.com/internet/wwsites.nsf/vwwebpublished/ipmaix_ww

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-3. AIX print subsystem: Advantages AN121.1

Notes:

Powerful and flexible printer drivers

AIX printer drivers provide many printing options that can be easily controlled usingcommand line options to the qprt command. Printer defaults can be easily managed

using SMIT or the command line.

System management tools

The AIX print subsystem includes mature and powerful system management usingeither the Web-based System Manager or SMIT, as well as the command line. Some

specific system management advantages using the AIX print subsystem are:

• Limits fields and options validation

Gives the user or administrator a range of valid values for print options andprevents the user from using an invalid value


AIX print subsystem: Advantages

• Powerful and flexible printer drivers

• System management tools: – Limits fields and options validation

– Easy printer customization

– Single step print device and queue creation

• Customizable spooling subsystem

7/23/2019 AN121STUD


Student Notebook




• Easy printer customization

• Printers can be customized using menu selections or command line options.Under System V printing, customizing printers often requires a knowledge of

shell programming.

• Single step print device and queue creation

• Under System V printing, you must first add a print device and then create theprint queue.

Customizable spooling subsystem

The AIX print subsystem is specifically designed so that it can be used to serialize other

types of jobs beyond just printing.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-4. System V print subsystem: Advantages AN121.1

Notes:

Compatibility

System administrators with experience in other UNIX variants that use System Vprinting, will find it easy to manage printing under AIX’s System V print subsystem.

Availability of interface programs

Many printer manufacturers provide interface shell scripts to support using theirproducts under System V printing. Usually, only minor modifications are required forindividual UNIX variations. Because the AIX print subsystem is proprietary, an interface

program written for another operating system cannot be used in the AIX printsubsystem. It must be completely rewritten. This has led to a limited number of printers

supported under AIX. With the support of System V printing in AIX 6.1, it is easier formanufacturers to include support for AIX printing.


System V print subsystem: Advantages

• Compatibility

• Availability of interface programs

• Security

• Support for forms

• Standard PostScript filters

• Long term strategy

7/23/2019 AN121STUD


Student Notebook




Security

Controlling user access to printers can be an important issue. For example, you might

need to limit access to the printer used to print checks. System V printing includesbuilt-in capabilities for restricting user access to certain printers. Using the AIX print

subsystem, the backend program must be customized to restrict user access.

Support for forms

If you are printing to preprinted forms, it’s important that other users not be able to printwhile the expensive forms are loaded on the printer. The System V print subsystem

provides a mechanism for mounting forms on printers, and allowing or denying, useraccess based on the form which is mounted. To provide this capability under AIX

printing, you must create multiple queues and manage which queues are enabled whilea form is mounted.

Standard PostScript filters

The System V print subsystem includes a number of filters for converting different file

formats to PostScript. Some formatting and page selection capabilities are alsoincluded.

Long term strategy

IBM’s long term printing strategy for AIX is to maintain compatibility with other UNIX

systems. This means that new features and functions are added to the System V print

subsystem in later releases, while the AIX print subsystem is supported, but not

enhanced in future releases.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-5. Concepts of queues AN121.1

Notes:

Purpose for queues

The purpose of the queuing system is to maintain a queue of jobs that are waiting fortheir turn to run (that is, use some system resource, like a printer or the CPU). The

AIX 6.1 queuing system performs this function.

Benefits of queues

The queues also give control to the system administrator over the queuing mechanism.Therefore, the system administrator can perform tasks like cancelling jobs on queues,

changing priorities of jobs, and so forth.

A queue enables the sharing of resources in an ordered fashion.


Concepts of queues

file1

file2

file3

file4

/dev/lp0

/dev/lp1

file1

file2

.

.

file3

file4

Queue1

Queue2

7/23/2019 AN121STUD


Student Notebook




The diagram above illustrates three important issues:

• One print queue can point to a number of printers (and it is the job of the qdaemon to determine the next available printer to print on), for example, Queue1.

• Users may submit their jobs to a number of different queues.

• A printer can have a number of different queues pointing to it, for example, the

printer /dev/lp1 is accessed by both Queue1 and Queue2.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-6. Printer data flow AN121.1

Notes:

Print request

Local printing is implemented through a queuing mechanism. The user can issue one ofthe printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can

use any one of these four commands, the true entry point to the spooler is the enq command which is responsible for processing the job request, creating a job description

file (JDF), and notifying the qdaemon of the new job.

The qdaemon

The qdaemon process runs at all times. The qdaemon maintains a list of all of the definedqueues and monitors the queues for newly submitted jobs. qdaemon tries to process the

job if the destination device is available, otherwise the job remains in the queue and

qdaemon tries again later.


Printer data flow

# qprt -Pps [-c] file

starts

Backend(piobe)

submits file to

printer

/dev/lp0

uses spool file

(if it exists)

print request

lp lpr qprt

enq

Queuecopy of file (if requested)

Spool

directorymonitors

qdaemon

Virtual Printer Definition

7/23/2019 AN121STUD


Student Notebook




Queueing system process

The flow of the queuing system shown in the visual:

• The printing command calls enq. enq checks to see if the requested queue name is a

valid queue and all of the parameters are correct. If so, it continues, if not, an errormessage is returned to the user.

• An entry is made in the /var/spool/lpd/qdir directory identifying the job to be run. If theprinter command uses an option to indicate that a copy of the file is to be made, thecopy is placed in the spool directory /var/spool/qdaemon.

• The qdaemon is notified of a new job in its qdir directory.

• When the queue is ready for the job, the qdaemon reads information from the

/etc/qconfig file describing the queue.

• The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that

the queue is now working on a new job.

• The qdaemon starts the back-end program, passing the file names and appropriateoptions on the command line.

• The back-end determines the correct data stream characteristics, and merges these

with the actual file. The data stream characteristics are stored as virtual printer

definitions in the /var/spool/lpd/pio/@local directory.

• The back-end program sends its data stream to the device driver for the appropriate

printer.

What happens when a file is spooled?

When a file is spooled, a copy of that file is sent to the print spool directory,

/var/spool/qdaemon. The copy remains in that directory until it is printed. This means

that if you spool a file to the printer, a user could continue to make revisions to theoriginal since the copy in the print spool directory will not be altered. This ensures that

the file that is sent to the printer gets printed in its original form, even if a user edits theoriginal file that is on disk. Spooled files take up disk space in /var until they are printed.

When a file is queued, one line of information is sent to the /var/spool/lpd/qdir

directory which points back to the original file on disk. If revisions are made to the file ondisk before it is pulled from the queue to print, the revised file is printed.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-7. System files associated with printing AN121.1

Notes:

Print related files and directories

The system files and directories used for printing include:

• The /etc/qconfig file describes the queues and devices available for use by theprinting commands.

• The /var/spool directory contains files and directories used by the printing

programs and daemons.

• The /var/spool/lpd/qdir directory contains information about files queued toprint.

• The /var/spool/qdaemon directory contains copies of the files that are spooled

to print.

• The /var/spool/lpd/stat directory is where the information on the status of jobs is

stored. It is used by the qdaemon and backend programs.


System files associated with printing

/etc/qconfig Queue configuration files

/var/spool/* Spooling directories

/var/spool/lpd/qdir/* Queue requests

/var/spool/qdaemon/* Temporary enqueued files

/var/spool/lpd/stat/* Line printer status information

/var/spool/lpd/pio/@local Virtual printer directories

7/23/2019 AN121STUD


Student Notebook




• The /var/spool/lpd/pio/@local directory holds virtual printer definitions. This iswhere the attributes of printers are paired with the attributes of corresponding

data stream types.

It is recommended that SMIT be used to update these device-related files. In mostcases, updating standard system files is not recommended.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-8. qdaemon AN121.1

Notes:

qdaemon introduction

The qdaemon program schedules jobs that have been enqueued. It is a backgroundprocess that is usually started at system IPL through the startsrc command run from

/etc/inittab.

qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for eachqueue. The stanza identifies any queue management options and points to a queue

device stanza, which identifies the destination printer, the formatting options, and theback-end program.


qdaemon

• Manages queues

• Is started in the /etc/inittab file

• Invokes the back-end programs

• Optionally records accounting data

7/23/2019 AN121STUD


Student Notebook




The back-end program

The back-end program is called by qdaemon to actually process each request. The

back-end program is determined by how the printer is connected to the AIX system. Forlocal printing, the back-end program is /usr/lib/lpd/piobe. For a remote printer, it is

/usr/lib/lpd/rembak.

The back-end program uses printer attribute information to prepare the printer andformat the data for output. It also prints header and trailer pages, if they are enabled.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-9. The /etc/qconfig file AN121.1

Notes:

Introduction

The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, andother stanzas describe devices. Every queue stanza requires that one or more device

stanzas immediately follow it in the file.

This file is the key to customizing the queues. Although the file can be edited directly, itis recommended that it be changed through high-level commands or through SMIT.

Queue stanza

This starts with the queue name, which can be up to 20 characters, followed by a colon.

The queue name is used by the person submitting a job to indicate the requestedqueue. The first queue in the /etc/qconfig file is the default queue, which receives any

job requests submitted without a specific queue name.


The /etc/qconfig file

lp0: * One queue pointing to one devicedevice = lp0dev

up = TRUE

discipline = fcfslp0dev:

file = /dev/lp0

backend = /usr/lib/lpd/piobe

header = group

trailer = never

feed = never

lpq: * One queue pointing to two devicesdevice = lpqdev1,lpqdev2

lpqdev1:

file = /dev/lp1


lpqdev2:

file = /dev/lp2


ps: * Two queues pointing to one devicedevice = psdev

psdev:

file = /dev/lp3


asc:

device = ascdev

ascdev:

file = /dev/lp3


7/23/2019 AN121STUD


Student Notebook




Some of the attributes that can be found in the queue stanza include:

Device stanza

The name of a device stanza is arbitrary and can be from one to 20 characters long.

The name is followed by a colon.

The attributes that can be found in the device stanza include:

Attribute Definition Default Other

deviceIdentifies the symbolic name that refers tothe device stanza

discipline Defines the queue serving algorithm fcfs sjn

acctfile Identifies the file used to save printaccounting information false filename

up Defines the state of the queue TRUE FALSE

Attribute Description Default Other

file

Identifies the special file where the output of

back-end is to be redirected

FALSE indicates no redirection and that the

file name is /dev/null.

FALSE

backend

Specifies the full path name of the back-end,

optionally followed by the flags andparameters to be passed to it

access

Specifies the type of access the back-endhas to the file specified by the file fieldThis field is ignored if the file field has the

value, FALSE.

write

both (used

for modemsor backendsneeding

readcapability)

headerSpecifies whether a header page printsbefore each job or group of jobs

neveralways

group

trailerSpecifies whether a trailer page prints after

each job or group of jobsnever

always

group

feedSpecifies either the number of separatorpages to print when the device becomes idleor the value never, which indicates that the

back-end is not to print separator pages

never integer

align

Specifies whether the back-end sends aform-feed control before starting the job, if

the printer was idleFALSE TRUE

7/23/2019 AN121STUD


Student Notebook




5.3

empty The device stanza must contain an attribute that designates the back-end program. Thefunction of the back-end is to manage the printing of the actual job. It also produces the

final data stream that goes to the printer. The most common back-end program for localprinting is piobe.

If different users prefer different default printers, then the PRINTER variable can be set

up, on a per user basis. The PRINTER variable should be set to the queue that the user

wants to be their default queue, for example:

# PRINTER=ps ; export PRINTER

7/23/2019 AN121STUD


Student Notebook




Figure A-10. Printer menu AN121.1

Notes:

Interface to manage spooling

AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. TheWeb-based System Manager supports both print spooling systems.


Printer menu

# smit spooler_choice

Print Spooling


AIX Print Spooling

System V Print Spooling



7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-11. AIX printer menu AN121.1

Notes:

SMIT AIX printer menu

The SMIT fastpath to this menu is smit spooler. Printers and print queues can also bemanaged using the Web-based System Manager.

The options on this menu are:

• Start a Print Job

This option starts a print job by submitting the job to a print queue.

• Manage Print Jobs This option opens a submenu which enables you to cancel jobs, show the status

of jobs, prioritize jobs, hold and release jobs, and move jobs between printqueues.

• List All Prinul3t Queues

This option displays a list of all the print queues and their associated printers.


AIX printer menu

# smit spooler

AIX Print SpoolingMove cursor to desired item and press Enter.

Start a Print Job

Manage Print Jobs

List All Print Queues

Manage Print Queues

Add a Print Queue

Add an Additional Printer to an Existing Print Queue

Change / Show Print Queue Characteristics

Change / Show Printer Connection Characteristics

Remove a Print QueueManage Print Server

Programming Tools

Change / Show Current Print Subsystem



7/23/2019 AN121STUD


Student Notebook




- Manage Print Queues You can start and stop print queues, show the status of print queues and change the

system's default print queue.

- Add a Print Queue This option adds a print queue to the system configuration and creates the

associated queue device and printer device definition, if needed.

- Add an Additional Printer to an Existing Print Queue This option adds another printer to an existing queue.

- Change/Show Print Queue Characteristics This option will provide access to screens that enable you to change the printer

setup, default print job attributes, accounting file setup, and queuing discipline.

- Change/Show Printer Connection Characteristics This option changes or shows printer communication and startup characteristics.

- Remove a Print Queue

This option removes a print queue from the system configuration. It also removesthe associated spooler queue device and printer device definition. If a print queue

has more than one printer associated with it, then all the printers are removed fromthe print queue.

- Manage Print Server

This option configures this machine as a print server. Allows you to control whichclients have print access to this machine, list clients with print access, add and

remove clients, and stop and start the server subsystem.

- Programming Tools

This option enables you to access low-level utilities for manipulating databases andfilters.

- Change/Show Current Print Subsystem Only one of the two print subsystems at the same time can be active. By default,

after installation, the AIX printer subsystem is active.

Other commands

To show the current print subsystem: # switch.prt -d

To change the current print subsystem, you can use either:

-# switch.prt -s AIX

-# switch.prt -d SystemV

To check if binaries are correctly linked, you can use either:

-/usr/bin/lpstat --> /usr/aix/bin/lpstat

-/usr/bin/lpstat --> /usr/sysv/bin/lpstat

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-12. Configuring a printer with a queue AN121.1

Notes:

Adding a local print queue

In our example, assume that the printer is directly attached to our AIX system. Toconfigure a printer attached in this way, choose local.

Some applications contain their own print control mechanisms and thus require that a

printer be configured without a queue. Use the SMIT fastpath smit pdp to define aprinter without a queue.


Configuring a printer with a queue

AIX Print Spooling


Add a Print Queue

Move cursor to desired item and press Enter.Use arrow keys to scroll.#ATTACHMENT TYPE DESCRIPTION

local Printer Attached to Local Hostremote Printer Attached to Remote Host

xstation Printer Attached to Xstationascii Printer Attached to ASCII Terminal

hpJetDirect Network Printer (HP JetDirect)file File (in /dev directory)

ibmNetPrinter IBM Network Printer

ibmNetColor IBM Network Color Printerother User Defined Backend

F1=Help F2=Refresh F3=Cancel

F8=Image F10=Exit Enter=Do/=Find n=Find Next

7/23/2019 AN121STUD


Student Notebook




Figure A-13. Selecting a printer type (1 of 2) AN121.1

Notes:

Specify the printer manufacturer

The next selection that has to be made is the printer type. Notice that IBM is only one ofthe choices and many other manufacturers are supported as well. Note also that there

is an Other option which will be selected if the printer type is not supported; that is, notpart of the list.


Selecting a printer type (1 of 2)

AIX Print Spooling


Printer Type


BullCanon

Dataproducts

Hewlett-PackardIBM

LexmarkOKI

PrintronixQMS

Texas InstrumentsOther (select this if your printer is not listed above)



7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-14. Selecting a printer type (2 of 2) AN121.1

Notes:

Select the manufacturer’s supported printer

If you do not have the software installed for your printer, you are prompted to insert themedia to install the software first, before configuring the device and the queue.

The choice of printer determines the queue, or the virtual printer, setup. For example,

an IBM 4029 Laser Printer is capable of handling PostScript, ASCII, GL Emulation, andPCL Emulation. The SMIT print spooling menus guide you through the creation of up to

four separate queues which submit to the same printer.


Selecting a printer type (2 of 2)

AIX Print Spooling

Printer Type


[MORE...8]ibm2391-2 IBM 2391 Plus printer (Model 2)ibm3112 IBM 3112 Page Printeribm3116 IBM 3116 Page Printeribm3130 IBM 3130 LaserPrinteribm3812-2 IBM 3812 Model 2 Page Printeribm3816 IBM 3816 Page Printeribm4019 IBM 4019 LaserPrinteribm4029 IBM 4029 LaserPrinteribm4037 IBM 4037 LP printeribm4039 IBM 4039 LaserPrinter

[MORE...49]

F1=Help F2=Refresh F3=CancelEsc+8=Image Esc+0=Exit Enter=Do/=Find n=Find Next

7/23/2019 AN121STUD


Student Notebook




Figure A-15. Printer attachment AN121.1

Notes:

Selecting the printer attachment

After selecting a printer type, a pop-up window is displayed where the printer interfacemust be chosen. Possible values are parallel, RS232, and RS422. Some printers

support multiple attachment methods.

Then, a list of installed adapters that support that method of attachment are presented.


Printer attachment

Printer InterfaceMove cursor to desired item and press Enter.

parallel

rs232

rs422

Parent Adapter


ppa0 Available 01-G0 Standard Parallel Port Adapter

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-16. Add the print queues AN121.1

Notes:

Create the print queues

This menu varies depending on the characteristics of the physical printer. If the printer iscapable of two or three different modes or emulations, the system prompts you for a

separate queue name for each emulation. Once these queues are created, they aresometimes referred to as virtual print devices.

Additional queues can be added to this printer after the initial queues are created.


Add the print queues

Add a Print Queue

Type or select values in entry fields.Press Enter AFTER making all desired changes.

[Entry Fields]

Description IBM 4029 LaserPrinterNames of NEW print queues to add

ASCII [asc]GL Emulation []PCL Emulation []PostScript [ps]

Printer connection characteristics* PORT number [p] +

Type of PARALLEL INTERFACE [standard] +Printer TIME OUT period (seconds) [600] +#STATE to be configured at boot time available +

F1=Help F2=Refresh F3=Cancel F4=ListF5=Reset F6=Command F7=Edit F8=ImageF9=Shell F10=Exit Enter=Do

7/23/2019 AN121STUD


Student Notebook




Figure A-17. Remote printing AN121.1

Notes:

Overview of print server setup

Once your system has the local queue set up, any user on that system can print. If themachine is networked, it can also provide printing for client machines by becoming a

print server.

To set up a print server, you need to define the client machine names, or IP addresses,in the /etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be

done through SMIT. To use SMIT, the fastpath to identify the client system is smitmkhostslpd.

The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT

also adds entries to /etc/inittab to ensure that it is started on reboot. The fastpath forthis screen is smit mkitab_lpd.


Remote printing

Set up the local print queue. Define client machines in

/etc/hosts.lpd. Start the lpd daemon.

Configure aremote queue.

lp1host1 client1

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-18. Client authorization AN121.1

Notes:

Set up client authorization

This step is done on the print server. On this screen, enter the client machine's name orIP address. A plus sign ( + ) is also valid. It indicates that this AIX system is a print

server to all machines.


Client authorization

# smit mkhostslpd

Add Print Access for a Remote Client



[Entry Fields]

* Name of REMOTE CLIENT [client1]

(Hostname or dotted decimal address)




7/23/2019 AN121STUD


Student Notebook




Figure A-19. Start lpd AN121.1

Notes:

Starting the lpd daemon

This step is done on the print server. The lpd daemon is controlled by the systemresource controller (SRC). The commands startsrc and stopsrc can be used to

control lpd. By using SMIT, an entry is placed in the /etc/inittab file to ensure that lpd is started each time the machine is booted.


Start lpd

# smit mkitab_lpd

Start the Print Server Subsystem


[Entry Fields]Start subsystem now, on system restart, or both [both] +TRACE lpd daemon activity to syslog? [no] +EXPORT directory containing print attributes? [no] +

Note:Exporting this print server's directorycontaining its print attributes will allowprint clients to mount the directory. Theclients can use this server's print attributes

to display and validate print job attributeswhen starting print jobs destined for thisprint server. Note that the Network FileSystem (NFS) program product must be installedand running


7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-20. Add a remote print queue AN121.1

Notes:

Adding a remote queue on the client

This step is done on the client machine. The procedure to add a remote queue startsthe same way as a local queue: smit spooler > Add a Print Queue. This time, select

remote as the attachment type.

You are prompted to determine if you want to perform any type of filtering orpre-processing to the print job before it is sent. Normally, Standard Processing is

selected. This just sends the job to the printer server and the print server is responsiblefor processing the job.


Add a remote print queue

AIX Print Spooling


Add a Print Queue

Move cursor to desired item and press Enter.Use arrow keys to scroll.#ATTACHMENT TYPE DESCRIPTION

local Printer Attached to Local Hostremote Printer Attached to Remote Host

xstation Printer Attached to Xstationascii Printer Attached to ASCII Terminal

hpJetDirect Network Printer (HP JetDirect)file File (in /dev directory)

ibmNetPrinter IBM Network Printer

ibmNetColor IBM Network Color Printerother User Defined Backend



7/23/2019 AN121STUD


Student Notebook




Figure A-21. Define the print server on the client AN121.1

Notes:

Required input

Only three lines are required to complete the queue set up. You must name your local(to the client) queue name. Then, provide the name of the printer server. Lastly, name

the queue on the print server.


Define the print server on the client

Add a Standard Remote Print Queue


[Entry Fields]*Name of QUEUE to add [rq1]*HOSTNAME of remote server [host1]*Name of QUEUE on remote server [lp1]Type of print spooler on remote server AIX Version 3 or 4 +Backend TIME OUT period (minutes) [] #Send control file first? no +TO turn on debugging, specify output []

file pathnameDESCRIPTION of printer on remote server []


7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-22. Let’s review AN121.1

Notes:


Let's review

1. True or False: The qdaemon is responsible for printing jobs.

________________________________________________

________________________________________________ ________________________________________________

2. To set up remote printing, what daemons are needed, and do theyrun on the server, the client, or both?

________________________________________________ ________________________________________________

3. What does the up = TRUE indicate in the /etc/qconfig file?

________________________________________________

________________________________________________

4. What does discipline mean in reference to the /etc/qconfig file?

What are its possible values? ________________________________________________ ________________________________________________ ________________________________________________

7/23/2019 AN121STUD


Student Notebook




Figure A-23. Submitting print jobs AN121.1

Notes:

Introduction

There are three sets of commands for submitting, listing and cancelling print jobs. Theycome from either System V, BSD, or IBM versions of UNIX and are all available in AIX.

The commands have slightly different options.

Submitting a print job

To submit a print job to a queue, use either lp, lpr, or qprt. All jobs go to the systemdefault queue, unless the PRINTER or LPDEST variables are set. You can also specify, on

the command line, which queue to use. Use -d with lp or use -P with qprt and lpr.


Submitting print jobs

• AIX print systems offer compatibility to System V printcommands

• To submit a job to a queue:

System V BSD AIXlp lpr qprt

$ lp -d queuename filename

- OR-

$ qprt -P queuename filename

7/23/2019 AN121STUD


Student Notebook




5.3

empty Spooling

The commands lp and qprt both queue without spooling, by default. Specify the -c

option if spooling is desired. The command lpr spools and queues by default. The -c option will turn off spooling with lpr.

Multiple copiesTo print multiple copies, with qprt use the -N # option, with lp use -n # option, and

with lpr use just a hyphen followed by the number of copies ( - # ).

The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,depending upon the options specified, copy the file to be printed to the

/var/spool/qdaemon directory.

The enq command

All the print commands,lp

,lpr

, andqprt

, actually call theenq

command which placesthe print request in a queue. enq can be used instead of the other commands to submit

jobs, view job status, and so forth. To submit a job using enq:

$ enq -Pqueuename filename

Requesting a specific printer

Ordinarily your request is serviced by the first device on the queue that becomes

available. However, if more than one printer services a queue, you can request a

specific printer by using the name of the queue followed by a colon (:) and then the

name of the printer. For example, if a system with one queue (ps) is serviced by twoprinters (lp0 and lp1), and a print job needs to be printed on the lp1 printer, use thecommand:

$ qprt -Pps:lp1 /home/team01/myfile

7/23/2019 AN121STUD


Student Notebook




Figure A-24. Listing jobs in a queue AN121.1

Notes:

Checking status with the qchk command

Many of the print job control tasks require the user to supply a job number. The jobnumber, along with other queue status information is available by checking the status of

print jobs.

The fields from the qchk command are as follows:

Queue Queue name

Dev Logical device name for the queue

Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)

Job The job number assigned by the qdaemon

Files Files sent to the queue

User User who sent the print request


Listing jobs in a queue

• To list jobs in a queue:

SYSTEM V BSD AIXlpstat lpq qchk

For example:

$ qchkQueue Dev Status Job Files User PP % Blks Cp Rnk

ps lp0 DOWNQUEUE 569 /etc/motd root 1 1 1

7/23/2019 AN121STUD


Student Notebook




5.3

empty PP Number of pages printed

% Percent completed

Blks The number of 512-byte blocks the print job has been split into

Cp Copies of each job to be printed

Rnk Order on that queue

Other viewing commands

Other commands that can be used to view printer status include:

lpstat Shows status of all queues

lpq Shows status of the default queue

qchk -A Shows status of all queues

enq -A Shows status of all queues

qchk -W Shows status in wide-form mode

This is helpful if using long queue and device names, and 6-digit job numbers. This optionis available with AIX V4.2.1 and later.

7/23/2019 AN121STUD


Student Notebook




Figure A-25. Change characteristics of a queue AN121.1

Notes:

Attributes for Printer Setup option

After selecting 1. Printer Setup, the following attributes can be changed or shown:

• Automatic mode switching to PostScript

• Paper size in trays and the manual feeder

• Envelope size

• ID of the font cards

• Paper trays for header and trailer pages• Formatting flags for the header and trailer pages

• Users to get the intervention messages

• Flags prohibited for all print files

• Mode in which to leave the printer at the end of the job

• Width of printable area on header page


Change characteristics of a queue

# smit chpq

Print Queue to Change / Show



[Entry Fields]

PRINT QUEUE name [ps] +

Characteristics to Change / Show

Move the cursor to the desired item and press Enter.

1.Printer Setup

2.Default Print Job Attributes

3.Accounting File

4.Queuing Discipline

7/23/2019 AN121STUD


Student Notebook




5.3

empty Attributes for Default Print Job option

After selecting 2. Default Print Job Attributes, the following attributes can be changed

or shown:

• Text print options such as emphasized print

• Job processing options such as page number where printing should begin

• Text formatting options such as top Margin and lines per page• Paper/Page Options such as page orientation

• Header/Trailer Page such as separator pages

• Messages/Diagnostics

Attributes for Accounting File option

After selecting 3. Accounting File, the following attribute can be changed or shown:

• Accounting file name

Attributes for Queuing Discipline option

After selecting 4. Queueing Disciple, the following attribute can be changed or shown:

• Queuing discipline

7/23/2019 AN121STUD


Student Notebook




Figure A-26. Removing a queue AN121.1

Notes:

Removing a queue with SMIT

It is not possible to remove a queue containing jobs. The jobs would have to beremoved first.

The last option on the screen asks whether the printer device definition should be kept.

This option will only appear if the queue being removed is the only queue defined for aprinter. Note that by default, it will be removed.


Removing a queue

# smit rmpq

Remove a Print Queue


[Entry Fields]Print queue to remove ps:lp0Local printer device /dev/lp0

KEEP the local printer device? no +


7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-27. Managing queues AN121.1

Notes:

SMIT Managing Queues options

The following actions can be performed:

• Show Status of Print Queue gives output similar to qchk and lpstat

• Stop a Print Queue runs the disable command

• Start a Print Queue runs the enable command

• Set the System's Default Print Queue reorders the /etc/qconfig file to ensurethe default queue is the first queue in the file


Managing queues

# smit pqmanage

Manage Print Queues


Show Status of Print Queues

Stop a Print Queue

Start a Print Queue

Set the System's Default Print Queue



7/23/2019 AN121STUD


Student Notebook




Figure A-28. Understanding queue status AN121.1

Notes:

Introduction

The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. Thereare a number of different status states that may be seen.

DEV_BUSY

This status can occur when more than one queue is defined to a print device andanother queue is currently using the print device. It could result when the qdaemon attempts to use the printer port device and another application is currently using that

print device. Normal recovery: You have to wait until the queue or application hasreleased the print device, or kill the job or process that is using the printer port.


Understanding queue status

Queue Dev Status Job Files User PP % Bks Cp Rnk

ps lp0 DOWN

QUEUED 1569 /etc/motd root 1 1 1

State Description

DEV_BUSY Printer is busy servicing other print requests

DEV_WAIT Queue is waiting for the printer

DOWN Queue is down and no jobs will be servicedfrom this queue until it is brought up

OPR_WAIT The queue is waiting for operator intervention

QUEUED Job is queued and waiting

READY Everything is ready to receive a print request

RUNNING Print file is printing

UNKNOWN Problem with the queue: Need to investigatefurther to determine cause

7/23/2019 AN121STUD


Student Notebook




5.3

empty DEV_WAIT

This status means that the queue is waiting on the printer because the printer is offline,

out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes

the jobs have to be removed from the queue before the problem can be corrected.

DOWN

This status is set when the device driver cannot communicate with the printer afterTIME OUT seconds (which can be set through SMIT). This variable indicates the

amount of time, in seconds, that the queuing system waits for a printer operation. If theprinter is off, the queue will go down. Also, the operator can bring down the queue

intentionally, which might be necessary for system maintenance. Normal recovery:Correct the problem that has brought the queue down and then bring the queue up

again.

OPR_WAIT

This status is set when the back-end program is waiting on the operator to change thepaper, change forms, and so on. This is usually software related. Normal recovery:

Respond appropriately to the request that is made by the queuing system.

QUEUED

This status is set when a print file is queued and is waiting in line to be printed.

READY

This is the status of a queue when everything involved with the queue is ready to queueand print a job.

RUNNING

This status occurs when a print file is printing.

UNKNOWN

This status occurs when a user creates a queue on a device file that another queue is

using, and its status is DEV_WAIT. The queue cannot get a status from the printerdevice when it is on hold. Normal recovery: Bring down the other queue or fix the

problem with the printer (paper out, jammed, offline and so on). Bring the new queuedown and then back up so that the queue will register as READY.

7/23/2019 AN121STUD


Student Notebook




Figure A-29. Bringing queues up and down AN121.1

Notes:

Enabling a queue

Occasionally, problems with printers can bring a queue down. Once the problem hasbeen fixed it can be brought back up with:

# enable <queuename >

Disabling a queue

Sometimes, you may wish to bring a queue down. This is recommended if any

maintenance is going to be performed on the printer. You can do this with either of thecommands:

• # disable <queuename >

• # enq -D -P <queuename >


Bringing queues up and down

# lpstat

Queue Dev Status Job Files User PP % Bks Cp Rnkdraft lp0 DOWN

QUEUED 132 /etc/motd team01 1 1 1

Quality lp0 READY

• To enable a queue whose status is DOWN:

# enable draft

• To disable a queue whose status is READY:# disable quality

You must be a member of the printq group or root.

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-30. Managing Print Jobs AN121.1

Notes:

Who can manage print jobs?

The root user or a member of the print group can work with any print request. Normalusers can only work with their own print jobs.


Manage Print Jobs

# smit jobs

Manage Print Jobs


Cancel a Print Job

Show the Status of Print Jobs

Prioritize a Print Job

Hold / Release a Print Job

Move a Job between Print Queues



7/23/2019 AN121STUD


Student Notebook




Figure A-31. Cancel a Print Job AN121.1

Notes:

Introduction

The qcan command cancels either a particular job number or all jobs in a print queue.

Normal users can only cancel their own jobs, whereas root can cancel any job.

Commands to cancel print jobs

To cancel a job you can either use the smit qcan fastpath, or use one of the followingcommands:

• cancel (System V)

• lprm (BSD)

• qcan (AIX)


Cancel a Print Job

# smit qcan

Cancel a Print Job



[Entry Fields]

PRINT QUEUE containing job [ ] +

(required for remote jobs)

* Print JOB NUMBER [ ] +#




7/23/2019 AN121STUD


Student Notebook




5.3

empty Examples

To cancel job number 127 on whatever queue the job is on, you can use either of the

following two commands:

• # qccel 127

To cancel all jobs queued on printer lp0, you can use either of the following two

commands:

• # qcan -X -Plp0

• # cancel lp0

7/23/2019 AN121STUD


Student Notebook




Figure A-32. Job priority example AN121.1

Notes:

Processing order

The discipline line in the /etc/qconfig file determines the order in which the printerserves the requests in the queue. In the queue stanza, the discipline field can either

be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no

discipline in the queue stanza, requests are serviced in fcfs order.

Changing print job priorityEach print job also has a priority that can be changed through SMIT (smit qpri) or with

the qpri command. Print jobs with higher-priority numbers are handled before requestswith lower-priority numbers. Only a user who has root authority or who belongs to the

printq group can change the priority of a local print request.


Job priority example

# qchk -LQueue Dev Status Job Name From To ______ ___ _______ Submitted Rnk Pri Blks Cp PP %

ps lp0 DOWNQUEUED 569 /etc/qconfig root root1/07/03 09:39:25

1 15 2 1/etc/qconfig

QUEUED 570 /etc/motd root root1/07/03 09:40:15 2 15 1 1

/etc/motd

# qpri -#570 -a 25# qchk -LQueue Dev Status Job Name From To ______ ___ ______ Submitted Rnk Pri Blks Cp PP %ps lp0 DOWN

QUEUED 570 /etc/motd root root1/07/03 09:40:15 1 25 1 1

/etc/motd

QUEUED 569 /etc/qconfig root root1/07/03 09:39:25 2 15 2 1

/etc/qconfig

7/23/2019 AN121STUD


Student Notebook




5.3

emptyNote

You can only set priorities on local print jobs. Remote print jobs are not supported.

The qprt -R command can also be used to set job priority.

Example

The example in the visual shows that when print jobs are submitted they receive thedefault priority of 15. The example shows how the qpri command can be used to

change the priority of job number 570 to 25. Use the qchk -L command to show thenew job priorities.

7/23/2019 AN121STUD


Student Notebook




Figure A-33. Holding a job in a queue AN121.1

Notes:

Holding and releasing a print job

The qhld command is used to put a temporary hold on a job that is waiting in thequeue. The qhld command is also the command that is used to release job back in the

queue.

The visual provides a example of using the qhld command to hold and then release job# 1493.

This task can also be accomplished through smit (smit qhld).


Holding a job in a queue

# qchk

Queue Dev Status Job Files User PP% Blks Cp Rnk

ps lp0 DEV_BUSYQUEUED 1493 /etc/qconfig root 1 1 1

# qhld -#1493

# qchk


ps lp0 DEV_BUSY

HELD 1493 /etc/qconfig root 1 1 1

# qhld -r -#1493

# qchk


ps lp0 DEV_BUSY

QUEUED 1493 /etc/qconfig root 1 1 1

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-34. Moving a job between queues AN121.1

Notes:

Moving print jobs

You can move jobs between queues in AIX. The command qmov is used. The -m optionspecifies what queue to move the job to and the -# option specifies the job number.

This can be done through smit using smit qmov.


Moving a job between queues

# qchk -A


asc lp0 DOWN

QUEUE 11 /etc/qconfig root 2 1 1

ps lp0 READY

# qmov -mps -#11

# qchk -A


asc lp0 DOWN

ps lp0 RUNNING 11 /etc/qconfig root 2 1 1

7/23/2019 AN121STUD


Student Notebook




Figure A-35. Printing-related directories to monitor AN121.1

Notes:

Why directories may fill up

The directories shown in the visual fill up very quickly if the spooling mechanismencounters a problem. For example, if the queue goes down, or if there are many users

submitting jobs, there may not be enough room to handle the requests.

Remember, when print jobs are submitted to spooling rather than just queuing, a copyof that file is created and stored in the /var/spool/qdaemon directory until that job has

printed. At that time, the temporary file is removed. If the queue or multiple queues quitworking, jobs don't get through the system. This could cause a full condition in this

directory structure.


Printing-related directories to monitor

• Contains queue requests(job description files)

• Temporary copies of enqueued filesif spooling

/

var

spool

lpd

qdir

qdaemon

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-36. Printing problem checklist AN121.1

Notes:

First step

If you experience problems trying to print, start by checking the simple things first.

The easiest test to perform is to cat a file and redirect standard output to the printerdevice file. This by-passes the queuing system and helps to narrow the problem.

Check hardware

After redirecting a file to the print device, if it does not print, the problem is usually

hardware-related. Check to make sure the cables are attached securely. Make sure theprinter is ready to print (online). Make sure there is paper in the printer and there are no

paper jams.


Printing problem checklist

# cat file > /dev/lp0

Any output?

Check physical cables Printer online and ready No paper jams Not out of paper

qdaemon running

Check /etc/qconfig Queue enabled /var and /tmp not full

NO YES

Check hardware Check software

7/23/2019 AN121STUD


Student Notebook




Potential software problems

If something does print out using cat but not print out when using lp, qprt, or lpr, the

problem is most likely software-related.

Check to make sure the qdaemon is running. If not, start it.

# lssrc -s qdaemon

# startsrc -s qdaemon

Look at the contents of /etc/qconfig to make sure it is not corrupt.

Ensure the queue is enabled. If not, enable it.

# lpstat

or

# qprt -A

# enable queuename

Check to make /tmp and /var are not full with the command: df

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-37. Checkpoint (1 of 2) AN121.1

Notes:


Checkpoint (1 of 2)

1. True or False: One of the advantages of queues is that each user canhave a different default queue set up for them.

________________________________________________

2. True or False: The /etc/qconfig file is read by the back-end program todetermine what the queue discipline is.

________________________________________________

3. True or False: All printer software is automatically installed when youinstall the base operating system.

________________________________________________

4. What is the difference between these two commands?

# qprt -Pasc file1# qprt -c -Pasc file1

________________________________________________

7/23/2019 AN121STUD


Student Notebook




Figure A-38. Checkpoint (2 of 2) AN121.1

Notes:


Checkpoint (2 of 2)

5. What three methods can be used to find out what the system defaultqueue is?

6. What users can bring print queues down?

_______________________________________________

7. True or False: Once the queue is down, no more jobs can be submittedto the printer.

_______________________________________________

8. Can users hold all their print jobs in a specific queue? If so, how?

________________________________________________ ________________________________________________

7/23/2019 AN121STUD


Student Notebook




5.3

empty

Figure A-39. Exercise 18 AN121.1

Notes:

Introduction

This exercise gives you an opportunity to work with the AIX queuing system. If yourclassroom does not have locally attached printers, your instructor needs to supply you

with local modification for this lab.

This exercise can be found in your Student Exercise Guide .


Exercise 18: Printers and queues

• Add a printer and a queue

• Install printer support software (if needed)

• Check the queue

• Change the characteristics of a queue

• Manage jobs in queues

• Troubleshooting printer problems (optional)

7/23/2019 AN121STUD


Student Notebook




Figure A-40. Unit summary AN121.1

Notes:


Unit summary

• Queues can be added for local or remote printing.

• Queue characteristics can be changed either throughSMIT or through high-level commands.

• Queues can be brought up and down by the systemadministrator.

• The following tasks were considered:

– Submit and cancel print jobs

– List the jobs in a queue – Hold and release jobs in a queue

– Move a job from one queue to another

– Change priorities of a print job

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Appendix B. Checkpoint solutions B-1

5.2

P Appendix B. Checkpoint solutions

Unit 1


IBM Power SystemsCheckpoint solutions

1.What is the name of the device which creates and controlsLPARs? The HMC.

2. True or False: An AIX operating system can have no realdevices.

3.True or False: Virtualization features provided by the VIOServer can be used by default on any Power system.Lower end machines require a PowerVM license.

4. True or False: The su command enables you to get root

authority even if you signed on using another user ID. You must also know the root password.

7/23/2019 AN121STUD


Student Notebook



B-2 AIX installation © Copyright IBM Corp. 2009

Unit 2


IBM Power Systems

Checkpoint solutions

1. List the three main system management tools available on AIX.SMIT, WebSM, and IBM Systems Director console for AIX

2. What is the purpose of the smit.script file?To obtain the command(s) SMIT has just executed

3. What information can one get from looking at thesystem configuration details in IBM Systems DirectorConsole?

Firmware/model information

Network configuration, IP address etc


A list of Top CPU logging processes

File system information

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 3


IBM Power Systems


1. What is the first process that is created on the systemand which file does it reference to initiate all the otherprocesses that have to be started?

The initial process is ignit. The file init references is /etc/inittab for information regarding other processesthat have to be started.

2. Which AIX feature can be used to stop and startsubsystems and groups of daemons ?

The System Resource Controller (SRC)

3. True or False: You can only execute the AIX shutdowncommand from the console.

7/23/2019 AN121STUD


Student Notebook




Unit 4


IBM Power Systems


1. AIX V6.1 can that be installed from which of the following?(Select all that are correct)

a. 8 mm tape

b. CD-ROM

c. Diskette

d. NIM Server

2. True or False: A Preservation install preserves all data on the

disks.Preserves some of the existing data on the disk selected for installation. This method overwrites the user (/usr), variable(/var), temporary (/tmp), and root (/) file systems. Otherproduct application files and configuration data are destroyed.

3. What is the console used for during the installation process?

The console is used to display all the system messages and tointeract with the installation.

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 5


IBM Power Systems


1.Which of the following states must your software be in, in order for youto be able to use it? Select all that apply.

a. Applied stateb. Removed statec. Install stated.Commit state

2.What command is used to list all installed software on your system?lslpp –l or –L

3.Which of the following can you install as an entity? Select all that apply.a. ifixb.LPPc. Packaged.Bundle

4.True or False: If a problem is found with the inetd subsystem, it ispossible to download and apply a fix to bos.net.tcpip.server fileset tocorrect the problem.

7/23/2019 AN121STUD


Student Notebook




Unit 6


IBM Power Systems


1. What does the following location code mean?

Port 1 of a 4Gb Fibre Card, connected to planar 1, card slot 3, in Power550 CEC (U78A0)

2. What is the purpose of a device major number? How would you

locate the major number of a disk, hdisk18?The AIX Kernel can determine the actual driver and device to beaccessed for a user-level request.Perform a long directory list of the /dev directory.

3. True or False: cfgmgr is a binary executable that runs at systeminitialization time to configure devices on the system.

4. What commands can you run on AIX to document the systemconfiguration? prtconf, lsdev, lscfg, lsslot, lssattr

fcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapterfcs0 U78A0.001.DNWGGRX-P1-C3-T1 4Gb FC PCI Express Adapter

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 7


IBM Power Systems

Checkpoint solutions (1 of 3)

VGDA

1. Volume Group___

Descriptor Area__

2. Physical Partition

3. Logical Partition

4. Logical Volume

6. Physical Volume

5. Volume Group

7/23/2019 AN121STUD


Student Notebook




Unit 7


IBM Power Systems


7. How many different physical partition (PP) sizes can be set withina single VG? One

8. By default, how big are PPs? Traditionally 4 MB, but LVMchooses an optimal size based on the #PPs/PV and the sizeof largest PV in the VG.

9. How many volume groups (VGs) can a physical volume (PV)belong to?

a) Depends on what you specify through SMIT

b) Only one

c) As many VGs as exist on the system

10. True or False: All VGDA information on your system is identical,regardless of how many volume groups (VGs) exist. All VGDAswithin a VG are the same.

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 7


IBM Power Systems


Use the following output to answer the questions below:

11. With which logical volume is the /home file system associated? /dev/hd1

12. What type of file systems are being displayed?Enhanced journaled file systems (JFS2), and CD-ROM (CDRFS)

13. What is the mount point for the file system located on the /dev/hd4 logicalvolume? /

14. Which file system is used primarily to hold user data and home directories? /home

# lsfs


/dev/hd4 -- / jfs2 294912 -- yes no








/dev/hd11admin-- /admin jfs2 262144 -- yes no

# lsfs


/dev/hd4 -- / jfs2 294912 -- yes no








/dev/hd11admin-- /admin jfs2 262144 -- yes no

7/23/2019 AN121STUD


Student Notebook




Unit 8


IBM Power Systems


1. True or False: A logical volume can span more than onephysical volume.

2. True or False: A logical volume can span more than onevolume group.

3. True or False: The contents of a physical volume can bedivided between two volume groups.

4. True or False: If mirroring logical volumes, it is not

necessary to perform a backup. False. You still need toback up to external media.

5. True or False: SMIT can be used to easily increase ordecrease the size of an enhanced JFS filesystem.

6. True or False: Striping can be combined with mirroring toprovide increased performance and availability

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 9


IBM Power Systems


1. What command will display the i-node information fora file? istat

2. Does the size of the file system change when the sizeof the logical volume it is on is increased? No

3. If you remove a file system, is the logical volume on

which it sits removed as well? Yes

4. When a file system is created, what needs to be donein order to make it available for use? The file systemmust be mounted using the mount command.

5. What size should an external JFS log be set to?1 LP

7/23/2019 AN121STUD


Student Notebook




Unit 9


IBM Power Systems


6. A file system is 2 GB. How would you do the following?Add 1 GB

chfs –a size=+1G <file system>

Set the size to 5 GBchfs –a size=5G <file system>

7. What command can you use to determine if a filesystem is full? df

8. What command can produce a report listing the size inMB, of all the files and directories contained in aspecific location?du

9. What command checks and interactively repairsinconsistent file systems? fsck

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 10


IBM Power Systems


1. What conclusions regarding potential paging space problemscan you reach based on the following listing?

Obviously, it is difficult to come to any conclusions regarding the state of thissystem just by looking at a snapshot picture like the one above. However, at firstglance, the following potential problems can be noticed:

• paging00 is underutilized• paging01 is over utilized, and the size seems to be too small. Both user-defined

paging spaces are on the same disk.• paging01 should be deleted. The administrator should investigate why there is a high

level of paging and possibly increase the size of hd6 and paging00.

2. True or False: The size of paging00 (in the above example)can be dynamically decreased.


Space Volume Group





Space Volume Group




7/23/2019 AN121STUD


Student Notebook




Unit 11


IBM Power Systems


1. What is the difference between the following two commands?• find /home/fred | backup -ivf /dev/rmt0

• cd /home/fred; find . | backup -ivf /dev/rmt0

2. On a mksysb tape, if you entered tctl rewind and then tctl -

f/dev/rmt0.1 fsf 3, which element on the tape could you look at?

You would be at the start of the backed up images of the files, havingskipped over the first three sections of the tape (boot image, mkinsttape,and dummy toc).

3. Which command could you use to restore these files? The files werebacked up using the backup command so you would have to use therestore command.

4. True or False: smit mksysb backs up all file systems, provided they

are mounted. mksysb only backs up rootvg file systems. To back up

other volume groups, you must use the savevg command.

Option a) backs up the files using the full path names, whereasoption b) backs up the file names using the relative path names.Therefore, b)’s files can be restored into any directory.

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 12


IBM Power Systems


1. Which file contains an audit trail of su activity? /var/adm/sulog

2. If the following command was run:chmod 6754 file1What would the file permissions be for file1?r w s r w- r - -

3. A binary executable with the SUID flag set is owned by user root.

User michael executes the binary. The executable runs underwhich user, root or michael?root

4. A shared directory is created on the system. What flag must beset to ensure only the owner of the files can delete them?SVTX or sticky bit

5. Why is an umask of 027 recommended?This value removes all permission bits for the “others”category, which enhances security.

7/23/2019 AN121STUD


Student Notebook




Unit 12


IBM Power Systems


1. What is the difference between the commands, pwdadmand passwd?

The pwdadm command can only be run by a memberof the security group

2. Which password change command does SMIT use?

passwd

3. True or False: When you delete a user from the system,all the user's files and directories are also deleted.

4. True or False: RBAC is disabled by default on AIX 6.1.

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 12


IBM Power Systems


1. If an ordinary user forgets their password, can the systemadministrator find out by querying the system as to what theuser's password was set to?No

Why or why not?Because the passwords are held in encrypted format, soeven the system administrator cannot tell what the passwordwas set to.

2. True or False: An asterisk “mary:*:” in the second field of the/etc/passwd file, means there is a vaild password set in theshadow password file for user mary.

3. Password restrictions are set in which of the following files?/etc/passwd/etc/security/passwd/etc/security/restrictions

/etc/security/user

7/23/2019 AN121STUD


Student Notebook




Unit 13


IBM Power Systems


1. True or False: The at.allow and at.deny files must beused to specify which users are allowed and denied useof the at command.

False. Only one or the other of these files should beused.

2. Give a crontab entry that would specify that a job should

run every Thursday at 10 past and 30 minutes pastevery hour.10,30 * * * 4 <job >

3. How would you schedule the script named myscript, torun 10 minutes from now?

# at now + 10 minutesmyscript^d

#

7/23/2019 AN121STUD


Student Notebook




5.2

P Unit 14


IBM Power Systems


1. What are the following used for?

• /etc/rc.tcpipstarts TCP/IP daemons (sendmail, inetd, etc.)

• ssh

to login or run command on a remote machine (securely)

• VNCto use a remote graphical display on a local desktop machine

• /etc/services

to store server side ports of TCP/IP applications2. What is multipath routing and why should we use it?

Multipath routing allows us to specify multiple paths tohosts and gateways for load balancing and high availability

3. How can we disable the FTP protocol on AIX?

Comment out the ftp line in /etc/inetd.conf and refresh theinetd daemon.

7/23/2019 AN121STUD


Student Notebook




Unit 15


IBM Power Systems


1.True or False: Workload partitions require Power6 systems.

2.What are the two types of workload partitions?System and Application

3.What command builds and starts an application workload partition?wparexec

4.How is the network connection for a WPAR implemented?Using the network alias feature on the global environment’s physical or virtualnetwork interface

5.What are the three forms of file system access within a WPAR?Shared-system: /usr and /opt are shared read-only from the global environmentthrough namefs mounts.NFS hosted: /usr and /opt filesystems are nfs mounted from a host systemNon shared: /var, /home, /tmp, and / are separate local file systems (jfs/jfs2) withinthe WPAR

7/23/2019 AN121STUD


Student Notebook




5.2

P Appendix A



1. True or False: One of the advantages of queues is that each user can havea different default queue set up for them.

True. This can be accomplished using the PRINTER environment

variable.

2. True or False: The /etc/qconfig file is read by the back-end program todetermine what the queue discipline is.

False. It is read by qdaemon.

3. True or False: All printer software is automatically installed when you install

the base operating system.False. Only a handful of printer software is installed by default.

4. What is the difference between these two commands?# qprt -Pasc file1

# qprt -c -Pasc file1

The -c flag produces a spool file.

7/23/2019 AN121STUD


Student Notebook




Appendix A



5. What three methods can be used to find out what the system defaultqueue is?

First entry in /etc/qconfig file The output from the qchk command with no options The first queue listing from the lpstat command

6. What users can bring print queues down?

The root user or members of the printq group.

7. True or False: Once the queue is down, no more jobs can be submittedto the printer. False. Jobs can be submitted to the queue. However,they will not be printed until the queue is brought up again.

8. Can users hold all their print jobs in a specific queue? If so, how?

Yes, they can by only specifying a queue name and not individual job numbers.

7/23/2019 AN121STUD


Student Notebook



© Copyright IBM Corp. 2009 Glossary X-1

5.3

os Glossary

Note:

The entries in this glossary were developed anumber of years ago and indicate the use of variousterms at a particular point in UNIX history. Hence,

some of the definitions may not be applicable tocurrent UNIX implementations such as AIX 6, andsome other statements in the entries may not becurrent. However, this glossary still providesvaluable information regarding the historical use ofthe terms listed here.

This glossary includes terms and definitions from:

• The American National Standard Dictionary forInformation Systems , ANSI X3.172-1990,copyright 1990 by the American NationalStandards Institute (ANSI). Copies may bepurchased from the American NationalStandards Institute, 11 West 42nd Street, NewYork, New York 10036. Definitions are identifiedby the symbol (A) after the definition.

• The ANSI/EIA Standard— 440-A, Fiber OpticTerminology . Copies may be purchased fromthe Electronic Industries Association, 2001Pennsylvania Avenue, N.W., Washington, DC20006. Definitions are identified by the symbol(E) after the definition.

• The Information Technology Vocabulary ,developed by Subcommittee 1, Joint TechnicalCommittee 1, of the International Organizationfor Standardization and the InternationalElectrotechnical Commission (ISO/IECJTC1/SC1). Definitions of published parts of thisvocabulary are identified by the symbol (I) afterthe definition; definitions taken from draftinternational standards, committee drafts, andworking papers being developed by ISO/IECJTC1/SC1 are identified by the symbol (T) afterthe definition, indicating that final agreement hasnot yet been reached among the participating

National Bodies of SC1.• The Network Working Group Request for

Comments: 1208.

The following cross-references are used in thisglossary:

Contrast with: This refers to a term that has anopposed or substantively different meaning.

Synonym for: This indicates that the term has thesame meaning as a preferred term, which isdefined in its proper place in the glossary.

Synonymous with: This is a backward referencefrom a defined term to all other terms that have thesame meaning.

See: This refers the reader to multiple-word termsthat have the same last word.

See also: This refers the reader to terms that have arelated, but not synonymous, meaning.Deprecated term for: This indicates that the term

should not be used. It refers to a preferred term,which is defined in its proper place in the glossary.

Aaccess mode A matrix of protection information

stored with each file specifying who may do what toa file. Three classes of users (owner, group, allothers) are allowed or denied three levels ofaccess (read, write, execute).

access permission See access mode.access privilege See access mode.

address space The address space of a process isthe range of addresses available to it for code anddata. The relationship between real and perceivedspace depends on the system and supporthardware.

AIX Advanced Interactive Executive. IBM'simplementation of the UNIX Operating System.

AIX Family Definition IBM's definition for thecommon operating system environment for allmembers of the AIX family. The AIX FamilyDefinition includes specifications for the AIX Base

System, User Interface, Programming Interface,Communications Support, Distributed Processing,and Applications.

alias The command and process of assigning a newname to a command.

ANSI American National Standards Institute. Astandards organization. The United States liaisonto the International Standards Organization (ISO).

application program A program used to perform anapplication or part of an application.

argument An item of information following acommand. It may, for example, modify thecommand or identify a file to be affected.

ASCII American Standard Code for InformationInterchange. A collection of public domaincharacter sets considered standard throughout thecomputer industry.

awk An interpreter, included in most UNIX operatingsystems, that performs sophisticated text patternmatching. In combination with shell scripts, awkcan be used to prototype or implement applicationsfar more quickly than traditional programmingmethods.

7/23/2019 AN121STUD


Student Notebook



X-2 AIX installation © Copyright IBM Corp. 2009

Bbackground (process) A process is “in the

background” when it is running independently ofthe initiating terminal. It is specified by ending theordinary command with an ampersand (&). Theparent of the background process does not wait forits “death”.

backup diskette A diskette containing information

copied from another diskette. It is used in case theoriginal information is unintentionally destroyed.

Berkeley Software Distribution Disseminating armof the UNIX operating system community at theUniversity of California at Berkeley; commonlyabbreviated “BSD”. Complete versions of the UNIXoperating system have been released by BSD for anumber of years; the latest is numbered 4.3. Thephrase “Berkeley extensions” refers to featuresand functions, such as the C shell, that originatedor were refined at UC Berkeley and that are nowconsidered a necessary part of any fully configuredversion of the UNIX operating system.

bit bucket The AIX file “/dev/null” is a special file

which will absorb all input written to it and return nodata (null or end of file) when read.

block A group of records that is recorded orprocessed as a unit.

block device A device that transfers data in fixedsize blocks. In AIX, normally 512 or 1024 bytes.

block special file An interface to a device capableof supporting a file system.

booting Starting the computer from scratch (poweroff or system reset).

break key The terminal key used to unequivocallyinterrupt the foreground process.

BSD Berkeley Software Distribution.

• BSD 2.x - PDP-11 Research• BSD 4.x - VAX Research• BSD 4.3 - Current popular VAX version of UNIX.

button

1. A word, number, symbol, or picture on thescreen that can be selected. A button mayrepresent a command, file, window, or value, forexample.

2. A key on a mouse that is used to select buttonson the display screen or to scroll the displayimage.

byte The amount of storage required to representone character; a byte is 8 bits.

C

C The programming language in which the UNIXoperating system and most UNIX applicationprograms are written. The portability attributed toUNIX operating systems is largely due to the factthat C, unlike other higher level languages, permitsprogrammers to write systems-level code that willwork on any computer with a standard C compiler.

change mode The chmod command will changethe access rights to your own files only, foryourself, your group or all others.

character I/O The transfer of data byte by byte;normally used with slower, low volume devicessuch as terminals or printers.

character special file An interface to devices notcapable of supporting a file system; a byte orienteddevice.

child The process emerging from a fork commandwith a zero return code, as distinguished from theparent which gets the process id of the child.

client User of a network service. In the client/servermodel, network elements are defined as eitherusing (client) or providing (server) networkresources.

command A request to perform an operation or runa program. When parameters, arguments, flags, orother operands are associated with a command,the resulting character string is a single command.

command file A data file containing shellcommands. See shell file, or shell script.

command interpreter The part of the operatingsystem that translates your commands intoinstructions that the operating system understands.command or previous command key.

concatenate The process of forming one characterstring or file from several. The degenerate case isone file from one file just to display the result usingthe cat command.

console The only terminal known explicitly to theKernel. It is used during booting and it is thedestination of serious system messages.

context The hardware environment of a process,including:

• CPU registers• Program address• Stack• I/O status

context The entire context must be saved during aprocess swap.

control character Codes formed by pressing andholding the control key and then some other key;used to form special functions like End Of File.

control-d See eof character.

cooked input Data from a character device fromwhich backspace, line kill, and interrupt characters

have been removed (processed). See raw input.current directory The currently active directory.

When you specify a file name without specifying adirectory, the system assumes that the file is inyour current directory.

current subtree Files or directories attached to thecurrent directory.

curses A C subroutine library providing flexiblescreen handling. See Termlib and Termcap.

7/23/2019 AN121STUD


Student Notebook




cursor A movable symbol (such as an underline) ona display, usually used to indicate to the operatorwhere to type the next character.

customize To describe (to the system) the devices,programs, users, and user defaults for a particulardata processing system.

DDASD Direct Access Storage Device. IBM's term for

a hard disk.

device driver A program that operates a specificdevice, such as a printer, disk drive, or display.

device special file A file which passes data directlyto/from the device.

directory A type of file containing the names andcontrolling information for other files or otherdirectories.

directory pathname The complete and uniqueexternal description of a file giving the sequence ofconnection from the root directory to the specifieddirectory or file.

diskette A thin, flexible magnetic plate that ispermanently sealed in a protective cover. It can beused to store information copied from the disk.

diskette drive The mechanism used to read andwrite information on diskettes.

display device An output unit that gives a visualrepresentation of data.

display screen The part of the display device thatdisplays information visually.

Eecho To simply report a stream of characters, either

as a message to the operator or a debugging toolto see what the file name generation process isdoing.

editor A program used to enter and modifyprograms, text, and other types of documents.

environment A collection of values passed either toa C program or a shell script file inherited from theinvoking process.

escape The backslash “\” character specifies thatthe single next character in a command is ordinarytext without special meaning.

Ethernet A baseband protocol, invented by theXEROX Corporation, in common use as the local

area network for UNIX operating systemsinterconnected via TCP/IP.

event One of the previous lines of input from theterminal. Events are stored in the (Berkeley)History file.

event identifier A code used to identify a specificevent.

execution permission For a file, the permission toexecute (run) code in the file. A text file must haveexecute permission to be a shell script. For adirectory, the permission to search the directory.

Ffield A contiguous group of characters delimited by

blanks. A field is the normal unit of text processedby text processes like sort.

field separator The character used to separate onefield from the next; normally a blank or tab.

FIFO “First In, First Out”. In AIX, a FIFO is apermanent, named pipe which allows two

unrelated processes to communicate. Only relatedprocesses can use normal pipes.

file A collection of related data that is stored andretrieved by an assigned name. In AIX, files aregrouped by directories.

file index Sixty-four bytes of information describinga file. Information such as the type and size of thefile and the location on the physical device onwhich the data in the file is stored is kept in the fileindex. This index is the same as the AIX OperatingSystem i-node.

filename expansion or generation A procedureused by the shell to generate a set of filenamesbased on a specification using metacharacters,which define a set of textual substitutions.

file system The collection of files and filemanagement structures on a physical or logicalmass storage device, such as a diskette orminidisk.

filter Data-manipulation commands (which, in UNIXoperating systems, amount to small programs) thattake input from one process and perform anoperation yielding new output. Filters includeeditors, pattern-searchers, and commands thatsort or differentiate files, among others.

fixed disk A storage device made of one or moreflat, circular plates with magnetic surfaces on

which information can be stored.fixed disk drive The mechanism used to read and

write information on a fixed disk.

flag See Options.

foreground (process) An AIX process whichinteracts with the terminal. Its invocation is notfollowed by an ampersand.

formatting The act of arranging text in a formsuitable for reading. The publishing equivalent tocompiling a program.

fsck A utility to check and repair a damaged filestructure. This normally results from a powerfailure or hardware malfunction. It looks for blocks

not assigned to a file or the free list and puts themin the free list. (The use of blocks not pointed atcannot be identified.)

free list The set of all blocks not assigned to a file.

full path name The name of any directory or fileexpressed as a string of directories and filesbeginning with the root directory.

7/23/2019 AN121STUD


Student Notebook




Ggateway A device that acts as a connector between

two physically separate networks. It has interfacesto more than one network and can translate thepackets of one network to another, possiblydissimilar network.

global Applying to all entities of a set. For example:

• A global search - look everywhere

• A global replace - replace all occurrences• A global symbol - defined everywhere.

grep An AIX command which searches for stringsspecified by a regular expression. (Global RegularExpression and Print.)

group A collection of AIX users who share a set offiles. Members of the group have access privilegesexceeding those of other users.

Hhardware The equipment, as opposed to the

programming, of a system.

header A record at the beginning of the filespecifying internal details about the file.

heterogeneous Descriptor applied to networkscomposed of products from multiple vendors.

hierarchy A system of objects in which each objectbelongs to a group. Groups belong to other groups.Only the “head” does not belong to another group.In AIX this object is called the “Root Directory”.

highlight To emphasize an area on the displayscreen by any of several methods, such asbrightening the area or reversing the color ofcharacters within the area.

history A list of recently executed commands.

home (directory). 1. A directory associated with anindividual user.

home (directory). 2. Your current directory on loginor after issuing the cd command with no argument.

homogeneous Descriptor applied to networkscomposed of products from a single vendor.

hypertext Term for on-line interactivedocumentation of computer software; to beincluded with AIX.

IIEEE Institute of Electrical and Electronics

Engineers. A professional society active instandards work, the IEEE is the official body forwork on the POSIX (Portable Operating System forComputer Environments) open system interfacedefinition.

index See file index.

indirect block A file element which points at datasectors or other indirect blocks.

init The initialization process of AIX. The ancestor ofall processes.

initial program load The process of loading thesystem programs and preparing the system to run

jobs.

i-node A collection of logical information about a fileincluding owner, mode, type and location.

i number The internal index or identification of ani-node.

input field An area into which you can type data.

input redirection The accessing of input data fromother than standard input (the keyboard or a pipe).

interoperability The ability of different kinds ofcomputers to work well together.

interpreter A program which “interprets” programstatements directly from a text (or equivalent) file.Distinguished from a compiler which createscomputer instructions for later direct execution.

interrupt A signal that the operating system mustreevaluate its selection of which process should berunning. Usually to service I/O devices but also tosignal from one process to another.

IP Internet Protocol.

ipl See initial program load.ISO International Standards Organization. A United

Nations agency that provides for creation andadministration of worldwide standards.

Jjob A collection of activities.

job number An identifying number for a collection ofprocesses devolving from a terminal command.

Kkernel The part of an operating system that contains

programs that control how the computer does itswork, such as input/output, management andcontrol of hardware, and the scheduling of usertasks.

keyboard An input device consisting of various keysallowing the user to input data, control cursor andpointer locations, and to control the user/workstation dialogue.

kill To prematurely terminate a process.

kill character The character which erases an entireline (usually @).

LLAN Local Area Network. A facility, usually a

combination of wiring, transducers, adapterboards, and software protocols, whichinterconnects workstations and other computerslocated within a department, building, orneighborhood. Token-Ring and Ethernet are localarea network products.

libc A basic set of C callable routines.

library In UNIX operating systems, a collection ofexisting subroutines that allows programmers to

7/23/2019 AN121STUD


Student Notebook




make use of work already done by otherprogrammers. UNIX operating systems ofteninclude separate libraries for communications,window management, string handling, math, andso forth.

line editor An editor which processes one line at atime by the issuing of a command. Usuallyassociated with sequential only terminals such as ateletype.

link An entry in an AIX directory specifying a datafile or directory and its name. Note that files anddirectories are named solely by virtue of links. Aname is not an intrinsic property of a file. A file isuniquely identified only by a system generatedidentification number.

lint A program for removing “fuzz” from C code.Stricter than most compilers. Helps former Pascalprogrammers sleep at night.

Local Area Network (LAN) A facility, usually acombination of wiring, transducers, adapterboards, and software protocols, whichinterconnects workstations and other computerslocated within a department, building, or

neighborhood. Token-Ring and Ethernet are localarea network products.

login Identifying oneself to the system to gainaccess.

login directory See home directory.

login name The name by which a user is identifiedto the system.

logout Informing the system that you are throughusing it.

Mmail The process of sending or receiving an

electronically delivered message within an AIXsystem. The message or data so delivered.

make Programming tool included in most UNIXoperating systems that helps “make” a newprogram out of a collection of existing subroutinesand utilities, by controlling the order in which thoseprograms are linked, compiled, and executed.

map The process of reassigning the meaning of aterminal key. In general, the process of reassigningthe meaning of any key.

memory Storage on electronic memory such asrandom access memory, read only memory, orregisters. See storage.

message Information displayed about an error orsystem condition that may or may not require auser response.

motd “Message of the day”. The login “billboard”message.

MotifT The graphical user interface for OSF,incorporating the X Window System. Behavior ofthis interface is compatible with the IBM/MicrosoftPresentation Manager user interface for OS/2. Alsocalled OSF/Motif.

mount A logical (that is, not physical) attachment ofone file directory to another. “remote mounting”allows files and directories that reside on physicallyseparate computer systems to be attached to alocal system.

mouse A device that allows you to select objectsand scroll the display screen by means of buttons.

move Relinking a file or directory to a different oradditional directory. The data (if any) is not moved,

only the links.multiprogramming Allocation of computer

resources among many programs. Used to allowmany users to operate simultaneously and to keepthe system busy during delays occasioned by I/Omechanical operations.

multitasking Capability of performing two or morecomputing tasks, such as interactive editing andcomplex numeric calculations, at the same time.AIX and OS/2 are multi-tasking operating systems;DOS, in contrast, is a single-tasking system.

multiuser A computer system which allows manypeople to run programs “simultaneously” using

multiprogramming techniques.

Nnamed pipe See FIFO.

Network File System (NFST) A program developedby SUN Microsystems, Inc. for sharing files amongsystems connected via TCP/IP. IBM's AIX, VM, andMVS operating systems support NFS.

NFST See Network File System.

NIST National Institute of Science and Technology(formerly the National Bureau of Standards).

node An element within a communication network.

• Computer• Terminal• Control Unit

null A term denoting emptiness or nonexistence.

null device A device used to obtain empty files ordispose of unwanted data.

null string A character string containing zerocharacters.

Oobject-oriented programming Method of

programming in which sections of program codeand data are represented, used, and edited in theform of “objects”, such as graphical elements,window components, and so forth, rather than asstrict computer code. Through object-orientedprogramming techniques, toolkits can be designedthat make programming much easier. Examples ofobject-oriented programming languages includePareplace Systems, Inc.'s Smalltalk-80T, AT&T'sC++T, and Stepstone Inc.'s Objective-CR.

oem original equipment manufacturer. In the contextof AIX, OEM systems refer to the processors of a

7/23/2019 AN121STUD


Student Notebook




heterogeneous computer network that are notmade or provided by IBM.

Open Software FoundationT (OSF) A non-profitconsortium of private companies, universities, andresearch institutions formed to conduct opentechnological evaluations of available componentsof UNIX operating systems, for the purpose ofassembling selected elements into a completeversion of the UNIX operating system available to

those who wish to license it. IBM is a foundingsponsor and member of OSF.

operating system The programs and proceduresdesigned to cause a computer to function, enablingthe user to interact with the system.

option A command argument used to specify thedetails of an operation. In AIX an option is normallypreceded by a hyphen.

ordinary file Files containing text, programs, orother data, but not directories.

OSFT See Open Software Foundation.

output redirection Passing a programs standardoutput to a file.

owner The person who created the file or hissubsequent designee.

Ppacket switching The transmission of data in small,

discrete switching “packets” rather than in streams,for the purpose of making more efficient use of thephysical data channels. Employed in some UNIXsystem communications.

page To move forward or backward on screen full ofdata through a file usually referring to an editorfunction.

parallel processing A computing strategy in whicha single large task is separated into parts, each ofwhich then runs in parallel on separate processors.

parent The process emerging from a Fork with anon#zero return code (the process ID of the childprocess). A directory which points at a specifieddirectory.

password A secret character string used to verifyuser identification during login.

PATH A variable which specifies which directoriesare to be searched for programs and shell files.

path name A complete file name specifying alldirectories leading to that file.

pattern-matching character Special characterssuch as * or ? that can be used in a filespecification to match one or more characters. Forexample, placing a ? in a file specification meansthat any character can be in that position.

permission The composite of all modes associatedwith a file.

pipes UNIX operating system routines that connectthe standard output of one process with thestandard input of another process. Pipes arecentral to the function of UNIX operating systems,which generally consist of numerous small

programs linked together into larger routines bypipes. The “piping” of the list directory command tothe word count command is ls | wc. The passing ofdata by a pipe does not (necessarily) involve a file.When the first program generates enough data forthe second program to process, it is suspendedand the second program runs. When the secondprogram runs out of data it is suspended and thefirst one runs.

pipe fitting Connecting two programs with a pipe.pipeline A sequence of programs or commands

connected with pipes.

portability Desirable feature of computer systemsand applications, referring to users' freedom to runapplication programs on computers from manyvendors without rewriting the program's code. Alsoknown as “applications portability”,“machine-independence”, and“hardware-independence”; often cited as a causeof the recent surge in popularity of UNIX operatingsystems.

port A physical I/O interface into a computer.

POSIX “Portable Operating Systems for ComputerEnvironments”. A set of open standards for anoperating system environment being developedunder the aegis of the IEEE.

preprocessor The macro generator preceding theC compiler.

process A unit of activity known to the AIX system,usually a program.

process 0 (zero) The scheduler. Started by the“boot” and permanent. See init.

process id A unique number (at any given time)identifying a process to the system.

process status The process's current activity.

• Non existent• Sleeping• Waiting• Running• Intermediate• Terminated• Stopped.

profile A file in the users home directory which isexecuted at login to customize the environment.The name is .profile.

prompt A displayed request for information oroperator action.

protection The opposite of permission, denyingaccess to a file.

Qquotation Temporarily cancelling the meaning of a

metacharacter to be used as a ordinary textcharacter. A backslash (\) “quotes” the nextcharacter only.

7/23/2019 AN121STUD


Student Notebook




Rraw I/O I/O conducted at a “physical” level.

read permission Allows reading (not execution orwriting) of a file.

recursive A recursive program calls itself or iscalled by a subroutine which it calls.

redirection The use of other than standard input(keyboard or pipe output) or standard output(terminal display or pipe). Usually a file.

regular expression An expression which specifiesa set of character strings using metacharacters.

relative path name The name of a directory or fileexpressed as a sequence of directories followed bya file name, beginning from the current directory.

RISC Reduced Instruction Set Computer. A class ofcomputer architectures, pioneered by IBM's JohnCocke, that improves price#performance byminimizing the number and complexity of theoperations required in the instruction set of acomputer. In this class of architecture, advancedcompiler technology is used to provide operations,

such as multiplication, that are infrequently used inpractice.

root directory The directory that contains all otherdirectories in the file system.

Sscalability Desirable feature of computer systems

and applications. Refers to the capability to use thesame environment on many classes of computers,from personal computers to supercomputers, toaccommodate growth or divergent environments,without rewriting code or losing functionality.

SCCS Source Code Control System. A set of

programs for maintaining multiple versions of a fileusing only edit commands to specify alternateversions.

scope The field of an operation or definition. Globalscope means all objects in a set. Local scopemeans a restriction to a subset of the objects.

screen See display screen.

scroll To move information vertically or horizontallyto bring into view information that is outside thedisplay screen or pane boundaries.

search and replace The act of finding a match to agiven character string and replacing eachoccurrence with some other string.

search string The pattern used for matching in asearch operation.

sed Non-interactive stream editor used to do “batch”editing. Often used as a tool within shell scripts.

server A provider of a service in a computernetwork; for example, a mainframe computer withlarge storage capacity may play the role ofdatabase server for interactive terminals. Seeclient.

setuid A permission which allows the access rightsof a program owner to control the access to a file.

The program can act as a filter for user datarequests.

shell The outermost (user interface) layer of UNIXoperating systems. Shell commands start andcontrol other processes, such as editors andcompilers; shells can be textual or visual. A seriesof system commands can be collected togetherinto a “shell script” that executes like a batch(.BAT) file in DOS.

shell program A program consisting of a sequenceof shell commands stored in an ordinary text filewhich has execution permission. It is invoked bysimply naming the file as a shell command.

shell script See shell program.

single user (mode) A temporary mode used during“booting” of the AIX system.

signal A software generated interrupt to anotherprocess. See kill.

sockets Destination points for communication inmany versions of the UNIX operating system,much as electrical sockets are destination pointsfor electrical plugs. Sockets, associated primarily

with 4.3 BSD, can be customized to facilitatecommunication between separate processes orbetween UNIX operating systems.

software Programs.

special character See metacharacter.

special file A technique used to access I/O devicesin which “pseudo files” are used as the interface forcommands and data.

standard error The standard device at which errorsare reported, normally the terminal. Errormessages may be directed to a file.

standard input The source of data for a filter, whichis by default obtained from the terminal, but which

may be obtained from a file or the standard outputof another filter through a pipe.

standard output The output of a filter whichnormally is by default directed to the terminal, butwhich may be sent to a file or the standard input ofanother filter through a pipe.

stdio A “Standard I/O” package of C routines.

sticky bit A flag which keeps commonly usedprograms “stick” to the swapping disk forperformance.

stopped job A job that has been halted temporarilyby the user and which can be resumed at hiscommand.

storage In contrast to memory, the saving ofinformation on physical devices such as fixed diskor tape. See memory.

store To place information in memory or onto adiskette, fixed disk, or tape so that it is available forretrieval and updating.

streams Similar to sockets, streams are destinationpoints for communications in UNIX operatingsystems. Associated primarily with UNIX System V,streams are considered by some to be more

7/23/2019 AN121STUD


Student Notebook




elegant than sockets, particularly for interprocesscommunication.

string A linear collection of characters treated as aunit.

subdirectory A directory which is subordinate toanother directory.

subtree That portion of an AIX file systemaccessible from a given directory below the root.

suffix A character string attached to a file name thathelps identify its file type.

superblock Primary information repository of a filesystem (location of i-nodes, free list, and so forth).

superuser The system administration; a user withunique privileges such as upgrading executionpriority and write access to all files and directories.

superuser authority The unrestricted ability toaccess and modify any part of the OperatingSystem. This authority is associated with the userwho manages the system.

SVID System V Interface Definition. An AT&Tdocument defining the standard interfaces to be

used by UNIX System V application programmersand users.

swap space (disk) That space on an I/O deviceused to store processes which have beenswapping out to make room for other processes.

swapping The process of moving processesbetween main storage and the “swapping device”,usually a disk.

symbolic debugger Program for debugging otherprograms at the source code level. Commonsymbolic debuggers include sdb, dbx, and xdbx.

sync A command which copies all modified blocksfrom RAM to the disk.

system The computer and its associated devicesand programs.

system unit The part of the system that containsthe processing unit, the disk drive and the disk, andthe diskette drive.

System V AT&T's recent releases of its UNIXoperating system are numbered as releases of“UNIX System V”.

TTCP Transmission Control Protocol. A facility for the

creation of reliable bytestreams (byte-by-byte,end#to#end transmission) on top of unreliabledatagrams. The transmission layer of TCP/IP isused to interconnect applications, such as FTP, sothat issues of re-transmission and blocking can besubordinated in a standard way. See TCP/IP.

TCP/IP Transmission Control Protocol/InternetProtocol. Pair of communications protocolconsidered de facto standard in UNIX operatingsystem environments. IBM TCP/IP for VM and IBMTCP/IP for MVS are licensed programs thatprovide VM and MVS users with the capability ofparticipating in networks using the TCP/IP protocolsuite.

termcap A file containing the description of severalhundred terminals. For use in determiningcommunication protocol and available function.

termlib A set of C programs for using termcap.

tools Compact, well designed programs to performspecific tasks. More complex processes areperformed by sequences of tools, often in the formof pipelines which avoid the need for temporaryfiles.

two-digit display Two seven-segment light-emittingdiodes (LEDs) on the operating panel used to trackthe progress of power-on self-tests (POSTs).

UUNIX Operating System A multi-user, multi-tasking

interactive operating system created at AT&T BellLaboratories that has been widely used anddeveloped by universities, and that now isbecoming increasingly popular in a wide range ofcommercial applications. See Kernel, Shell,Library, Pipes, Filters.

user interface The component of the AIX FamilyDefinition that describes common user interfacefunctions for the AIX PS/2, AIX/RT, and AIX/370operating systems.

/usr/grpR One of the oldest, and still active, usergroups for the UNIX operating systems. IBM is amember of /usr/grp.

uucp A set of AIX utilities allowing

• Autodial of remote systems• Transfer of files• Execution of commands on the remote system• Reasonable security.

Vvi Visual editor. A character editor with a very

powerful collection of editing commands optimizedfor ASCII terminals; associated with BSD versionsof the UNIX operating system.

visual editor An optional editor provided with AIX inwhich changes are made by modifying an image ofthe file on the screen, rather than through theexclusive use of commands.

Wwild card A metacharacter used to specify a set of

replacement characters and thus a set of file

names. For example "*" is any zero or morecharacters and "?" is any one character.

window A rectangular area of the screen in whichthe dialog between you and a given application isdisplayed.

working directory The directory from which filesearches are begun if a complete pathname is notspecified. Controlled by the cd (change directory)command.

workstation A device that includes a keyboard fromwhich an operator can send information to the

7/23/2019 AN121STUD


Student Notebook




system, and a display screen on which an operatorcan see the information sent to or received fromthe computer.

write Sending data to an I/O device.

write permission Permission to modify a file ordirectory.

XX/OpenT An international consortium, including

many suppliers of computer systems, concernedwith the selection and adoption of open systemstandards for computing applications. IBM is acorporate sponsor of X/Open. See CommonApplication Environment.

X Windows IBM's implementation of the X WindowSystem developed at the Massachusetts Instituteof Technology with the support of IBM and DECT,that gives users “windows” into applications andprocesses not located only or specifically on theirown console or computer system. X-Windows is apowerful vehicle for distributing applications amongusers on heterogeneous networks.

Yyacc “Yet Another Compiler# Compiler”. For

producing new command interfaces.

Zzeroeth argument The command name; the

argument before the first.

7/23/2019 AN121STUD


Student Notebook

an121stud

Documents