Documente Academic
Documente Profesional
Documente Cultură
cover
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide:
Active Memory™ AIX 5L™ AIX 6™
AIX® DB2® Electronic Service Agent™
Everyplace® HACMP™ Informix®
Language Environment® Micro-Partitioning® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
Power® PowerHA® PowerVM®
POWER6® POWER7® POWER8™
PureFlex® Redbooks® System Storage®
Tivoli® WebSphere®
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United
States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or both.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . . . . . . . . 1-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Live Partition Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
POWER7 and POWER8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Typical Power system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Virtual I/O Server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
How can you perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26
prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14
lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-18
lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20
/dev directory, device configuration, and control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-21
rendev command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25
viii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
xii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
TMK
Trademarks
The reader should recognize that the following terms, which appear in the content of this training
document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide:
Active Memory™ AIX 5L™ AIX 6™
AIX® DB2® Electronic Service Agent™
Everyplace® HACMP™ Informix®
Language Environment® Micro-Partitioning® Notes®
Power Architecture® POWER Hypervisor™ Power Systems™
Power® PowerHA® PowerVM®
POWER6® POWER7® POWER8™
PureFlex® Redbooks® System Storage®
Tivoli® WebSphere®
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United
States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or both.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.
xiv AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
pref
Course description
Power Systems for AIX II: AIX Implementation and Administration
Duration: 5 days
Purpose
Students will learn to install, customize, and administer the AIX operating
system in a multiuser Power Systems partitioned environment. The course is
based on AIX 7.1 running on a Power Systems server managed by Hardware
Management Console and provides practical discussions that are
appropriate to earlier AIX releases.
Audience
This intermediate course is intended for system administrators or anyone
implementing and managing an AIX operating system in a multiuser Power
Systems partitioned environment.
Prerequisites
The students attending this course should already be able to:
• Log in to an AIX system and set a user password
• Execute basic AIX commands
• Manage files and directories
• Use the vi editor
• Use redirection, pipes, and tees
• Use the utilities find and grep
• Use the command and variable substitution
• Set and change Korn shell variables
• Write simple shell scripts
• Use a graphic Common Desktop Environment (CDE) interface
These skills can be acquired by attending AIX Basics (AN10) or through
equivalent AIX or UNIX knowledge. Also, it would be helpful (but not
mandatory) if students were familiar with partitioning concepts and
technology taught in Power Systems for AIX I: LPAR Configuration and
Planning (AN11).
Objectives
On completion of this course, students should be able to:
• Install the AIX operating system, filesets, and RedHat Package Manager
(RPM) packages
• Perform system startup and shutdown
• Discuss and use system management tools such as System
Management Interface Tool (SMIT) and IBM Systems Director console
for AIX
• Manage physical and logical devices
• Discuss the purpose of the logical volume manager
• Perform logical volume and file system management
• Create and manage user and group accounts
• Perform and restore system backups
• Utilize administrative subsystems, including cron to schedule system
tasks, and security to implement customized access of files and
directories
• Configure TCP/IP networking
• Define and run basic Workload Partitions (WPAR)
Contents
• Introduction to IBM Power Systems, AIX, and system administration
• AIX system management tools
• System startup and shutdown
• AIX installation
• AIX software installation and maintenance
• System configuration and devices
• System storage overview
• Working with the Logical Volume Manager
• File system administration
• Paging space
• Backup and restore
• Security and user administration
• Scheduling and time
• TCP/IP networking
• Introduction to Workload Partitions
Curriculum relationship
This course should follow the AIX Basics course. A basic understanding of
hardware, the AIX environment, and simple commands is recommended
before taking this course.
xvi AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
pref
Agenda
Day 1
Welcome
Unit 1: Introduction to IBM Power Systems, AIX, and system
administration
Exercise 1: Introduction to IBM Power Systems, AIX, and system
administration
Unit 2: AIX system management tools
Exercise 2: Using system management tools in AIX
Unit 3: System startup and shutdown
Exercise 3: System startup and shutdown
Unit 4: AIX installation
Exercise 4: AIX installation
Day 2
Unit 5: AIX software installation and maintenance
Exercise 5: AIX software installation and maintenance
Unit 6: System configuration and devices
Exercise 6: System configuration and devices
Unit 7: System storage overview
Exercise 7: System storage overview: LVM commands
Unit 8: Working with the Logical Volume Manager
Exercise 8: Working with LVM
Day 3
Unit 9: File systems administration
Exercise 9: File system administration
Unit 10: Paging space
Exercise 10: Page space
Unit 11: Backup and restore
Exercise 11: Backup and restore
Day 4
Unit 12: Security and user administration: Part one
Exercise 12: Security and user administration: Part one
Unit 13: Security and user administration: Part two
Exercise 13: Security and user administration: Part two
Unit 14: Scheduling and time
Exercise 14: Scheduling
Unit 15: TCP/IP networking
Day 5
Unit 15: TCP/IP networking (continued)
Exercise 15: TCP/IP networking
Unit 16: Introduction to Workload Partitions
Exercise 16: Workload Partitions
xviii AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 1. Introduction to IBM Power Systems, AIX,
and system administration
References
Online AIX 7.1 Information
POO03022USEN
AIX - From Strength to Strength
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
1-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
AIX overview
IBM Power Systems
LPAR:
AIX2
LPAR:
AIX3
Notes:
Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX System V with
4.3BSD-compatible command and programming interface extensions.
Announcement Letter Number 286-004 dated January 21, 1986:
• “The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix, which, in
turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories. Some portions of the
modifications and enhancements were developed by IBM; others were developed by
INTERACTIVE under contract to IBM.”
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Power Hypervisor
System Hardware (memory, processors, devices)
Notes:
Logical partition (LPAR)
Logical partitioning is the ability to make a single system run as if it were two or more systems.
Each partition represents a division of resources in the Power System. The partitions are logical
because the division of resources is logical and not along physical boundaries.
Hypervisor Partitions are isolated from each other by firmware (underlying software) called the
POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be used interchangeably
in this course.
Each partition has its own environment, for example – IP address or time of day, just as any AIX
instance.
1-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Before After
LPAR 1 LPAR 1
DLPAR operation: (running) (running)
- Add 2.0 CPU
- Remove 4 Gb Mem 2.0 CPU 4.0 CPU
- Move the DVD slot to LPAR 2 16 Gb Mem 12 Gb Mem
Notes:
Dynamic Logical partitioning (DLPAR)
The term Dynamic in DLPAR means we can add, move, or remove resources without having to
reactivate the partition. If there are partitions that need more or can do with fewer resources, you
can dynamically move the resources between partitions within the managed system without
shutting down the partitions. Both the source and the destination partitions must support the
dynamic partitioning operation.
Processors and memory
Each running LPAR has an active profile, which contains the resources that LPAR is entitled to. For
processor and memory settings, there is a maximum and a minimum range. These boundaries
cannot be exceeded when performing dynamic reallocation operations.
Applications
Some applications and utilities might not be DLPAR-aware. If they bind to a processor or pin
memory, then you might need to stop these processes before you are able to perform the DLPAR
operation. IBM provides an Application Programming Interface (API) for third-party program DLPAR
support on AIX 5L, AIX 6 and AIX 7.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Workload partitions
IBM Power Systems
AIX1
AIX2
AIX3
WPAR mgr
Notes:
Workload partitions (WPAR) are virtualized, secure operating system environments, within a single
instance of the AIX operating system. Live Application Mobility is a capability of WPAR technology,
which allows partitions to move between systems with limited application downtime (for example,
20 seconds).
1-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
No
Downtime
LPAR:
LPAR:
AIX1
AIX1
• Partition mobility provides systems management flexibility and is
designed to improve system availability.
– Can help avoid planned outages for hardware or firmware maintenance
– Can help avoid unplanned downtime
• If a server indicates a potential failure, you can move its partitions to another server
before the failure occurs.
– Enables optimized resource use by moving workloads from server to server
Notes:
Live Partition Mobility is a new capability that enables users to move partitions between systems
with no application downtime. Live Partition Mobility enables organizations to move LPARs from
CPU intensive servers to improve overall throughput based on requirements at a particular time.
This also allows us to use a maintenance window on a physical machine without the need for any
application downtime. The only interruption of service would be due to network latency. If sufficient
bandwidth was available, a delay of at most, a few seconds, typically is expected.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
E880
POWER8
Power
S814 760+
Power
S824 750+ Enterprise
S822
Midrange PureSystems
Scale-Out
S824L
p460+
S822L
p270+
S812L
POWER7+ p260+
Linux only Systems
PureFlex
Notes:
IBM often introduces new models and updates the current range of servers on a frequent basis.
Here is a summary of the model differences.
IBM PureFlex System with POWER7:
Flex System 260 - 16 cores, 512 GB, 2 drives.
Flex System 460 - double-wide, 32 cores, 1 TB, 2 drives.
In the following models, unless stated otherwise, there are 4, 6, or 8 cores per socket.
Models with I/O expansion abilities:
Power 750 - 6 or 8 cores per socket, 4 sockets, 1 TB, 8 drives
High Performance Computing:
Power 760 - similar to Power 750, 2 TB
Scale-Out
Power Systems S822 - Up to 20 cores, 2 sockets, 2U, 1 TB, 9 PCIe Gen 3, AIX, and Linux
1-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Power Systems S814 - Up to 8 cores, 1 socket, 4U, 512 GB, 7 PCIe Gen 3, AIX, IBM i, Linux
Power Systems S824- Up to 24 cores, 2-socket, 4U, 1 TB, 11 PCIe Gen 3, AIX, IBM i, Linux
Linux only systems:
Power Systems S812L - 1-socket, 2U, POWER8 processor
Power Systems S822L - 2-socket, 2U, POWER8 processor, up to 24 cores, 1 TB, 9 PCI Gen3
slot
Power Systems S824L - 2-socket, 4U, up to 24 cores
Large enterprise server:
Power E870 - 1 or 2 nodes per system, 32 or 40 core nodes (5U), up to 64 or 80 cores, up to 2
TB / node memory (4 TB Max), up to 8 I/O Expansion drawers
Power E880 - 1 to 4 nodes per system, 32 or 48 core nodes (5U), up to 128 or 192 cores, up to
4 TB / node memory (16 TB max), up to 16 I/O Expansion drawers
For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Private Service
Processors Managed
network system
Secondary HMC
‘Backup’ LPAR 1
LPAR 2
Primary HMC Public/open SAN
network LPAR 3
LPAR 4
Notes:
The diagram above shows a typical example of a Power server set-up configuration. The server is
split into a number of Logical Partitions (LPARs) running AIX. A Network Installation Manager (NIM)
server is highly preferable to install and update the AIX LPARs over the network. There can be a
maximum of 2 HMCs connected to each system and each system has two dedicated Ethernet ports
reserved for this. It is recommended that the HMC to Service Processor communication occurs
through a private network reserved for that purpose. The HMC also must have open network
connectively to the LPARs if such features as Connection Monitoring and Dynamic LPAR
operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware initialization
during system load, monitoring of environmental and error events, and maintenance support.
1-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
The HMC (1 of 2)
IBM Power Systems
Notes:
The HMC is an Intel based server, which runs a customized version of Linux (SuSE). Its main
purpose is to configure and control up to 48 managed systems.
The HMC also collects diagnostic and error information from the LPARs and Managed System and
logs them as Serviceable events. If configured, the HMC can send these reports to IBM through the
Electronic Service Agent (ESA).
Note
On entry level machines such as the Power 520 or the Power 720, if the system is to be used as a
non-partitioned system an HMC is not required. An HMC is mandatory for Power 570 and above
(for POWER6) or in Power 770 and above (for POWER7).
Power 550s and below (for POWER6) or Power 740s and below (for POWER7) can use Integrated
Virtualization Manager (IVM) to create and control the managed system. IVM is available through
the VIOS code.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The HMC (2 of 2)
IBM Power Systems
Managed
Systems
Notes:
The diagram above shows the main view of a managed system – sys034. Operations such as
create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by selecting the LPAR
itself. The view is highly customizable.
The navigation area offers the main features of the HMC, such as:
• Systems plans for producing or deploying system configuration plans done during design
• HMC Management for configuring the HMC, users, roles, network setting, and other HMC
characteristics
• Updates, for updating the HMC and Managed System firmware
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM, which was a much
different interface based on Java.
1-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Virtualizing LPARs
The main benefits of virtualized I/O are as follows:
• Partitions can be created without requiring additional physical I/O resources. The new partitions
can be configured to use virtualized I/O resources, which allows them to be configured in a
timely manner, since no physical reconfiguration of the system, that is, moving adapter cards
and cables, is required.
• Virtualized I/O allows an economical I/O model, since it allows multiple partitions to share
common resources. For example, multiple partitions can share a single physical adapter.
Without virtualized I/O, each partition would require its own adapter, even if the full capacity of
the adapter was not being utilized.
• The use of virtualized I/O facilitates server consolidation. It permits multiple client partitions to
reside on a single machine, and make efficient use of shared resources.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
1-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Note
There are many other virtualization features, which are covered in
more depth in the LPAR and virtualization curriculum and roadmap.
Notes:
Virtual Ethernet introduction
Virtual Ethernet adapters enable inter-partition communication without the need for physical
network adapters that are assigned to each partition. It can be used in both shared and dedicated
POWER5 or later processor partitions provided the partition is running AIX V5.3, AIX V6.1, AIX
V7.1, or Linux. This technology enables IP-based communication between logical partitions on the
same system using a VLAN Ethernet switch (POWER Hypervisor) in POWER5 and later
processor-based managed systems.
The number of partitions possible on many systems is greater than the number of I/O slots.
Therefore, virtual Ethernet is a convenient and cost saving option to enable partitions within a single
system to communicate with one another through a virtual Ethernet LAN. The virtual Ethernet
interfaces can be configured with both IPv4 and IPv6 protocols.
Virtual SCSI introduction
The Virtual I/O Server supports exporting disks as virtual devices. The Virtual I/O Server supports
the exporting of three types of virtual SCSI disks: virtual SCSI disk that is backed by a whole
physical volume, virtual SCSI disk that is backed by a logical volume, and virtual SCSI disk that is
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole physical disk, a
logical volume, or a file, all standard SCSI conventional rules apply to the device. The device will
behave as a standard SCSI-compliant device. The logical volumes and files appear as real devices,
hdisks, in the client partitions and can be used as a boot device. Once a virtual disk is assigned to a
client partition, the Virtual I/O Server must be available before the client partitions are able to
access it.
1-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• The VIOS partition is allocated physical I/O slots that are containing real
adapters.
– These are used for the virtual adapters (SCSI or Ethernet) to share among
the client partitions.
Notes:
Virtual I/O Server (VIOS) description
VIOS provides virtual storage and shared Ethernet capability to client logical partitions on the
system. It allows physical adapters with attached disks and optical devices on the VIOS to be
shared by one or more client partitions.
VIOS partitions are not intended to run applications or to have general user logins. VIOS is installed
in its own partition. Using VIOS facilitates the following functions:
• Sharing of physical resources between partitions on the system
• Creation of partitions without requiring additional physical I/O resources
• Creation of more partitions than I/O slots or physical devices, by allowing partitions to have
dedicated I/O, virtual I/O, or both
• Maximization of physical resource utilization on the system
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Virtualization example
IBM Power Systems
Notes:
VLAN
A Virtual Local Area Network (VLAN) enables an Ethernet switch to create subgroups within a
single physical network where the members of different subgroups are isolated from each other.
Virtual Ethernet
There are two main features of virtual Ethernet. One is the inter-partition virtual switch to provide
support for connecting up to 4096 LANs. LAN IDs are used to configure virtual Ethernet LANs and
all partitions by using a particular LAN ID can communicate with each other. The other feature is a
function that is called Shared Ethernet Adapter that bridges networks together without using TCP/IP
routing. This function enables the partition to appear to be connected directly to an external
network. The main benefit of using this feature is that each partition need not have its own physical
network adapter.
Virtual SCSI adapters
Virtual SCSI adapters provide the ability for client partitions to see SCSI disks, which are actually
SCSI, SAS, SAN disks, or logical volumes inside the VIOS.
1-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Overview
There are a number of distinct tasks which the system administrator on a UNIX or AIX system must
perform. Often there is more than one system administrator in a large organization and the tasks
can be divided between the different administrators.
1-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Limiting access to administrative tasks
AIX security permissions restrict the performance of administrative tasks to the root user, and
sometimes to other users in special groups. For example, system for general tasks, security for
user administration, printq for AIX Print Subsystem printer management, and lp for System V Print
Subsystem printer management. This means that the root user's password must be kept secure
and only divulged to the few users who are responsible for the system. AIX6 has a new feature
called role-based access control (RBAC). This allows OS management tasks to be assigned to
roles and then assigned to users. RBAC is a large security topic and hence will be covered in detail
in the AIX Security course (AN57).
A certain amount of discipline is also required when using the root ID because typing errors made
as root can do catastrophic system damage. For normal use of the system, a non-administrative
user ID should be used. The superuser (root) privilege should only be used when that authority is
necessary to complete a system administration task.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
1-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Command line
– UNIX system administration tasks that are often done from the
command line, by running scripts, or both
• Writing and running scripts
– Typically using Korn shell scripts (ksh is the default shell on AIX)
– Perl for more advanced users
• SMIT (smit or smitty)
– Text-based tool (graphical version also available)
• IBM Systems Director Console for AIX (pconsole)
– New web-based GUI in AIX6 and later
• IBM Systems Director
– A cross platform product for managing Power Systems and AIX
across a large enterprise environment
Notes:
There are many ways to perform administration tasks within AIX. In reality, a combination of tools or
techniques are deployed.
While there is a graphic mode for SMIT, most SMIT users prefer using SMIT in text mode using an
interactive command prompt connection, such as ssh.
IBM Systems Director is more flexible than the others in the list. It supports multiple operating
systems and virtualization technologies across IBM and non-IBM platforms. It is not to be confused
with Systems Director Console for AIX, which is based on IBM Systems Director but runs from
within AIX to manage the OS as a single instance.
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
1. What is the name of the device, which creates and controls LPARs?
4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.
Notes:
1-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
Introduction to
IBM Power Systems and
AIX
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
1-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 2. AIX system management tools
References
Online AIX Version 7.1 Systems Director Console for AIX
AIX Version 7.1 Operating System and Device
Management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
2-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
How do I create
# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes
an encrypted
Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m
file system?
Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}]
[-p {ro|rw}] [-l Logpartitions] [-n nodename] [-a
Attribute=Value]
Notes:
UNIX challenges
Unfortunately, the same thing that's special about UNIX is also the source of most of what's wrong.
UNIX is an operating system that is burdened with 30+ years worth of useful add-ons and different
flavors. As a consequence, the OS has an awful lot of inconsistencies and overlapping functions. At
times, this can be confusing and challenging even for experienced users.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Minimize time and resources spent managing systems
Organizations seek to minimize the time and resources spent managing systems, that is, to
manage computer systems efficiently. AIX helps with tools such as SMIT, and IBM Systems Director
Console for AIX.
Maximize reliability, performance, and productivity
Organizations also want to maximize system reliability and performance in order to maximize the
productivity of the users of computer systems. AIX helps with features, such as the logical volume
manager, that helps avoid the need for the system to be brought down for maintenance.
Provide remote system management solutions
Today's information technology environment also creates a need for remote system management
solutions. AIX supports web-based technology with the IBM Systems Director Console for AIX. As a
result, multiple systems can be managed from one single point over the network. This can also be
done with command-based programs such as telnet, ssh, and smit.
2-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
AIX administration
IBM Power Systems
System IBM
Management Systems Director
Interface Tool Console for AIX
(smit) (pconsole)
High-level commands
Low-level Intermediate-level
commands commands
System
System Kernel Resource Object Data ASCII
calls services Controller Manager files
Notes:
IBM provides users on AIX with a great deal of flexibility and choice when it comes to administering
an AIX system. SMIT is a simple, but highly effective ASCII-based management tool that has been
in AIX since version 3. IBM Systems Director console is a new attractive web-based offering in
AIX6.1 and higher.
Types of commands
Commands are classified high-, medium-, or low-level:
• High-level commands: These are standard AIX commands, either shell/perl scripts, or C
programs, which can also be executed by a user. They execute multiple low-level or
intermediate-level commands to perform the system administrative functions.
• Intermediate-level commands: These commands interface with special AIX components such
as the System Resource Controller and the Object Data Manager. These commands are rarely
executed directly by a user.
• Low-level commands: These are AIX commands that correspond to AIX system calls or kernel
services. They are not normally executed directly by a user.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SMIT
IBM Power Systems
Notes:
Overview of SMIT
The System Management Interface Tool (SMIT) provides a menu-driven interface that provides
access to most of the common system management functions, within one consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system administration.
It is a user interface that constructs high-level commands from the user's selections, and then
executes these commands on-demand. Those commands could be entered directly by the user to
perform the same tasks, or put into scripts to run over, and over again.
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to complete
a particular system administration task. However, SMIT does make the most frequent or
complex/tedious tasks much easier with a greater degree of reliability.
2-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit
System Management
Notes:
Main menu selections
The SMIT main menu enables you to select the administrative functions to be performed. You can
also select online help on how to use SMIT.
Use of keys
In the ASCII mode, in order to select from the menus, you must use the up and down arrow keys.
This moves a highlighted bar over the menu items. Press Enter to select the highlighted item. You
can also use some of the keyboard function keys to perform other functions, such as exiting SMIT
or starting a shell.
Importance of TERM environment variable
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up distorted.
That is the result of not having an appropriate TERM variable value. Setting and exporting this
variable can solve the problem. For example, executing the command export TERM=vt320 might
solve the problem.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
General syntax:
smit [-options] [ FastPath ]
Invoke ASCII version:
# smitty
or
# smit –C
Log, but do not actually run commands:
# smit -x
Redirect the log file and script file:
# smit -s /u/team1/smit.script –l /u/team1/smit.log
# smit -s /dev/pts/1 -l /dev/pts/2
2-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Dialog screen
IBM Power Systems
# smit date
Change / Show Day and Time
[Entry Fields]
YEAR (00-99) [14] #
MONTH (01-12) [10] #
DAY (1-31) [08] #
HOUR (00-23) [11] #
MINUTES (00-59) [23] #
SECONDS (00-59) [06] #
Notes:
Dialog screens and selector screens
A dialog screen allows you to enter values that are used in the operation performed. Some fields
are already completed from information held in the system. Usually, you can change this data from
the default values.
A selector screen is a dialog screen on which there is only one value to change. The value usually
indicates the object that is acted upon by the subsequent dialog and AIX command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter a value
or select one from a list. Fields that you can type in have square brackets [ ]. Fields that have data
that is larger than the field width, have angle brackets < > to indicate that there is data further to the
left, right, or both sides of the display area.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
• Asterisk (*): This is a required field.
• Number sign (#): A numeric value is required for this field.
• Forward slash (/): A path name is required for this field.
• X: A hexadecimal value is required for this field.
• Question mark (?): The value entered is not displayed.
• Plus sign (+): A pop-up list is available.
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value must be
entered here before you can commit the dialog and execute the command. In the ASCII version, a
plus sign (+) is used to indicate that a pop-up list is available. To access a pop-up list, use the F4
key. If a fixed number of options are available, use the Tab key to cycle through the options.
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to display a
pop-up window.
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are only valid in
particular screens. The keys that are only valid for the ASCII interface are marked (A). The keys
that are only valid for the Motif interface are marked (M).
• F1 (or ESC-1) Help: Show contextual help information.
• F2 (or ESC-2) Refresh: Redraw the display. (A)
• F3 (or ESC-3) Cancel: Return to the previous screen. (A)
• F4 (or ESC-4) List: Display a pop-up list of possible values. (A)
• F5 (or ESC-5) Reset: Restore the original value of an entry field.
• F6 (or ESC-6) Command: Show the AIX command that is executed.
• F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up list.
• F8 (or ESC-8) Image: Save the current screen to a file (A) and show the current fast path.
• F9 (or ESC-9) Shell: Start a subshell. (A)
• F9 Reset: all fields. (M)
• F10 (or ESC-0): Exit: Exit SMIT immediately. (A)
• F10: Go to the command bar. (M)
• F12 Exit: Exit SMIT immediately. (M)
• Ctrl-l List: Give a pop-up list of possible values. (M)
• PgDn (or Ctrl-v): Scroll down one page.
• PgUp (or ESC-v): Scroll up one page.
• Home (or ESC-<): Go to the top of the scrolling region.
• End (or ESC->): Go to the bottom of the scrolling region.
• Enter: Do the current command or select from a single-selection pop-up list.
• /text: Finds the text in the output.
• n: Finds the next occurrence of the text.
2-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Output screen
IBM Power Systems
Command
completed No
successfully COMMAND STATUS standard
error
Command: OK stdout: yes stderr: no
Notes:
Fields on first line of output
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether there is
output produced as a result of running the command. The output is displayed in the body section of
this screen.
The value of the stderr field indicates whether there are error messages. In this case, there are no
error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand corner of
the screen is used to indicate the values of the Command field.
Body of the screen
The body of the screen holds the output or error messages from the command. In this example,
there is output, but there are no error messages.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
smit.log
smit
command smit.script
execution
smit.transaction
• $HOME/smit.log
– Records a log of all menu and dialog screens visited, all commands that are
executed, and their output
– Records any errors during the SMIT session
• $HOME/smit.script
– Shell script containing all AIX commands that are executed by SMIT
• $HOME/smit.transaction
– SMIT transactions log
– Records date, description, and command script output of the commands that
were executed
SMIT output is redirected to
file: /tmp/new-script.
# smitty –xs /tmp/new-script No commands will be run.
Notes:
Overview
SMIT creates three files in the $HOME directory of the user who is running SMIT. If these files already
exist, then SMIT appends to them. These files can grow quite large over time, especially during
installations. The user must maintain and truncate these files, when appropriate.
The smit.log file
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog visited, the
AIX commands executed, and the output from these commands. When the image key is pressed,
the screen image is placed in the smit.log file. If there are error or warning messages, or
diagnostic or debugging messages from SMIT, then these are also appended to the smit.log file.
The smit.script file
The smit.script file contains the AIX commands executed by SMIT, preceded by the date and
time of execution. This file can be used directly as a shell script to perform tasks multiple times, or it
can be used as the basis for more complex operations.
2-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# lssrc -s pconsole
Subsystem Group PID Status
pconsole system 737388 active
Figure 2-10. IBM Systems Director Console for AIX (pconsole) AN124.0
Notes:
IBM Systems Director Console for AIX
The IBM Systems Director Console for AIX, also known as the Console, is a management interface
that allows administrators to manage AIX remotely through a browser. It provides web access to
common systems management tasks. The Console was introduced as part of AIX 6.1. The only
additional component required is a web browser.
The Console is named after the IBM Systems Director because it is built on the same graphical
user interface as the IBM Systems Director. Although the Console is named after the IBM Systems
Director, it is not a prerequisite. All components necessary to run the Console are included in AIX
6.1 and later.
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
web-based System Manager, and Distributed Command Execution Manager (DCEM). DCEM is a
new facility to securely execute SMIT operations or other commands on multiple machines at one
time. This can improve administrator efficiency by reducing the need to log in to multiple systems to
run the same systems management task.
2-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Console interface
IBM Power Systems
Notes:
Logging in to the console
IBM Systems Director Console for AIX relies on your AIX user account for user-logon security. If the
user ID that you provide is already logged in to the console, the console prompts you to choose
between logging out from the other session or returning to the login page. If you choose to log out
from the other session, the console will not recover any unsaved changes that were made by that
user.
Use the Logout link in the console toolbar when you are finished using the console to prevent
unauthorized access. If there is no activity during the login session for an extended period of time,
the session expires and you must log in again to access the console. The default session timeout
period is 30 minutes.
If you encountered the login problem, check the following items:
• No user account on the target server?
• Have the administrator create an account.
• Password expired or not set (new user account)?
2-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • Log in through local terminal or telnet, and set the password.
• Already logged in to console?
• Look for a warning message, which gives you the option to terminate the previous session.
You can log in to the console as root, which gives you the authority to perform all tasks, or you can
delegate certain tasks to non-root users. If the only user that you want to authorize as a console
user is root, no further setup is required.
The root id has console administrator authorization, which authorizes them to launch any console
task. By default, console tasks are visible only to root. If you want to authorize non-root users to
perform console tasks, additional setup is required. You must authorize each user to access one or
more tasks that appear in the console navigation area and you must assign each user the AIX
authorizations (RBAC) for the actions performed by these tasks.
Changing port values
IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If you need to
change the port numbers, modify the following properties in the
/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change these
ports:
• com.ibm.pvc.webcontainer.port=5335
• com.ibm.pvc.webcontainer.port.secure=5336
In addition, modify /pconsole/lwi/conf/webcontainer.properties. Change all occurrences of
5336 to the secure port you want to use.
Console security
By default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer (SSL)
certificate that enables HTTPS connections between the IBM Systems Director Console for AIX
and the web browser client.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Console applications
IBM Power Systems
Notes:
Within pconsole exists a number of applications:
• OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned new
layout.
• Portlets/Modules
Are facilities within pconsole which provide system information and health details
• Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
• Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX dsh utility. It allows commands and scripts
to be executed on multiple hosts.
For further information on dsh, see the AIX man page or IBM Knowledge Center:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.cmds2/dsh.htm?
lang=en
2-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Work area
Notes:
Toolbar
The toolbar and banner area displays a common image across IBM Systems Director Console for
AIX installations. The Console toolbar provides the following functions:
• Displays user name, for example, Welcome root
• Help
• Logout
Help is available for the entire console or for a specific module in the console. To access console
help, perform the following steps:
• Select Help on the console toolbar. The help is displayed in a separate browser window.
• In the help navigation tree, select the help set you want to view. For example, select Console
help to view topics that provide information for new console users. Use the console controls as
needed. To access help for a module on a page, on the title bar for the module, click the ? icon.
This icon is displayed only if help is available for the module. The help is displayed in a separate
browser window.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be nested in
multiple levels.
The navigation tree only displays tasks to which you have access. This is controlled by the Console
Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
• Welcome
• My Startup Pages
• OS Management (AIX settings)
• Health
• Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you launch a
task from the navigation tree, the contents of the task are displayed in a page in the work area. A
page contains one or more console modules that are used to perform operations. Each console
module has its own navigation controls. Some pages include a control to close the page and return
to the welcome page.
Startup pages
Regular pconsole users will want to set up startup pages at login, rather than seeing the welcome
page every time. To do this, simply select the page you are interested in from the box in the upper
right hand area of the screen. Select add to my start-up pages. The next time you log in, the page
will be displayed in a tab.
2-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
System health (1 of 3)
IBM Power Systems
Section-
specific
help
Refresh
immediately
Notes:
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after a
certain time interval to ensure that the information is always consistent and up-to-date. The
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
Metrics
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of the
monitored metrics for the managed server. The window provides common status information about
the memory and CPUs. The main page provides a description of the monitored metrics with
separate rows for summary information on each metric. These include the following:
• Select: Click to determine the metric displayed in the Metric Detail feature
• Metric: Displays the name of the metric being monitored
• Trend: Displays a graphic to indicate the recent changes to the metric
• Previous: Displays the prior value for the metric
• Latest: Displays the last monitored value for the metric
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System health (2 of 3)
IBM Power Systems
• Configuration information
Notes:
Summary Information
The summary feature provides the overall health status of the managed server. The window
provides common status information about the overall system, network, and paging space
configuration.
System Configuration
This expanded section displays information regarding the Power Systems hardware and AIX
settings including such information as the model and serial number, processor type, number and
speed, memory size and status, and system recovery settings, like the auto restart setting. All these
values are related to the overall health and status of the server. Some of these values can be
changed in the System Environment area of the console.
Network Configuration
This expanded section displays information regarding the network settings including such
information as IP address, host name, subnet mask, domain name, gateway, and name server. All
these values are related to the overall health and status of the network connections for the server.
Some of these values can be changed in the Communications area of the console.
2-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System health (3 of 3)
IBM Power Systems
Notes:
Top Processes
The process feature provides a list of the running processes in a table view. The window provides
common status information about each individual process. A table describes each process with
separate columns to view detailed information. The table is initially sorted by the parent ID. These
columns include the following:
• Process Name displays the command that initiated the process.
• Process ID displays the ID number for the process.
• Parent ID displays the process ID number for the parent process that started the process.
• CPU % displays the percent of the total CPU available used by the process in the cycle before
the last refresh.
• Time displays the total CPU time the process has been running before the last refresh.
• User displays the user ID under which the process is running.
2-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Classical SMIT
IBM Power Systems
Notes:
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The classical
SMIT interface features the same menu structures and dialog panels as the ASCII SMIT.
2-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
DCEM portlet (1 of 5)
IBM Power Systems
LPAR:
LPAR:
LPAR:
LPAR:
AIX1
AIX2
AIX3
AIX4
© Copyright IBM Corporation 2009, 2015
Notes:
DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is based on
the standard UNIX dsh (distributed shell) command.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DCEM portlet (2 of 5)
IBM Power Systems
Enter job
name and
description.
Defaults to
standard PATH
and user root.
Enter
commands to
run.
Notes:
The first task is to enter a job name and description; then work along the tabs, completing the
information as appropriate. Starting with the Command Specification tab, the following fields can
be used when creating a distributed command:
• Name: Specify a name for the distributed task if you would like to save it for future use.
• Path: Specify the path of the command.
• Default User: Specify the user name under which the command will run. The user currently
logged in is the default value.
• Command (required): The command definition.
2-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
DCEM portlet (3 of 5)
IBM Power Systems
Specify
target
machines.
Notes:
Moving to the Target Specification tab, create a set of targets on which the command will run, by
entering DSH hosts and groups.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DCEM portlet (4 of 5)
IBM Power Systems
Defaults to
rsh, ssh is
optional
Confirmation
that job is
running
Notes:
Moving to the Options tab, specify:
• Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you
want to make the remote execution secure. Either way, the pconsole server must be able to
execute commands on the remote hosts without entering a password. Otherwise, dsh
commands will fail.
• Verify targets are responding: Select this check box to verify that targets are responding
before running the command.
The following options can be used when running the command:
• Run: This option runs the command on the specified targets.
• Run and Save: This option runs the command on the specified targets and saves the current
command specification as a script.
• Save: This option saves the current command specification as a script. All information specified
in the command specification tab, targets tab, and options tab will be saved.
The Generate Script button will produce a perl command script in the /dcem/scripts directory on
the pconsole server. The submission report will only confirm that the job is running. To see whether
the job has completed successfully, click the View Status button.
2-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
DCEM portlet (5 of 5)
IBM Power Systems
Status:
Completed OK
or failure!
Report output.
Further host output
can be seen by
selecting the links
below.
Notes:
After selecting view status, as shown on the previous visual, the Job Status window will appear. In
the example shown above, the DCEM job was completed successfully. To obtain further
information, click the View Report button.
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Console logs
– Location: /var/log/pconsole/logs
• Formatted by using HTML
– Rotated using file names error-log-#.html and trace-log-
#.html
# ls /var/log/pconsole/logs
error-log-0.html error-log-4.html trace-log-2.html
error-log-0.html.lck error-log-5.html trace-log-3.html
error-log-1.html trace-log-0.html trace-log-4.html
error-log-2.html trace-log-0.html.lck trace-log-5.html
error-log-3.html trace-log-1.html
Notes:
The Systems Director Console log files are stored in XML format in the /var/log/pconsole/logs
directory.
Console Logging and Tracing
Error log file
The system appends log messages to a single log file. A new log file is created each time you start
Integrated Solutions Console. Logging messages are written to the file error-log-0.html of the
/logs subdirectory of the console installation. This file is always locked by the console to write log
messages.
Trace log file
The system appends traces messages to a single log file. A new trace file is created each time you
start Integrated Solutions Console. Trace messages are written to the file trace-log-0.html of the
/logs subdirectory of the console installation. This file is always locked by the console to write trace
messages.
2-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names to differentiate these pconsole logs from the standard AIX SMIT logs.
There is no equivalent smit.transaction log produced through pconsole.
An example DCEM log:
------------------------------------------------------------
Command name: Unspecified
Default user: root
Command definition:
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2014
Ended: Tue Oct 14 17:06:35 2014
Successful targets:
DSH nodes:
statler.lpar.co.uk
waldorf.lpar.co.uk
Failed targets:
none
Targets not run:
none
Status:
Command execution completed.
-----------------------------------------------------------
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
3. What information can one get from looking at the system configuration
details in IBM Systems Director Console?
Notes:
2-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
AIX system
management
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 2. AIX system management tools 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
2-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 3. System startup and shutdown
References
Online AIX Version 7.1 Operating System and Device
Management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
3-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
System startup
IBM Power Systems
SMS mode
Start AIX - OR -
partitions
Normal mode
Notes:
Level 1: Power Off state
The first power level is achieved by plugging in the power cord of the managed system into a live
power socket. The HMC reports that the managed system is in the Power Off state.
In the Power Off state, the service processor is initialized and the service processor software is
loaded and run. If your system has an Operator Panel, you see codes on the display panel and after
a few minutes, you also see a steady blinking green light. The HMC also displays the codes and
status information for the managed system. At this point, the service processor is an active host on
the network. You can use the system management (ASMI) application on the service processor.
However, the rest of the devices, such as disks, processors, and so forth, on the managed system
are still powered off.
Level 2: Standby state
To advance to the second power-on level, a power-on command must be issued to the managed
system. At this point, all devices are initialized and ready to use. However, no partitions are running
yet, so their devices are not yet in use. Do not attempt to remove hardware from the system at this
level. The HMC reports that the managed system is in the Standby state.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
3-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Introduction
The visual shows a managed system in the Power Off state. The HMC menu is shown where you
can choose to power on the system. This is the selected menu when the managed system is
selected. The next visual shows you the screen that appears after choosing Power On from the
menu.
HMC command for managed system power on
The chsysstate HMC command can also be used in an SSH session to change the state of the
managed system or partitions. Specific examples of power on commands are shown on the
following pages.
Scheduling the managed system power on
You can schedule an automatic managed system power on for a particular date and time, and it can
be scheduled to repeat. This application is found under HMC Management > HMC Configuration
> Schedule Operations.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
System Management Services
To boot into SMS, either press the 1 key shortly after partition activation, or set the partition to
specifically SMS boot. To do this, click the Advanced button on activation and set the boot mode to
SMS.
SMS is the Power System firmware menu. The code is shipped with the hardware. This resource
can be used to select the boot device, or change the order of the bootlist and boot the system into
Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user mode.
3-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Normal mode
– AIX boots into multi-user mode (run level 2).
– Users can log in, the system can be configured, and applications can
start.
– The bootlist command can change the start-up boot device list.
Notes:
Start-up modes:
• Normal: The logical partition starts up as normal. This is the mode that you use to perform most
everyday tasks. When the machine does a normal boot, it completes the full AIX boot sequence
and start processes, enables terminals and generates a login prompt, to make it available for
multi-user access. It also activates the disks, sets up access to the files and directories, starts
networking, and completes other machine specific configurations.
• Diagnostic with default boot list: The logical partition boots to service mode using the default
boot list that is stored in the system firmware. This mode is normally used to either boot to
diagnostics from a hard drive, or to boot off bootable media (a diagnostics CD or installation
media).
• Diagnostic with stored boot list: The logical partition performs a service mode boot using the
service mode boot list that is saved in NVRAM.
• Open Firmware OK prompt: The logical partition boots to the open firmware prompt. This
option is used by service personnel to obtain additional debug information.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Partition activation
LOGIN
© Copyright IBM Corporation 2009, 2015
Notes:
AIX start-up overview
After the partition is activated, a boot image is located from the boot device, which is specified from
SMS or the bootlist command, and is loaded into memory. During a normal boot, the location of
the boot image is usually a hard drive. Besides hard drives, the boot image could be loaded from
CD/DVD. This is the case when booting into maintenance mode for service. If working with the
Network Installation Manager (NIM), the boot image is loaded through the network.
The kernel restores a RAM file system into memory by using information that is provided in the boot
image. At this stage, the rootvg is not available, so the kernel needs to work with commands
provided in the RAM file system. You can think of the RAM file system as a small AIX operating
system. The kernel starts the init process that was provided in the RAM file system, not from the
root file system. This init process runs a boot script, which is named rc.boot. rc.boot controls the
boot process. The base devices are configured, rootvg is activated or varied on, and the real init
process starts from rootvg, which in turn process the /etc/inittab at run level 2.
3-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
To activate
into SMS
Notes:
Activating a partition
To activate a partition from the HMC Server Management application, select the partition name and
choose Activate from the menu. An Activate Logical Partition screen appears from which the user
can select the start-up profile.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
AIX Version 7
Copyright IBM Corporation, 1982, 2013
Console login:
Notes:
Activating a partition (continued)
Partitions can have one or many profiles that are assigned, one of which is the default. Profiles
contain the attributes of the partition such as process and memory requirements, and assigned
devices. At the time of starting the profile a virtual console session can be optionally started. The
Advanced button enables users to set the boot mode. A default boot mode is contained within the
profile.
3-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
alog program
/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog
Notes:
Overview
The alog command is a BOS feature that provides a general-purpose logging facility that can be
used by any application or user to manage a log. The alog command reads standard input, writes
the output to standard out, and copies it to a fixed size file at the same time.
The log file
The file is treated as a circular log. This means that when it is filled, new entries are written over the
oldest entries. Log files that are used by alog are specified on the command line or defined in the
alog configuration database that is maintained by the ODM. The system-supported log types are
boot, bosinst, nim, and console.
Use in boot process
Many system administrators start the boot process, and then go and get a cup of coffee.
Unfortunately, boot messages might appear on the screen, only to be scrolled and lost, never to be
seen by the user. In some instances, these messages might be important, particularly if the system
did not boot properly. Fortunately, alog is used by the rc.boot script and the configuration
manager during the boot process to log important events. To view the boot information, the
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
command alog –o -t boot can be used. If the machine does not boot, boot the machine into
maintenance mode and view the boot log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following command:
# smit alog
3-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
/etc/inittab
IBM Power Systems
Notes:
Introduction
The /etc/inittab file lists the processes that init starts, and it also specifies when to start
them. If this file gets corrupted, the system cannot boot properly. Because of this, it is a good idea to
keep a backup of this file. This file should never be edited directly. Use lsitab, chitab, and
mkitab commands. After editing the /etc/inittab file, force the system to reread the file by
using the telinit q command.
To list the inittab type: lsitab –a
To add an entry into the inittab type: mkitab [ -i Identifier ] { [ Identifier ] : [
RunLevel ] : [ Action ] : [ Command ] }
• Example: mkitab "tty002:2:respawn:/usr/sbin/getty /dev/tty2"
To chance an entry in the inittab type: chitab { [ Identifier ] : [ RunLevel ] : [ Action ]
: [ Command ] }
• Example: chitab "tty002:4:respawn:/usr/sbin/getty /dev/tty"
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Format of entries
The individual line entries in /etc/inittab contain the following fields:
• Id: Up to 14 characters that identify the process.
• Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of 0-9. If the
telinit command is used to change the run level, a SIGTERM signal is sent to all processes
that are not defined for the new run level. If, after 20 seconds, a process has not terminated, a
SIGKILL signal is sent. The default run level for the system is 2, which is AIX multiuser mode.
• Action: How to treat the process. Valid actions are:
- respawn: If the process does not exist, start it. If the process dies, then restart it.
- wait: Start the process and wait for it to finish before reading the next line.
- once: Start the process and immediately read the next line. Do not restart it if it stops.
- sysinit: Commands to be run before trying to access the console
- off: Do not run the command.
- A command can be listed to use that command to start the process.
Run levels
AIX uses a default run level of 2. This is the normal multi-user mode. You might want to perform
maintenance on your system without having other users logged in. The command shutdown -m
places your machine into a single user mode terminating all logins. Once the machine reaches the
single user mode, you are prompted to enter the root password. When you are ready to return to
normal mode, type telinit 2.
3-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Run levels
IBM Power Systems
Example
Notes:
Run levels define the behavior of init, and by extension, those processes that run on the system
when it is at any given level. A run level is a software configuration that allows only a selected group
of processes to exist. The system can be at one of the following run levels:
• 0-9
Tells the init command to place the system in one run level 0-9.
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes that are associated with the new run levels.
• 0-1
Reserved for the future use of the operating system.
• 2
Contains all of the terminal processes and daemons that are run in the multiuser environment.
In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set to run
at all run levels so the system can be operated with only the console active.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• 3-9
Can be defined according to the user's preferences.
• S,s,M,m
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the terminal.
• a,b,c,h
Tells the init command to process only those records in the /etc/inittab file with a, b, c,
or h in the run level field. These four arguments, a, b, c, and h, are not true run levels. They
differ from run levels in that the init command cannot request the entire system to enter run
levels a, b, c, or h. When the init command finds a record in the /etc/inittab file with a
value of a, b, c, or h in the run level field, it starts the process. However, it does not kill any
processes at the current run level. Processes with a value of a, b, c, or h in the run level field,
are started in addition to the processes already running at the current system run level. Another
difference between true run levels and a, b, c, or h, is that processes started with a, b, c, or h
are not stopped when the init command changes run levels. There are three ways to stop a,
b, c, or h processes:
- Type off in the Action field.
- Delete the objects entirely.
- Use the init command to enter maintenance state.
3-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Startup and stop scripts can be defined for each run level that
are automatically invoked at entry and exit.
/etc/rc.d # ls –R
./rc2.d:
Ksshd Kwpars Ssshd Scripts starting with
S are invoked at
./rc3.d:
boot time by
./rc4.d: /etc/rc.d/rc.
./rc5.d:
./rc6.d:
Scripts starting with K are invoked
./rc7.d:
synchronously by shutdown with
./rc8.d:
one argument: 'stop'. They are
also called on startup before
./rc9.d: invoking the start scripts.
Notes:
Run level control scripts
Run level scripts enable system administrators to start and stop selected applications and services,
or perform tasks during system start-up, shutdown or during run level change. Run level scripts
need to be created in the subdirectory of /etc/rc.d that is specific to the run level. Scripts
beginning with K are stop scripts, while scripts beginning with S are start scripts.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Purpose of the System Resource Controller
The System Resource Controller (SRC) provides a set of commands to make it easier for the
administrator to control subsystems. A subsystem is a daemon, or server, that is controlled by the
SRC. A subserver is a daemon that is controlled by a subsystem. Daemon commands and daemon
names are usually denoted by a d at the end of the name. For example, inetd is a subsystem and
can be controlled through SRC commands. rlogind is a subserver that is started by the inetd
subsystem as shown in the visual.
3-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Listing subsystems
IBM Power Systems
Notes:
Introduction
In this section, we discuss some examples of SRC commands.
Listing SRC status
The lssrc command is used to show the status of the SRC subsystems. In the example that is
shown on the visual, we are checking the status of all subsystems using the -a flag and the TCP/IP
group using the -g flag.
Specifying a subsystem or subsystem group
The -s and -g flags are used to specify subsystems or subsystem groups, respectively.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SRC control
IBM Power Systems
• Controlling subsystems
# stopsrc -s inetd
0513-044 The /usr/sbin/inetd Subsystem was requested to stop.
# startsrc -s inetd
0513-059 The inetd Subsystem has been started. Subsystem PID is
311374.
# refresh -s inetd
0513-095 The request for subsystem refresh was completed
successfully.
Not all
subsystems
support being
refreshed.
# refresh -s sshd
0513-005 The Subsystem, sshd, only supports signal
communication.
Notes:
If a change is made to a subsystem configuration, then the subsystem needs to be refreshed. For
example, if the entry for the ftp service is disabled in the inetd.conf file, then the inetd
subsystem needs to be refreshed by using the refresh command. Not all subsystems can be
refreshed. If so, simply use the startsrc and stopsrc commands.
3-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Connection closed.
Notes:
Introduction
The smit shutdown fast path or the shutdown command is used to shut down the system
cleanly. If used with no options, shutdown displays a message on all enabled terminals (using the
wall command), then (after one minute) disables all terminals, kills all processes on the system,
syncs the disks, unmounts all file systems, and then halts the system.
Some commonly used options
You can also use shutdown with the -F option for a fast immediate shutdown (no warning), -r to
reboot after the shutdown or -m to bring the system down into maintenance mode. The -k flag
specifies a “pretend” shutdown. It appears to all users that the machine is about to shut down, but
no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode:
# shutdown -m
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
3-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Do a fast
shutdown,
shutdown -F
Notes:
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
• Delayed: The HMC shuts down the logical partition using the delayed power-off sequence. This
allows the logical partition time to end jobs and write data to disks. If the logical partition is
unable to shut down within the predetermined amount of time, it will end abnormally and the
next restart might be longer than normal.
• Immediate: The HMC shuts down the logical partition immediately. The HMC ends all active
jobs immediately. The programs running in those jobs are not allowed to perform any job
cleanup. This option might cause undesirable results if data has been partially updated. Use this
option only after a controlled shutdown has been unsuccessfully attempted.
• Operating System: The HMC shuts down the logical partition normally by issuing a shutdown
command to the logical partition. During this operation, the logical partition performs any
necessary shutdown activities. This option is only available for AIX logical partitions.
• Operating System Immediate: The HMC shuts down the logical partition immediately by
issuing a shutdown -F command to the logical partition. During this operation, the logical
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
partition bypasses messages to other users and other shutdown activities. This option is only
available for AIX logical partitions.
3-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Power down partitions first
Before you power off the managed system, you must first shut down the operating systems in each
of the running partitions. Otherwise, they terminate abnormally, which might lead to file system
corruption.
After selecting the Power Off item from the Managed System's Operations task menu, you must
choose between the Normal power off procedure and the Fast power off procedure.
• Normal power off: The system ends all active tasks in a controlled manner. During that time, the
service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
• Fast power-off: The system ends all active tasks immediately. The programs running in the
service processor and the POWER Hypervisor are not allowed to perform any cleanup. Use the
fast option if the normal option fails.
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
Notes:
3-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 3. System startup and shutdown 3-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
3-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 4. AIX installation
References
Online AIX Version 7.1 Installation and migration
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.in
stall/insgdrf-kickoff.htm
SG24-7910 IBM AIX Version 7.1 Difference Guide (Redbooks)
http://www.redbooks.ibm.com/redbooks.nsf/RedbookAbstracts/sg247910.ht
ml?Open
GI11-9815 AIX Version 7.1 Release Notes
http://www-01.ibm.com/support/docview.wss?uid=pub1gi11981500
GI11-9835 AIX Version 7.1 Expansion Pack Release Notes
http://www-01.ibm.com/support/docview.wss?uid=pub1gi11983500
Unit objectives
IBM Power Systems
Notes:
4-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
When a Power Systems order is placed with IBM, or a business partner, there are options to have
the system preconfigured. This pre-configuration consists of LPAR creation and installation of OS
software including AIX.
AIX 6 and AIX 7 are delivered, by default, on DVD media. Optionally, AIX 6 can also be ordered on
CD (one through eight disks).
Another option is that downloading the ISO image from Entitled Software Support (ESS) website if
you have a valid IBM ID. You can burn the ISO image to a blank media then install from it, or copy
the ISO image to a virtual media repository, and load it into a virtual optical drive that is served from
the VIOS.
• ESS website: (IBM ID is required)
https://www-304.ibm.com/servers/eserver/ess/ProtectedServlet.wss
In an LPAR environment, NIM is a popular method of installing and updating AIX. NIM is a large
topic and is covered in-depth in the AN22 education class.
• Steps:
Assume that a partition and partition profile have already been created.
1. Place the AIX DVD in the drive.
2. Activate the partition to SMS and open terminal window.
3. Select to boot device using SMS menus in the terminal window.
4. Interact with the AIX installation menus.
Notes:
To install AIX into a partition, the partition and profile must first be created through the HMC. The
partition must have access to a device slot that contains the optical media drawer. If a virtualized
environment is to be deployed, then the VIOS partition probably own the optical device. In that
case, it is still possible to make this CD available to a partition as a virtual optical SCSI device. In
VIOS version 1.5, a new feature was added which allows a media ISO image to be allocated to
multiple partitions, through the file-backed virtual optical device feature.
To install AIX from the optical drive, either boot into SMS mode and choose to boot from the optical
media device, or start the partition with the “Diagnostic with default boot list”. Then, follow and
interact with the menus.
4-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Multiboot
1. Select Install/Boot Device
Notes:
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). Then, the
system displays all devices of this type. In the visual, there is only one such device. Select this
device number and then press Enter.
Select Task
SCSI CD-ROM
( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 )
1. Information
2. Normal Mode Boot
3. Service Mode Boot
Notes:
Once the optical media device is selected, we need to perform a normal boot and exit SMS as
shown in the visual. Then the partition proceeds and boots from the optical media drive. The first
interactive step is to type <1>, and then press Enter to use the terminal as the system console.
4-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Type the number of your choice and press Enter. Choice is indicated by >>>.
88 Help ?
99 Previous Menu
Notes:
If option 1 is selected, a default system installation occurs. However, in most cases you might want
to see and change the default settings. To do this, type a <2> and press Enter. Select 88 to display
help on this or any subsequent installation screen.
Either type 0 and press Enter to install with current settings, or type the
number of the setting you want to change and press Enter.
1 System Settings:
Method of Installation.............New and Complete Overwrite
Disk Where You Want to Install.....hdisk0
3 Security Model.......................Default
+-----------------------------------------------------
88 Help ? | WARNING: Base Operating System Installation will
99 Previous Menu | destroy or impair recovery of ALL data on the
| destination disk hdisk0.
>>> Choice [0]:
Notes:
The installation and Settings menu enables you to set the key options and configuration settings to
be deployed during installation.
4-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Method of installation
IBM Power Systems
2 Preservation Install
Preserves SOME of the existing data on the disk selected for
installation. Warning: This method overwrites the usr (/usr),
variable (/var), temporary (/tmp), and root (/) file systems. Other
product (applications) files and configuration data will be destroyed.
3 Migration Install
Upgrades the Base Operating System to the current release.
Other product (applications) files and configuration data are saved.
88 Help ?
99 Previous Menu
Notes:
Changing the method of installation
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation sub-menu that is shown in the visual is displayed.
The contents of which depends on the current state of the machine.
Complete Overwrite Install
On a new machine, New and Complete Overwrite is the only possible method of installation. On an
existing machine, if you want to completely overwrite the existing version of BOS, then you should
use this method.
Preservation Install
Use the Preservation Install method when a previous version of BOS is installed on your system
and you want to preserve the user data in the root volume group. This method removes only the
contents of /usr, / (root), /var, and /tmp. The Preservation Install option preserves page and
dump devices as well as /home and other user-created file systems. System configuration must be
done after doing a preservation installation.
Migration Install
Use the Migration Install method to upgrade from one version and release of AIX t a different
version and release, while preserving the existing root volume group. For example, when migrating
from AIX 6.1 to an AIX 7.1. This method preserves all file systems except /tmp, as well as the
logical volumes and system configuration files. Obsolete or selective fix files are removed.
4-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Installation disks
IBM Power Systems
Type one or more numbers for the disk(s) to be used for installation and press
Enter. To cancel a choice, type the corresponding number and Press Enter.
At least one bootable disk must be selected. The current choice is indicated
by >>>.
Notes:
Selecting installation disks
After you select the type of installation, you must then select the disks that are to be used for the
installation. A list of all the available disks is displayed, similar to the one shown.
This screen also gives you the option to install to an unsupported disk by adding the code for the
device first.
When you have finished selecting the disks, type <0> in the Choice field and press Enter.
Type the number for the Cultural Convention (such as date, time, and
money), Language, and Keyboard for this system and press Enter, or type
159 and press Enter to create your own combination.
88 Help ?
99 Previous Menu
Notes:
At this point in the installation process, you can change the language and cultural convention that is
used on the system after installation. This screen displays a full list of supported languages.
It is recommended that if you are going to change the language, change it at this point rather than
after the installation is complete. Whatever language is specified at this point is obtained from the
installation media.
Cultural Convention determines the way numeric, monetary, and date and time characteristics are
displayed.
The Language field determines the language that is used to display text and system messages.
The Keyboard field determines the mapping of the keyboard for the selected language convention.
4-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Security Models
IBM Power Systems
1. Trusted AIX............................................. No
88 Help ?
99 Previous Menu
Notes:
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables Multi Level
Security (MLS) capabilities in AIX MLS is also referred to as label-based security.
As compared to regular AIX, Trusted AIX label-based security implements labels for all subjects
and objects in the system. Access controls in the system are based on labels that provide for an
MLS environment and include support for the following:
• Labeled objects: Files, IPC objects, network packets, and other labeled objects
• Labeled printers
• Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
Note that once you choose this mode of installation, you are not able to go back to a regular AIX
environment without performing an overwrite install of regular AIX. Evaluate your need for a Trusted
AIX environment before choosing this mode of install.
Do not forget standard AIX provides a set of security features to enable information managers and
administrators to provide a basic level of system and network security. The primary AIX security
features include the following:
4-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
88 Help ?
99 Previous Menu
Notes:
When Graphics Software Install option is Yes, X11, CDE, Java, and other software dependent on
these packages is installed.
System Management Client Software includes Java, service agent, lwi, and pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are installed. This
is the preferred option, and it is very useful if you want to clone the image to another system, which
differs in type or device layout.
To install more software, select option 5 and press Enter.
Disks: hdisk0
Cultural Convention: en_GB
Language: en_US
Keyboard: en_GB
JFS2 File Systems Created: Yes
Graphics Software: Yes
System Management Client Software: Yes
Enable System Backups to install any system: Yes
Please wait...
Notes:
Before installation, a summary page is displayed. If you are ready to proceed with your options,
select 1 to continue and the system installation begins. It takes approximately one hour to build the
partition from DVD or CD media.
4-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
ACCEPT Installed License Agreements yes +
[Entry Fields]
ACCEPT Software Maintenance Agreements? yes +
Notes:
When AIX installation is complete, the user must accept both Software and Maintenance License
agreements, as shown in the visual.
• Post-install tasks:
– Accept the license agreement.
Notes:
The installation is not finished until you complete the post setup in the operating system. Once AIX
is installed, the system reboots. Several post installation steps are required. First, you must accept
both the software and maintenance license agreements. Finally, the installation assistant starts.
Although optional, it is recommended that you use the installation assistant at a minimum to set the
root password, date, and time, and configure the network parameters accordingly.
Once AIX is installed, you should update it to the latest technology level and service pack. These
can be downloaded from fix central: http://www.ibm.com/support/fixcentral
4-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Note: No root
AIX Version 7 password is set, by
Copyright IBM Corporation, 1982, 2010.
Console login: root
default, if it is not set
using the Installation
*******************************************************************************
* Assistant *above.
* *
* Welcome to AIX Version 7.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* *
* *
*******************************************************************************
Notes:
After the license agreements is accepted, the installation assistant (ASCII console) or configuration
assistant (Graphical console) will be displayed. The install assistant is similar to a mini version of
SMIT. As mentioned earlier in the unit, it is recommended that one uses the installation assistant at
a minimum to set the root password, date, and time and to configure the network parameters
accordingly. Another approach, would be to exit the installation assistant immediately and use
SMIT, command line, or scripts to configure the system.
The installation assistant can be invoked at any time using the install_assist command. On a
graphical console, either the install_assist or configassist commands can be used to
launch the configuration assistant.
• What is NIM?
– Centralized Installation and Management of AIX over a network
LPAR 4 Client
Systems
LPAR 1
Public/Open LPAR 2
NIM Server network
NIM resources LPAR 3
lpp_source
SPOT LPAR 4
Client Definitions
LPAR1
LPAR2
…
Actions:
• Resources are allocated to clients.
• Clients are set for a BOS operation.
Figure 4-17. AIX installation in a partition using NIM: NIM overview AN124.0
Notes:
Network Install Manager (NIM) introduction
NIM can be used to manage the installation of the Base Operating System (BOS) and optional
software on one or more networked machines. NIM gives you the ability to install and maintain the
AIX operating system, and any additional software, and fixes that can be applied over time. NIM
allows you to customize the configuration of machines both during and after installation. NIM
eliminates the need for access to physical media, such as tapes and optical media, once the NIM
master has been loaded. You use the NIM master to load other network “clients”. System backups
can be created with NIM, and stored on any server in the NIM environment. The advantage to using
NIM in an LPAR environment is that it solves the device allocation issue. Since AIX might already
be installed once on the system before it is shipped, you can configure this partition to be the NIM
master. Or, you can use another AIX system that is the proper AIX version. One of the optional
steps in creating a NIM master is creating a mksysb (AIX system backup image). You can use this
mksysb to install AIX in the other partitions. The advantage to mksysb is that it copies AIX
customizations from the source system.
4-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
• Note:
– Subsequent installs and updates for the same partition can be
initiated from the NIM master.
– A mksysb restore example is provided in a later unit (Backup and
Restore).
© Copyright IBM Corporation 2009, 2015
Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN124.0
Notes:
To install a partition from a NIM server, you need to create the partition and partition profile, for the
partition where AIX is installed. You would complete this step if you were installing from optical
media, except that you would not have to allocate the slot for the CD or DVD device. The partition
needs to be activated in SMS boot mode. From SMS, the NIM server network details can be
entered, which causes the client to issue a boot request over the network. From this point, the
menu steps are identical to using optical media.
4-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Network boot (1 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
4. Select Console
5. Select Boot Options
--------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------
Notes:
Network boot (remote IPL)
To configure a partition to boot from another system over the network, choose Setup Remote IPL
(Initial Program Load) from the main SMS menu.
Network boot (2 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
----------------------------------------------------------
NIC Adapters
Device Location Code
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T2
----------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
NIC adapter
Select which network interface to use. The example in the visual shows two ports on the integrated
Ethernet controller.
4-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Network boot (3 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Select Network Service
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. BOOTP
2. ISCSI
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
Notes:
Select the Network service: BOOTP.
Network boot (4 of 7)
IBM Power Systems
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Network Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
Notes:
Network parameters
Choose option 1 and configure the IP parameters. This screen is shown in the next visual.
Then, choose option 2 and configure the adapter settings, such as media speed and duplex setting.
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network adapter as a
boot device, and exit the SMS menu. This starts the network boot process.
4-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Network boot (5 of 7)
IBM Power Systems
• IP parameters:
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. Client IP Address [10.6.103.64]
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
4. Subnet Mask [255.255.255.0]
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
IP parameters
Enter the IP address of the client, which is the partition.
Enter the IP address of the server, which is the NIM server.
Enter the IP address of the gateway. This is the partition’s gateway system; so it must be local on
the partition’s subnet. This value can be a valid route on the same subnet as the client partition or
the IP address of the NIM server. Ask your network administrator which system to use.
Enter the subnet mask that the partition is using.
Adapter configuration
Once you’ve entered this information, return to the previous screen and choose the Adapter
Configuration option. Here you need to specify the media speed and the duplex setting.
Ping test and network boot
After you configured the adapter parameters, return to the main SMS menu. Run the ping test, and
if successful, select the network adapter as a boot device, then exit the SMS menus to begin the
boot process and the installation.
Network boot (6 of 7)
IBM Power Systems
• Adapter configuration:
PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4
1. Speed,Duplex
Disable Spanning Tree
2. Spanning Tree Enabled
for faster operation
3. Protocol
---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Notes:
Overview
The adapter configuration screen allows you to set parameters for the adapter itself. Typically, you
can leave it alone except for optionally disabling spanning tree. This makes the boot go much
faster.
The value for option 2 does not change, that is, from Enabled to Disabled. The option should have
a question mark next to it that is answered when you choose the option.
4-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Network boot (7 of 7)
IBM Power Systems
Notes:
Ping test
This option pings the NIM server. If it fails, suspect your IP configuration or the network.
Checkpoint
IBM Power Systems
Notes:
4-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
AIX
installation
Notes:
Unit summary
IBM Power Systems
Notes:
4-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 5. AIX software installation and maintenance
References
Online AIX 7.1 Information
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
SG24-7910 IBM AIX Version 7.1 Difference Guide (Redbooks)
http://www.redbooks.ibm.com/redbooks.nsf/RedbookAbstracts/sg247910.ht
ml?Open
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
5-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
AIX media
IBM Power Systems
Notes:
Each of the products that are listed above has a program ID number. At the time of publication they
were:
AIX v7.1 standard edition; program ID number: 5765-G98
• AIX v7.1 AIX Base
• AIX v7.1 Expansion Pack
• AIX v7.1 InfoCenter (DVD)
• AIX Toolbox for Linux
• Mozilla Firefox Browser
For virtual environments, a PowerVM license is required. PowerVM standard edition program ID
number: 5765-PVS. The following software is supplied:
• Virtual I/O Server V2.2
• Virtual I/O Server Expansion Pack
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
PowerVM Enterprise Edition also comes with the VIOS software. The Enterprise Edition is
everything the Standard Edition is plus it enabled Live Partition Mobility and Active Memory
Sharing.
The AIX Expansion Pack is a collection of extra software that extends the base operating system
capabilities. It contains filesets such as:
• Open Secure Sockets Layer (OpenSSL)
• Java 32- and 64 Bit
• iSCSI Target Device Driver
• List of Open Files (LSOF) and many more
The IBM Knowledge Center contains a list of support guides and help documentation. It is also
available online:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.base/kc_welcome_71.h
tm
Also, available online in the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html.
5-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
LPP
Base Operating
System Component
bos
Package
Base Networking
package
bos.net
TCP/IP collection
of filesets
bos.net.tcp
bos.net.tcp.server
Fileset
TCP/IP Server fileset
‘the smallest unit’
Notes:
Licensed Program Product (LPP)
A collection of packages that form an installable product.
Package
A package contains a group of filesets with a common function. It is a single, installable image. AIX
packages are a bundle of binaries that are glued together with the meta-information (name, version,
dependencies).
Fileset
A fileset is the smallest, individually installable unit. Generally, it is a single subsystem. For
example, bos.net.tcp.server is a fileset in the bos.net package. This image is a UNIX
Backup File Format file (BFF), created with the backup command. Files in an LPP can be listed
with: restore –Tvf <package> or extracted with restore –xvf <package>.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
For example: To list the contents of bos.alt_disk_install.rte fileset contained in AIX 7.1 TL01 SP03:
# restore -Tqvf U843197.bff
New volume on U843197.bff:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Thu Nov 10 19:38:56 CET 2011
Files are backed up by name.
The user is BUILD.
0 ./
3341 ./lpp_name
0 ./usr
0 ./usr/lpp
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1
130444
./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/liblpp.a
0
./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root
2560
./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root/liblp
p.a
258155 ./usr/lpp/bos.alt_disk_install/bin/altlib
The number of archived files is 17.
235743 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_lib
33476 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_posti
136613 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_prei
6368 ./usr/sbin/alt_blvset
52083 ./usr/sbin/alt_disk_copy
61402 ./usr/sbin/alt_disk_mksysb
46212 ./usr/sbin/alt_rootvg_op
14545 ./usr/lib/instl/jfs2j2
The total size is 980942 bytes.
Note: This is the only way, in AIX, to see which files are located within an LPP fileset, before
install.
5-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Software bundles
IBM Power Systems
# cat /usr/sys/inst.data/sys_bundles/openssh_server.bnd
[ ... ]
I:openssl.base
I:openssl.license
I:openssl.man.en_US
I:openssh.base.server
I:openssh.man.en_US
Notes:
Since there are thousands of filesets, having to determine which individual fileset you want on your
machine can be a time-consuming task. AIX has bundles, which offer a collection of filesets that suit
a particular purpose. For example, if you are developing applications, the App-Dev bundle would
be the logical choice to install.
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are equivalent
to product offerings. However, often they are a subset of a product offering or a separate
customized bundle. The bundles available might vary from AIX version to AIX version.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• There are four distinct software levels and management for AIX.
– Base level
– Technology level (TL)
– Service pack (SP)
– Interim fixes
Fix Packs
Interim
Base Technology + Service packs fixes
AIX Level level
(Contain APARs)
Notes:
Base AIX level is OS version and release, as first installed.
Maintenance:
• Technology level (TL: A TL is a major maintenance update and contains fixes and functional
enhancements. TLs are released twice per year. The first TL is restricted to hardware features
and enablement, in addition to software service. The second TL includes new hardware
features and enablement, software service, and new software features, making it the larger of
the two yearly releases. Each TL is supported for up to two years from the introduction of the
update. This means that clients with a Software Maintenance Agreement for the AIX OS is able
to contact IBM support for defect support during that two-year period without having to move up
to the latest Technology Level update. In previous versions of AIX, Technology levels were
referred to as Maintenance Levels (ML). The terms are often still used interchangeably.
• Service pack (SP): SPs contain service-only updates, also known as Program Temporary
Fixes (PTF), that are grouped together for easier identification. SPs are released between
Technology Levels and contain fixes for highly pervasive, critical, or security-related issues.
Service Packs are cumulative.
5-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • Interim fixes (ifix): Generally, this term refers to a certified fix that is generally available to all
customers between regularly scheduled fix packs or other releases. It can contain fixes for one
or more product defects (APARs). Specifically for AIX, the term Interim Fix (IF) is used as a
replacement for “emergency fix” or “efix”. While the term emergency fix is still applicable in
some situations (a fix given in the middle of the night with minimal testing, for example), the
term Interim Fix is more descriptive in that it implies a temporary state until an update can be
applied that has been through more extensive testing. IF fixes often rectify security
vulnerabilities.
• APARs (Authorized Problem Analysis Reports): A formal report to IBM development, of a
problem caused by a suspected defect in a current unaltered release of an IBM program.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# oslevel -s
7100-03-03-1415
Service Pack
AIX Level
Release date
VRMF
for example, 15th week
in 2014
Service Pack
Technology
Level
• To upgrade from one AIX version and release to another (for example,
AIX 6.1 to AIX 7.1), a migration must be performed.
• New TLs or SPs are applied through updates.
Notes:
The oslevel command reports the latest installed maintenance, technology level, and service
pack on the system.
The visual shows that the system is level AIX 7.1, technology level 3, service pack 3. Service packs
and technology level fixes are applied to the running system. To upgrade the system with a new
level, for example, from AIX 6.1 to 7.1, a new migration update must take place. This involves
system downtime.
5-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The lslpp and installp commands are vital for interacting, installing, and maintaining software
on AIX.
The rpm and geninstall commands are relatively new. These commands were introduced in AIX
5L as a part of the AIX affinity for Linux applications, which included support for other software
formats like RPM and ISMP (InstallShield MultiPlatform).
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Software repository
IBM Power Systems
[Entry Fields]
* INPUT device / directory for software /dev/cd0
* SOFTWARE package to copy [all] +
* DIRECTORY for storing software package [/usr/sys/inst.images]
DIRECTORY for temporary storage during copying [/tmp]
EXTEND file systems if space needed? yes +
Process multiple volumes? yes
Notes:
Generally, it is useful and sometimes necessary, for example when building and managing a NIM
server, to store software to disk. AIX refers to this as a software repository. The default software
repository is sometimes referred to as the default installation image directory. Its location on AIX is
/usr/sys/inst.images. However, it is advisable to create and manage a repository in a
separate file system that is not contained in the AIX root volume group.
The tables of contents (.toc) file
This is a mandatory file required for installing and updating packages on AIX. If the command line is
used (installp), then the user must manually create the .toc file. This is done using the
inutoc command. To create a .toc file in the current directory, type:
# inutoc .
SMIT automatically creates a .toc file when copying software files to disk and before installing
LPPs.
5-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Software states
IBM Power Systems
7.1.0.1 Saved
7.1.0.1
bos.perf.tools
Action: Apply Committed
7.1.0.2 Reject
7.1.0.2 Applied or
Commit
7.1.0.2
Committed
Notes:
Committed state and the initial install
AIX has a number of software states. When you are installing software for the first time, the
software automatically installs to a committed state. This means that there is only one level of that
software product installed on your system.
Applied state versus committed state for maintenance
When you are installing a set of fixes or upgrading to a new technology level on your system, you
have the option of installing the software either in the committed state or the applied state. The
applied state allows you to maintain two levels of the software on your system. When software is
installed in the applied state, the older version is saved on the disk and is deactivated, while the
newer version is installed and becomes the active version.
The applied state gives you the opportunity to test the newer software before committing to its use.
If it works as expected, then you can commit the software, which removes the old version from the
disk. If the newer version is causing a problem, you can reject it, which removes the newer version
and reverts back to the old version.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The lslpp command displays information about installed filesets or fileset updates. Each fileset
has a version number associated with it (in the format of Version.Release.Modification.Fix), a state
code, and a type code.
For the example of:
bos.net.tcp.client 7.1.3.16 C F TCP/IP Client Support
• The version and release is 7.1.
• The modification level is 3.
• The fix level is 16.
The following two codes that represent the state and type of fileset have legends for the codes at
the bottom of the lslpp -L report.
5-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lslpp -w /usr/local/grumpy/grumpystart
File Fileset Type
-----------------------------------------------------------
/usr/local/grumpy/grumpystart alex.grumpy.rte File
Notes:
The lslpp command has many useful flags associated with it. It is also possible to see when a
particular LPP was installed using the –h flag. See lslpp man page for more information.
A situation might arise where you want to use a particular command but it is not installed on the
system and you are not sure what LPP fileset to install to be able to use the binary. To help with this
problem, you can use the which_fileset command. The which_fileset command searches
the /usr/lpp/bos/AIX_file_list file for a specified file name or command name, and print
the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
Example:
# which_fileset shutdown
/etc/shutdown -> /usr/sbin/shutdown bos.compat.links 7.1.0.0
/usr/sbin/shutdown bos.rte.control 7.1.0.0
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• smit install_all
[Entry Fields]
* INPUT device / directory for software .
* SOFTWARE to install [] +
PREVIEW only? (install operation will NOT occur) no +
COMMIT software updates? yes +
SAVE replaced files? no +
AUTOMATICALLY install requisite software? yes +
EXTEND file systems if space needed? yes +
OVERWRITE same or newer versions? no +
VERIFY install and check file sizes? no +
DETAILED output? no +
Process multiple volumes? yes +
ACCEPT new license agreements? no +
Preview new LICENSE agreements? no +
[MORE...7]
Notes:
There are two fast paths worth remembering when it comes to software and SMIT:
• install_all – to install new software
• update_all – to update current software
Prior to the screen shown in the visual, you are asked to select the “INPUT device / directory for
software”. The input device can be tape (/dev/rmt0), optical media (/dev/cd0), or a directory.
The period (.) in the example indicates the directory you currently reside in.
The default behavior when installing new software is to commit. To first apply software rather than
commit, change the COMMIT software updates field to No.
The SMIT software installation panel uses the geninstall command to be able to handle various
software packaging formats.
If you don't change the ACCEPT new license agreements field to yes, then the software is not
installed. You always must change this field before the installation.
5-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Installing software using command line:
Examples
IBM Power Systems
• installp
-a (apply), -c (commit), -p (preview), -g (apply prerequisites), -X
(expand file systems, if needed), -Y (accept license agreements), -d
(device or directory location of software), -q (quiet mode)
• geninstall
-I (use installp flags, as described above), -p (preview), -d (device
or directory location of software)
# geninstall -I "-acgXY" -p -d . bos.rte.install
# geninstall -I "-acgXY" -p -d /TL01_SP02 all
Notes:
The installp command handles software that is packaged in the traditional AIX bff format. The
geninstall command determines the type of packaging and invoke the appropriate utility to
handle the selected packages. For example, it would invoke the rpm command if the software was
packaged in that format.
The installp and geninstall commands install and update software from the command line
on AIX. They both accept many flags; the popular flags are shown in the visual. For geninstall,
the installp command is invoked if the software is in AIX bff format rather than rpm; in that case,
the needed installp options are passed to the geninstall command as the value of the I flag.
Following are partial descriptions of the flags (see the man pages for full details):
• -a
Applies one or more software products or updates. This is the default action. This flag can be
used with the -c flag to apply and commit a software product update when installed.
• -c
Commits all specified updates that are currently applied but not committed.
• -d <device or directory>
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Specifies where the installation media can be found. This can be a hardware device such as
tape or DVD, it can be a directory that contains installation images, or it can be the installation
image file itself.
• -g
When used to install or commit, this flag automatically installs or commits, respectively, any
software products or updates that are requisites of the specified software product.
• -p
Performs a preview of an action by running all preinstallation checks for the specified action.
• -X
Attempts to expand any file systems where there is insufficient space to do the installation. This
option expands file systems based on current available space and size estimates that are
provided by the software product package.
• -Y
Agrees to required software license agreements for software to be installed.
5-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# rpm –qa
# rpm -e cairo-1.0.2-6
Install
# rpm -i bash-3.2-1.aix.ppc.rpm package
Notes:
In addition to providing the ability to run a Linux operating system on IBM Power Architecture
technology, IBM provides strong Linux affinity within the AIX OS. This affinity enables faster and
less costly deployment of multi-platform, integrated solutions across AIX and Linux platforms. Linux
packages can be installed and manipulated on AIX using the RedHat Package Manager as shown
in the visual.
AIX affinity with Linux includes Linux application source compatibility, compliance with emerging
Linux standards, and a GNU Linux build-time environment with GNU and other open source tools
and utilities that combine to facilitate the development and deployment of Linux applications on the
AIX OS. This AIX affinity with Linux allows Linux programs to be easily recompiled for native
execution on the AIX OS. This approach allows you to benefit from the capabilities of Linux
applications combined with the industrial strength foundation and performance advantages afforded
to native AIX applications.
Quick guide to RPM:
• To install: rpm -i <packagefilename>
• To upgrade (works for install as well): rpm -U <packagefilename>
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
5-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Ideally, all systems should be at the latest fix pack (TL and SP level).
• IBM recommends installing the complete fix pack.
• System updates can be applied through smit update_all or using
geninstall or installp commands.
Some items
# smitty update_all
removed for
clarity
* INPUT device / directory for software /updates
* SOFTWARE to update _update_all
PREVIEW only? (update operation will NOT occur) yes +
COMMIT software updates? no +
SAVE replaced files? yes
[...]
Notes:
In the past, AIX system administrators would often download and install individual filesets on a
system. This caused the software be at mixed levels and sometimes created more problems than it
solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
• Technology level (also known as Maintenance level in previous releases)
• Service Pack
AIX updates are provided as Technology Level packages or Service Packs. In accordance with
'Enhanced Service Strategy Releases', these generally available updates have been tested to
operate best when all updates in a fix pack are installed. IBM recommends installing the complete
fix pack.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• installp example:
# lslpp -L |grep -i cluster |grep pdf
cluster.doc.en_US.es.pdf 5.4.0.0 C F HAES PDF Documentation
Apply
# installp -aB -d . cluster.doc.en_US.es.pdf
update
# lslpp -L |grep -i cluster |grep pdf (-aB)
cluster.doc.en_US.es.pdf 5.4.1.0 A F HAES PDF Documentation
Note: installp –s lists all Applied software on the system
OR
# installp –c all Commit all
applied
Installation Summary software (-c)
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
cluster.doc.en_US.es.pdf 5.4.1.0 USR COMMIT SUCCESS
Notes:
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
can be done with system management tools like SMIT, or the geninstall or installp
commands. It is often useful to remember key installp flags. The flags, -aB mean apply and
update the fileset. Once applied the update can be rejected (-r) or committed (-c).
In this example, the filesets are stored in a software repository on disk in which we are currently
located. Hence the device location (-d) is set to “dot” (the current directory).
5-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# instfix –i
Notes:
Fixes displayed with the instfix –i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Technology Level
releases, were installed through instfix itself. In AIX7, instfix is really a legacy command. It is
only useful for listing and searching through applied updates on the system.
Necessary fixes that are not part of a TL or SP, are handled through interim fix management.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The interim fix (ifix) management solution enables users to track and manage ifix packages on a
system. An ifix package might be an interim fix, debug code, or test code that contains commands,
library archive files, or scripts that run when the ifix package is installed.
The ifix management solution consists of the following commands:
• ifix packager (epkg)
• ifix manager (emgr)
The epkg command creates ifix packages that can be installed by the emgr command. The emgr
command installs, removes, lists, and verifies system ifixes.
It is important to examine the state field after installing an interim fix. The codes for the state field
are documented in the AIX Installation and Migration manual. In the above example, the state value
of Q means that a reboot is necessary for this fix to be effective.
5-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• # smit remove
Remove Installed Software
[Entry Fields]
* SOFTWARE name [cluster.es.cspoc.cmds] +
PREVIEW only? (remove operation will NOT occur) yes +
REMOVE dependent software? yes +
EXTEND file systems if space needed? no +
DETAILED output? no +
[ ... ]
Notes:
Software can be removed by using system management tools or the command line. The installp
–u flag, removes the specified software product and any of its installed updates from the system.
The product can be in either the committed or broken state. Any software products that depend on
the specified product must also be explicitly included in the input list unless the -g flag is also
specified. Removal of any bos.rte fileset is never permitted.
Note
The removal of LPP filesets does not necessarily mean that the process will delete all files included
in the filesets. This depends on how the LPP filesets are constructed.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Look for ?
or B.
# lppchk -v
lppchk: The following filesets need to be installed or corrected to bring
the system to a consistent state:
Display
inconsistent
Firefox.base.rte 1.5.0.12 (APPLYING) filesets.
# installp -C
Notes:
If the process of installing, updating, or removing software from the system is interrupted or fails,
the outcome is likely to be either broken or inconsistent filesets on the system. To detect this, use
the lppchk command. If all is OK, the command returns null, otherwise broken, or inconsistent
filesets are displayed. To clean up from any such operation, use the installp command with the
–C option (clean-up) and then retry the original operation again. If the failed operation was an
uninstall, remove the software manually, using installp –u <fileset>.
5-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an AIX
server or NIM server.
The bos.suma fileset is not installed by default and has prerequisites of bos.ecc_client.rte and
Java6.sdk.
Why SUMA?
Fix automation, the ability to get maintenance fixes onto a system automatically, is becoming a
focus area for IT system administrators. As system administration becomes more complex and time
consuming, it is often a roadblock that prevents systems from being up to date with current software
fixes. Clients want the increased security and reliability benefits, as well as the reduced downtime
and total cost of ownership that comes with keeping current fixes on a system. To meet these client
demands, SUMA has automated the process of determining which fixes are available, discovering
which of the available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to perform these
tasks.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Base configuration
– # smit suma_config_base
Base Configuration
[Entry Fields]
Screen output verbosity [Info/Warnings/Errors] +
Logfile output verbosity [Verbose] +
Notification email verbosity [Info/Warnings/Errors] +
Remove superseded filesets on Clean? yes +
Remove duplicate base levels on Clean? yes +
Remove conflicting updates on Clean? Yes +
Fixserver protocol https +
Download protocol http +
Maximum log file size (MB) [1] #
Download timeout (seconds) [180] #
Notes:
The Base Configuration menu allows SUMA global configuration settings to be viewed or
changed. These settings are used for each SUMA task that is run and allow the specification of
values for items such as:
• Screen, logfile, and email verbosity levels
• Flag options for the lppmgr command to help manage the size of a download repository
• Download protocol
• Download timeout setting
A clean operation removes unnecessary files from the repository using the lppmgr command.
The global configuration settings can be viewed from the command line, with the suma -c
command.
In AIX 7 and later, use of HTTP or HTTPS proxy connections requires that the ECC service
connection be configured. This is shared with Service Agent and Inventory Scout.
5-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
SUMA default task values can be uniquely set for each SUMA task. The visual above shows the
default settings. The possible actions are:
• Preview: SUMA performs the operations that do not directly affect the file system. The output
displayed reflects what would happen during a download. Use this option to determine which
files will be downloaded for your request.
• Download: SUMA downloads files into the directory specified in Directory for item storage.
• Download and Clean: SUMA performs a download operation and a clean operation to remove
unnecessary files from the repository.
The task configuration settings can be viewed with the suma -D command.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
SUMA tasks can be initiated through the command line. This is most useful when producing scripts
to automatically download fixes. SUMA uses cron when scheduled tasks are created. In the
schedule example above, the following entry is added to root's crontab:
0 23 * * 3 _SUMA=cron /usr/bin/suma -x 1
5-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
AIX fixes are generally available on the Internet at Fix Central. Fixes at any level, from AIX 4.3.3 to
the present version, can be downloaded.
Each IBM client accessing Fix Central is required to have an individual IBM ID to download fixes
(some exemptions can apply). If not already registered, the registration is quick and simple and
provide users with a customized experience to better serve their needs. To register go to:
https://www.ibm.com/account/profile
On the My IBM Profile page, click Register to create a new account.
5-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
http://www14.software.ibm.com/webapp/set2/flrt/home
© Copyright IBM Corporation 2009, 2015
Notes:
Today's AIX environment can be complex as lots of components are required. In addition to AIX,
one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and more. How do
you know whether the levels of these products are compliant and supported? The answer is FLRT.
FLRT is web driven tool that enables you to select your machine type and software components
and levels. It then produces an easy to read report which provides recommendations, notices, and
status compliance as shown on the visual.
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
c. Install state
d. Commit state
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
Notes:
5-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
AIX software
installation and
maintenance
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 5. AIX software installation and maintenance 5-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
5-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 6. System configuration and devices
References
Online AIX 7.1 Information
AIX Version 7.1 Operating System and Device
Management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
6-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Device terminology
IBM Power Systems
• Generic terminology
– Physical devices
– Ports
– Device drivers
– Logical devices
– /dev directory
– Virtual devices
Notes:
Generic device terminology
• Physical devices are the actual hardware that is connected in some way to the system.
• Ports are the physical connectors and adapters in the system to which physical devices or
cables are attached.
• All POWER servers, except but the entry level models, provide the ability to extend the internal
buses of the system enclosure to the I/O expansion drawers. The I/O expansion drawers have
PCI buses, which can support additional adapters and disks (depending upon the type of I/O
drawer. Older Power models used a cabling system called RIO. The newer servers use a
cabling system called 12X (based on InfiniBand).
• Logical devices: Software interfaces (special files) that present a means of accessing a physical
device to the users and application programs. Data that is appended to logical devices is sent to
the appropriate device driver. Data that is read from logical devices is read from the appropriate
device driver.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• /dev is the directory, which contains all of the logical devices that can be directly accessed by
the user. Some logical devices that are defined are only referenced in the ODM customized
database and cannot be accessed by users.
• Virtual devices are the Ethernet and SCSI devices, which are allocated to the client for
networking access and storage. These devices are not real.
Power hardware-specific terminology
• Central electronics complex (CEC) is the main system unit that contains system processors,
memory, and remote I/O connections.
• System planar is the main component of the CEC where all processor cards, memory dimms,
and I/O attachments are interconnected together.
• RIO and 12X provide high-speed connectivity between the system enclosure (contains the
CEC) and any I/O drawer enclosures. RIO and 12X are consisted of special cables, adapters,
and protocols, which allow the I/O drawers to effectively act as extensions of the system
enclosure’s internal buses. An I/O drawer can consist of PCI slots/adapters, disks, or both,
depending on the type of I/O drawer. The I/O drawers connect to the system enclosure through
either a RIO or 12X GX adapter, which sits on the system enclosure’s GX+ bus.
• System ports are the two serial ports on the system planar. In an operating system environment,
the two system ports become host virtual system ports and are only available for specific limited
functions. For example, the two integrated system ports on a p550 are limited to serial
connected TTY console functionality and IBM approved call-home modems. These system
ports do not support other general serial connection uses, such as UPS, PowerHA heartbeat,
printers, mice, and so on, If you need multi-purpose serial port functions, optional PCI adapters
are available.
• GX+: Each POWER6 and higher processor provides a GX+ bus, which is used to connect to an
I/O subsystem or Fabric Interface card.
• IVE: The POWER6 and higher processor-based servers extend the virtualization technologies
that are introduced in POWER5 by offering the Integrated Virtual Ethernet (IVE) adapter. IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way to
manage the sharing of the integrated high-speed Ethernet adapter ports. It is a standard set of
features that are part of POWER6 and early POWER7 processor-based servers. IVE is
discontinued in new models POWER7 processor-based servers.
• PCI, which stands for Peripheral Component Interconnect, is an industry-standard bus for
attaching peripherals to computers.
6-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
5886
SAS disk Location:
drawer • Enclosure
• Bus or planar
SAS • Adapter
12X
• Port
5877 • Device
PCI
Expansion
drawers
12X
12X
PCI cables
12X
CEC
Power 770 PCI GX
System
Enclosures CEC
12X
PCI GX
© Copyright IBM Corporation 2009, 2015
Notes:
A Power Server can be consisted of many enclosures. An enclosure is a single box that can be
mounted in a rack. Each enclosure has a unique identifier, which consists of the machine type and
model (MTM) plus a serial number, as in this example:
U8204.E8A.65BF831.
Virtual devices use this as the basis for their location.
The most important enclosure is the system enclosure, which contains the CEC. The MTM and
serial for the system enclosure is used as the basis for virtual device locations.
The CEC, within the system enclosure, has a separate MTM and serial number. All of the
non-virtual devices within a system enclosure use the CEC identifier as the basis for their location.
For example, device pci1 (on the PCI-X) bus has the device code of
U78A0.001.DNWGCAH-P1
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means that the device is attached to the
main System planar.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
For certain server models, multiple system enclosures can be cabled together act as one large
server. An example of that would be a Power 770.
Within each enclosure, there are one or more planars. A planar is often associated with an internal
bus, such as a PCI bus. On each bus, there is one more device adapter. Each device adapter has
one or more ports. Most of the devices that you might want to identify are associated with or
connected to one of these ports.
While the system enclosure has a few integrated disk bays and PCI slots, it is common to desire
more of these resources. To support expanding the I/O capacity of the server, the system
enclosures can be connected to I/O expansion drawers, which act as an extension of the server.
These I/O drawers have their own MTM and serial number that is used for locating devices that are
attached to them. The current cabling system for connecting I/O expansion drawers to the system
drawers is the 12X cabling, though older servers used the RIO cabling. The expansion drawers
contain their own internal PCI buses that support card slots. Some models also have an integrated
SAS or SCSI adapter to support additional disk bays in the enclosure.
Finally, when additional locally attached disks are needed, it is possible to place a disk expansion
drawer. These are cabled to storage adapter in either a system enclosure or an I/O expansion
drawer using SAS or SCSI cabling, depending on the model I/O drawer. Devices in this type of I/O
drawer are located based upon the storage adapter to which they are cabled. And that storage
adapter is either in a system enclosure or an I/O expansion drawer.
Device location codes are explored in more depth as we go through this unit.
6-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Device addressing
IBM Power Systems
• Both physical and AIX codes can be seen side by side with:
– lsdev –CHF “name, status, physloc, location”
Notes:
Every device is assigned a physical location code when it is attached to the system. These codes
are critical. If a device has a problem such as a disk failure, an error report is generated which
identifies the device and its location. You can use this information to replace the failed disk drive.
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and they
remain today for legacy purposes. On POWER based processor servers that can be partitioned,
you need to use physical location codes.
Note
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System planar (P1), Card slot No 4, 2nd port, adapter is in the CEC
Planar 1 (P1), PCI slot No 4, 2nd port, SCSI ID 8,0, disk is in an attached SCSI 7311-D 20
I/O Drawer.
System planar (P1), Card slot No 3, Port 1, W = WW unique name of an FC adapter (where
the FC adapter is in a remote storage subsystem), L = LUN ID. The disk is a logical
device (identified by the LUN ID) in the remote storage subsystem.
Notes:
The visual above shows how to interpret physical location code information.
The example system is an older model Power 550, but the principle applies to all POWER Servers.
This server has a single system enclosure.
• U78A0 identifies the CEC within the system enclosure.
• The model number for a CEC is always: 001.
• DNWGGRX is the serial number of the CEC.
Power Systems usually have I/O expansion drawers, or in the case of the larger machines,
expansion frames containing I/O drawers. U7311.D20 is a remote I/O drawer (RIO) for low to
mid-range systems. 6516D3 is the serial number that is assigned to the drawer.
6-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
– VIOS partition
vhost0 U8204.E8A.652ACD2-V1-C12 Virtual SCSI Server Adapter
Virtual Server adapter, Virtual (LPAR) ID 1, virtual card slot (Adapter ID) 12
Notes:
Virtual devices are assigned location codes in a similar format to physical devices. The format is:
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number.[port].[LUN]
The visual shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order to do this, the
first step is to create a virtual server adapter, on the HMC for the VIOS and also a VIO client adapter
for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1 represents
a virtual device with an assigned ID of one. C12 represents the virtual card slot number, which is
always equal to the adapter ID as defined on the HMC.
The vscsi device on the virtual client symbolizes the client adapter. In the example, V2 again
represents a virtual device with an assigned ID of two. C12 represents the virtual card slot number,
which is also equal the adapter ID as defined on the HMC. T1 specifies the port number of the
adapter.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The client disks that are associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN ID (L81000000000). In this example, eight is the
SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter to be
presented to the client.
6-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
System configuration is important. We need to understand what devices we have at our disposal
and where these devices are physically located within each box or drawer. This is important when
devices fail, especially disks! Taking out the wrong disk in the system due to failure might result in
data corruption.
An AIX partition does not need to have any real devices. In today's Power Systems environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
separate LPAR and virtualization education track. It is beyond the scope of the course.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Device commands
IBM Power Systems
• prtconf
– Lists major system configuration items
• lscfg
– Lists device information including physical location codes
• lsdev
– Lists device information including the state of the device
• lsslot
– Displays all specified hot plug slots and their characteristics
• chdev
– Changes the characteristics of a device
• rendev
– Changes the name of a device
• lsattr
– Displays attribute characteristics and possible values of attributes for devices
in the system
Notes:
There are many commands that are useful in determining the current configuration of your system.
These commands are covered in more detail on the following visuals.
6-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
prtconf (1 of 2)
IBM Power Systems
Notes:
prtconf is very useful command, which displays an overview of the system configuration. This is
particularly useful for documentation purposes. One should run this command on a regular basis
and save or print the output.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
prtconf (2 of 2)
IBM Power Systems
Notes:
The last function prtconf performs is to run the lscfg command as shown in the visual. Although
the prtconf –v flag can be used to display detailed Vital Product Data (VPD) information, the
output on the previous page is omitted. To get around this problem, simply make a copy of the
prtconf script to prtconfVPD and append a –v flag to the last lscfg command at the end of the
script.
As follows:
# tail `which prtconf`
done
fi
#devices information
lscfg ######## APPEND –v here !!! ###########
fi
6-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
lscfg
IBM Power Systems
• lscfg can be used to display vital product data (VPD) information for
devices.
– IBM customer engineers (CEs) need this to order and replace failed
components.
Physical
location code
# lscfg -v -l ent4
ent4 U5877.001.00H0301-P1-C5-T1 2-Port
10/100/1000 Base-TX PCI-Express Adapter (14104003)
Notes:
The lscfg command displays configuration, diagnostic, and vital product data (VPD) information
about the system.
Use the lscfg command to display vital product data (VPD) such as part numbers, serial numbers,
and engineering change levels. VPD data is required for hardware engineers when they need to
order replacement parts due to failures.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
lsdev
IBM Power Systems
# lsdev -p pci5
ent8 Available 05-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) Child
ent9 Available 05-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902) devices
Device state
Locating the
# lsdev –Cl cd1 –F parent parent
ide0 device
Notes:
The lsdev command displays information about devices in the device configuration database.
The -C flag requests information about all the customized devices. Newer versions of AIX assume
customized devices if neither -P nor -C are coded. Any combination of the -c Class, -s Subclass,
-t Type, -l Name, -p Parent, and -S State flags selects a subset of the customized devices.
A -P flag displays information about a device that are supported by the system. Any combination of
the -c Class, -s Subclass, and -t Type flags selects a subset of the supported devices.
In newer versions of AIX, lsdev assumes a request for customized devices if neither -P nor -C
flags are coded.
Commonly used classes include disk, cdrom, adapter, and if (interface).
A simple script that can be useful in seeing the full parentage of a device is:
6-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
lsslot
IBM Power Systems
# lsslot -c slot
# Slot Description Device(s)
U787F.001.DPM0WB8-P1-C1 Logical I/O Slot pci7 fcs1
U787F.001.DPM0WB8-P1-C3 Logical I/O Slot pci4 sisscsia1
U787F.001.DPM0WB8-P1-T5 Logical I/O Slot pci5 ent0 ent1
U787F.001.DPM0WB8-P1-T10 Logical I/O Slot pci3 sisscsia0
U787F.001.DPM0WB8-P1-T12 Logical I/O Slot pci2 ide0
Lists all PCI hot
U9131.52A.063412G-V1-C0 Virtual I/O Slot vsa0
plug slots
# lsslot -c pci
# Slot Description Device(s)
U787F.001.DPM0WB8-P1-C1 PCI-X capable, 64 bit, 133MHz slot fcs1
U787F.001.DPM0WB8-P1-C3 PCI-X capable, 32 bit, 66MHz slot sisscsia1
U787F.001.DPM0WB8-P1-C4 PCI-X capable, 64 bit, 266MHz slot fcs0
Notes:
The lsslot command displays all the specified hot plug slots and their characteristics. Hot plug
slots are the plug-in points for connecting entities that can be added and removed from the system
without turning the system power off or rebooting the operating system. The -c flag is required. It
specifies the type of hot plug connector, for example, pci for hot pluggable PCI adapters. You can
display only the empty, that is, available, hot plug slots with the -a flag, the occupied slots with the
-o flag, or a specific slot by using the -s flag. The -l flag can be used to locate the slot that is
associated with the specified DeviceName, as listed by the lsdev command.
6-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The lsattr command displays information about the attributes of a given device or type of device.
The chdev command changes the characteristics of the specified device with the given device
logical name that is specified with the -l Name flag. The device can be in the defined, stopped, or
available state. Some changes might not be allowed when the device is in the available state. When
changing the device characteristics, you can supply the flags either on the command line, or in the
specified -f File flag.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Device states
IBM Power Systems
• Undefined
– The device is unknown to the system.
• Defined
– The device is known to the system but it is unavailable for use.
• Available
– The device is available and ready for use.
• Stopped
– The device is unavailable but remains known by its device driver.
• The mkdev and cfgmgr commands make devices available
for use.
• The rmdev command can make devices unavailable for use
and completely remove them from the system.
Notes:
Device States
• Undefined is not a state one can see assigned in the system, more of a reference statement. If
refers to a device, which is supported but is not configured.
• Defined means that the device is known to the system. It has been allocated a logical device
name, a location code, and attributes have been assigned to it. However, it is still unavailable
for use.
• Available means that the device is fully configured and is ready for use.
• Stopped mean that the device is configured, but not available for use by applications.
• When a device is first identified, it is configured and put into the Available state. Available
devices can be put into the defined or undefined state by using the rmdev command. Devices
can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into the system. It
can be run at any time.
6-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# ls -l /dev/*rmt0*
crw-rw-rw- 1 root system 37, 0 13 Oct 14:43 /dev/rmt0
crw-rw-rw- 1 root system 37, 1 13 Oct 14:43 /dev/rmt0.1
……. Removed rmt0.2 through rmt0.6
crw-rw-rw- 1 root system 37, 7 13 Oct 14:43 /dev/rmt0.7
# rmdev -l rmt0 -d
rmt0 deleted
Notes:
The visual shows a tape drive that is connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device files
are created in /dev directory. Some devices like tapes have several special files. Each file is
assigned a major and minor number. Major and minor numbers are used by the operating system to
determine the actual driver and device to be accessed by the user-level request for the special
device file.
For example, when writing files to a tape, the difference between tar –cvf /dev/rmt0
myfiles.tar and tar –cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape
rewinding after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
rendev command
IBM Power Systems
Notes:
The rendev command changes the name of the specified device with the given device name that
is specified with the -l name flag. The new name must not exceed 15 characters in length. If the
name is already used or is present in the /dev directory, the operation fails.
One of the use cases would be to rename a group of disks on which application data can reside to
be able to distinguish them from other disks on the system.
Devices that are in use (available state) cannot be renamed; the device must first be in a defined
state. If device is a parent of other devices, you must unconfigured all child devices first. The
rendev command restores device to the Available state. The –u flag can be used to prevent the
device from being configured again after it is renamed.
Disk drive devices that are members of the root volume group, or that becomes members of the
root volume group (by means of LVM or install procedures), must not be renamed. Renaming such
disk drives might interfere with the ability to recover from certain scenarios, including boot failures.
6-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
System configuration
and devices
Notes:
6-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 6. System configuration and devices 6-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
6-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 7. System storage overview
References
Online AIX Version 7.1 Operating System and Device
Management
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction and
Concepts (Redbooks)
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
7-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Physical storage
Logical storage
File systems
Directories
Files
Managed by
Logical Volume Manager (LVM)
Notes:
Components
The basic components or building blocks of AIX storage are:
• Files
• Directories
• File systems
• Logical storage
• Physical storage
• Logical Volume Manager (LVM)
As a user, you work with files and directories. As a system administrator, you manage storage
using the Logical Volume Manager.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Partition 1
Partition 4
Partition 2
Partition 3 Partition 5
• Problems:
– Fixed partitions
– Expanding size of the partition
– Limitation on size of a file system and a file
– Contiguous data requirement
– Time and effort required in planning ahead
Notes:
Issues with traditional UNIX disk storage
Traditionally, disk partitioning has been implemented through partitions. Customers had to select
the correct size for each partition before the system was able to be installed.
Each file system was on a partition on the hard disk.
Changing the size of the partition, and thus the file system, was no easy task. It involved backing up
the file system, removing the partition, creating new ones, and restoring the file system.
A major limitation to partitions was that each partition had to consist of contiguous disk space. This
characteristic limited the partition to reside on a single physical drive. It cannot span multiple hard
disks. Since file systems were always contained within a partition, no file system can be defined
that would be larger than the largest physical drive. This meant that no single file can be larger than
the largest physical drive.
7-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Constraints eliminated
The constraints with traditional UNIX disk storage have been eliminated in AIX, with the addition of
the Logical Volume Manager.
Note that the tasks listed in the visual, can be performed while users are on the system.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
1
2
3
4
5
write(data);
6
x
y
z
Application
Logical
Volume (LVs)
Physical
volumes (PVs)
Notes:
Introduction
The AIX Logical Volume Manager controls disk storage resources by mapping data between a
simple and flexible logical view of storage space and the actual physical disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Components
A hierarchy of structures is used to manage disk storage:
- Volume groups
- Physical volumes
- Physical partitions
- Logical volumes
- Logical partitions
7-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Physical storage
IBM Power Systems
PP1
Volume PV1 PP2
group A PP3
PP4 Physical
PP5 volume
PP6 /dev/hdiskn
Volume PV2 PV3 PV4 PV5
group B
PPn
Notes:
Introduction
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks called physical
partitions (PP). Each physical partition size is the same across all the disks in a volume group (VG).
The PP size is set at the time the VG is created. The size is set in megabytes on power of two
boundaries (for example: 4 MB, 8 MB, 16 MB, and so forth). The default is 4 MB.
In AIX V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size (equal or
greater than 4 MB) which allows full addressing of the largest disk in the VG given the selected
maximum number of PPs per PV (defaults to 1016). The smallest PP size is 1 MB, which is
supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is a number
allocated by the operating system. It is usually the next available number. This file can be used to
access the device directly but this is not often done.
7-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Volume groups
IBM Power Systems
Notes:
Volume group types
With successive versions of AIX, new types of volume groups have been introduced which allow for
greater capacities and greater flexibility.
Original volume groups
When creating a volume group with SMIT or using the mkvg command, original volume groups are
the default.
Big volume groups
Big volume groups were introduced with AIX V4.3.2. Besides, increasing the number of PVs per
VG, the big volume group also doubled the maximum number of LVs per VG from 255 to 512.
Support for creating big volume groups through SMIT was introduced in AIX 5L V5.3. Previous to
5.3 big volume groups was able to be created only from the command line.
7-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Three-disk or more
One-disk VG Two-disk VG VG
VGDA VGDA
Notes:
Volume Group Descriptor Area (VGDA)
The VGDA is an area of disk, at least one per PV, containing information for the entire VG. It
contains administrative information about the volume group (for example, a list of all logical volume
entries, a list of all the physical volume entries, and so forth). There is usually one VGDA per
physical volume. The exceptions are when there is a volume group with either one or two disks (as
shown in the visual).
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it available for
use with the varyonvg command. A quorum of VGDA copies is needed to ensure the data
integrity of management data that describes the logical and physical volumes in the volume group.
A quorum is equal to 51% or more of the VGDAs available.
A system administrator can force a volume group to varyon without a quorum. This is not
recommended and should be done in an emergency only.
7-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
© Copyright IBM Corporation 2009, 2015
Notes:
Logical partition
A physical partition is the smallest unit of disk allocation. Each logical partition maps to a physical
partition, which physically stores the data.
The logical partitions within a volume group are the same size as the physical partitions within that
volume group.
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes can span physical volumes if the volume group consists of more than one physical
volume. Logical volumes do not need to be contiguous within a physical volume because the logical
partitions within the logical volume are maintained to be contiguous. The view the system sees is
the logical one. Thus, the physical partitions they can reside anywhere on the physical volumes in
the volume group.
Logical volumes can be increased in size at any time, assuming that there are sufficient free
physical partitions within the volume group. This can be done dynamically through SMIT even when
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
users are doing work in that logical volume. However, logical volumes cannot easily be decreased
and require a file system backup and restore to a re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is maintained in the
VGDA for the volume group. It is both a physical view and a logical view.
LVM mapping
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD) and the
LVM subroutine interface library. The LVM controls disk resources by mapping data between a
more simple and flexible logical view of storage space, and the actual physical disks. The LVM does
this using a layer of device driver code that runs above traditional disk device drivers.
7-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Introduction
When you install the system, one volume group (rootvg) is automatically created which consists of a
base set of logical volumes required to start the system. rootvg contains such things as paging
space, the journal log, and boot data, each usually in its own separate logical volume.
You can create additional logical volumes with the mklv command or go through the SMIT menus.
This command allows you to specify the name of the logical volume and to define its characteristics.
JFS and JFS2 file systems
The native file system on AIX is the journaled file system (JFS), or the enhanced journaled file
system (JFS2). They use database journaling techniques to maintain consistency. It is through the
file system's directory structure that users access files, commands, applications, and so forth.
Journal log
The journal log is the logical volume where changes made to the file system structure are written
until such time as the structures are updated on disk. Journaled file systems and enhanced
journaled file systems are discussed in greater detail later in the course.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but is not
currently being maintained in real memory.
Boot logical volume
The boot logical volume is a physically contiguous area on the disk, which contains the boot image.
Dump device
When you install the operating system, the dump device is automatically configured for you. By
default, the primary device is /dev/hd6, which is the paging logical volume, and the secondary
device is /dev/sysdumpnull. For systems migrated from versions of AIX earlier than V4.1, the
primary dump device is what it formerly was, /dev/hd7.
Raw logical volume
A raw logical volume is simply an empty logical volume. Database applications, for example Oracle,
db2, recommend the use of raw logical volumes.
7-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Introduction
A file system is a directory hierarchy for storing files. It has a root directory and subdirectories. In an
AIX system, the various file systems are joined together so that they appear as a single file tree with
one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system might be
on a different area of the disk than data of another file system. Because file systems are of a fixed
size, file system full errors can occur when that file system has become full. Free space in one file
system cannot automatically be used by an alternative file system that resides on the same
physical volume.
Supported file systems
AIX supports the following file system types. Although these are physically different, they appear
the same to users and applications.
• JFS - Journaled File System, exists within a logical volume on disk
• JFS2 - Enhanced Journaled File System, exists within a logical volume on disk
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
7-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Benefits
A file system is a structure that allows you to organize your data. It is one level in the hierarchy of
your data. By placing data in separate file systems, it allows for ease of control and management of
the data.
File systems can be placed on the disk in areas that provide the best performance.
Many times, backups and recoveries are done at a file system level.
Limit disk usage
Since the administrator determines the size of the file system, users are allocated only a certain
amount of shared disk space. This helps to control disk usage. The administrator can also impose
more granular control over that disk space by limiting how much space an individual user can use in
a file system. This is known as file system quotas.
Data is not all in one place
By having several different file systems, all of your data is not in one place. If a file system ever
becomes corrupted, the other file systems are not affected. Also, administrators can take a file
system offline without affecting other file systems. This is helpful when performing backups or when
limiting user access to the file system for security reasons.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
hd4
/ (root)
home sbin opt lpp proc usr dev tftpboot var mnt etc tmp
/ / / / /
Notes:
Initial file systems
When AIX is first installed on a system there are only seven journaled file systems and one pseudo
file system (/proc) in existence:
/ (root) = /dev/hd4
• At the top of the hierarchical file tree. It contains the files and directories critical for system
operations including the device directory and programs that complete the boot process.
/usr = /dev/hd2
• Operating system commands, libraries, and application programs.
• Can be shared across the network.
/var = /dev/hd9var
• Variable spool and log files.
• The files in this file system vary considerably depending on system activity.
7-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/filesystems
IBM Power Systems
/:
dev = /dev/hd4
vol = root
mount = automatic
check = false
vfs = jfs2
log = /dev/hd8 Some stanzas
type = bootfs
/home: were omitted
dev = /dev/hd1 for clarity
vol = /home
mount = true
check = true
vfs = jfs2
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false
Notes:
What is /etc/filesystems?
The /etc/filesystems file documents the layout characteristics, or attributes, of file systems. It
is in a stanza format which means a resource is named followed by a colon and a listing of its
attributes in the form of attributes = value.
Each stanza in the /etc/filesystems file names the directory where the file system is normally
mounted.
File system attributes
The file system attributes specify all the parameters of the file system. They are as follows:
• dev For local mounts, identifies the block special file where the file system resides, or the file or
directory to be mounted
• vol Used by the mkfs command when initiating the label on a new file system
• mount Used by the mount command to determine whether a file system should be mounted by
default. Possible values are:
- automatic File system mounted automatically at system startup
7-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty - true File system mounted by the mount all command. This command is issued during
system initialization to automatically mount such file systems.
- false File system is not automatically mounted
• check Used by the fsck command to determine the default file systems to be checked. True
enables checking
• vfs Specifies the type of mount. For example, vfs=jfs2.
• log The device to which log data is written, as the file system is modified. This option is only
valid for journaled file systems.
• type Used to group together related file systems which can all be mounted with the mount -t
command
• account Used to determine the file systems to be processed by the accounting subsystem
• quote Allows the system administrator to control the number of files and data blocks that can
be allocated to a user or group
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Mount
IBM Power Systems
What to Where to
mount mount it
Notes:
Mounting a file system
A file system must be mounted in order for it to be available for use. Use the mount command or
SMIT to do this. The file system can also be umounted using the umount or unmount command, or
SMIT. These commands can be executed by either the root user or a member of the system group.
It is possible to have file systems automatically mounted at boot time. This can be specified in the
/etc/filesystems file using the mount=automatic or mount=true parameters.
Mount points
Full path names must be used when specifying the mount point. If SMIT is used to create the file
system, the mount point is created automatically.
7-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Before After
home home
.profile .profile
.exrc data doc .exrc data doc
myscript myscript
Notes:
Accessing data in a file system
In order for users to get access to the data contained in a file system, it must be mounted. When the
file system is mounted, it becomes a part of the hierarchical tree structure of files and directories.
From the user’s perspective, there is no way to tell where one file system ends and another begins.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Before After
home home
.profile
.exrc data doc
myscript
.profile
.exrc data doc
myscript
Notes:
What happens when mounting over files?
It is possible to mount over files and subdirectories. The result is that the files and subdirectories
that have been mounted over are now hidden from the users, that is, inaccessible. They have not
been lost though. They are again accessible when the unmount command has been executed on
the covering file system.
Not everyone has the authority to mount file systems randomly. Authority is based on two things:
what the default mount point is, as specified in the file /etc/filesystems, and whether the user
has write authority to that mount point. Users can issue file or directory mounts provided they
belong to the system group and have write access to the mount point. They can do device mounts
only to the default mount points mentioned in the file /etc/filesystems. root can mount anywhere
under any set of permissions.
7-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lsfs
Name Nodename Mount Pt VFS Size Options Auto Accounting
/dev/hd4 -- / jfs2 1966080 -- yes no
/dev/hd1 -- /home jfs2 131072 -- yes no
/dev/hd2 -- /usr jfs2 4587520 -- yes no
/dev/hd9var -- /var jfs2 655360 -- yes no
/dev/hd3 -- /tmp jfs2 393216 -- yes no
/proc -- /proc procfs -- -- yes no
/dev/hd10opt -- /opt jfs2 524288 -- yes no
/dev/hd11admin -- /admin jfs2 262144 -- yes no
/dev/fslv00 -- /db2 jfs2 262144 rw no no
Notes:
The lsfs command
You can list the various file systems that are defined using the lsfs command. This command
displays information from /etc/filesystems and from the logical volumes in a more readable
format. The lsfs command also displays information about CD-ROM file systems and remote NFS
file systems.
The SMIT fast path to get to the screen which accomplishes the same task as the lsfs command
is: smit fs.
The syntax for the lsfs command is:
lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]
The data can be presented in line and colon (-c) or stanza (-l) format. It is possible to list only the
file systems of a particular virtual file system type (-v), or within a particular mount group (-u). The
-q option queries the superblock for the fragment size information, compression algorithm, and the
number of bytes per inode.
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Viewing logical volume information
• lsvg -l rootvg
Provides information about the logical volumes in the rootvg volume group.
• lslv <lvname>
This provides status information about the selected logical volume within the volume group. For
example, lslv hd6.
7-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
1. How many different physical partition (PP) sizes can be set within a
single VG?
3. How many volume groups (VGs) can a physical volume (PV) belong
to?
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
Use the following output to answer the questions below:
# lsfs
Name Nodename Mount Pt VFS Size Options Auto Accounting
/dev/hd4 -- / jfs2 294912 -- yes no
/dev/hd1 -- /home jfs2 32768 -- yes no
/dev/hd2 -- /usr jfs2 3309568 -- yes no
/dev/hd9var -- /var jfs2 65536 -- yes no
/dev/hd3 -- /tmp jfs2 131072 -- yes no
/dev/hd10opt -- /opt jfs2 163840 -- yes no
/dev/cd0 -- /infocd cdrfs ro yes no
/dev/lv00 -- /home/john jfs2 32768 rw yes no
/dev/hd11admin -- /admin jfs2 262144 -- yes no
7. What is the mount point for the file system located on the /dev/hd4 logical
volume?
8. Which file system is used primarily to hold user data and home directories?
Notes:
7-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
System
storage
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 7. System storage overview 7-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
7-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 8. Working with the Logical Volume Manager
References
Online AIX Version 7.1 Operating System and Device
Management
AIX Version 7.1 Command References
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction and
Concepts (Redbooks)
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
8-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit lvm
Logical Volume Manager
Volume Groups
Logical Volumes
Physical Volumes
Paging Space
Notes:
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the system's
storage.
• Volume groups: The SMIT Volume Groups menu provides facilities to manipulate the volume
groups in the system.
• Logical volumes: The SMIT Logical Volumes menu provides facilities to manipulate the logical
volumes in the system. Logical volumes that contain journaled file systems, paging space, or
dump volumes can also be manipulated from their respective menus.
• Physical volumes: The SMIT Physical Volumes menu allows the user to configure the physical
volumes (fixed disks) in the system. This menu duplicates options on the Fixed Disks menu of
Devices.
• Paging space: The SMIT Paging Space menu allows a user to add, delete, activate, and list
the paging spaces available.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Volume Groups
Notes:
The visual shows the SMIT screen that allows for the configuration of volume groups.
To get to this menu, use the SMIT fast path, smit vg.
8-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
VOLUME GROUP name [datavg]
Physical partition SIZE in megabytes +
* PHYSICAL VOLUME names [hdisk1 hdisk2] +
Force the creation of a volume group? no +
Activate volume group AUTOMATICALLY yes +
at system restart?
Volume Group MAJOR NUMBER [] +#
Create VG Concurrent Capable? no +
Infinite Retry Option no +
Notes:
The mkvg command
The mkvg command is used to create a volume group. A new volume group must contain at least
one physical volume. The -y option is used to indicate the name for the new volume group. If this is
not specified, a system generated name is used.
It is best not to select a physical partition size as the system selects the best fit automatically. The
default is the smallest physical partition size consistent with the maximum PP/PV and the largest
physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to access
that volume group. This field is most often used for PowerHA where the major number ideally
should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume group is
read/write accessible to multiple machines at the same time.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
VOLUME GROUP name [db2_vg]
Physical partition SIZE in megabytes +
* PHYSICAL VOLUME names [hdisk3] +
Force the creation of a volume group? no +
Activate volume group AUTOMATICALLY yes +
at system restart?
Volume Group MAJOR NUMBER [] +#
Create VG Concurrent Capable? no +
Max PPs per VG in units of 1024 32 +
Max Logical Volumes 256 +
Enable Strict Mirror Pools No +
Infinite Retry Option no +
Notes:
More options for scalable volume groups
There is a separate SMIT panel for adding scalable volume groups. Besides creating a different
format VGDA, the administrator has the option to set the Maximum PPs per VG, and the Max
Logical Volumes for the volume group.
With non-scalable volume groups, LVM allows tuning of the number of physical partitions for each
physical volume through the -t factor. In scalable volume groups, the physical partitions are
managed on a volume group-wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume group.
Now, in scalable volume groups, the maximum is tunable.
8-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lsvg -o
datavg
rootvg
# lsvg rootvg
VOLUME GROUP: rootvg VG IDENTIFIER:
00f6060300004c0000000148d7b47287
VG STATE: active PP SIZE: 16 megabyte(s)
VG PERMISSION: read/write TOTAL PPs: 511 (8176 megabytes)
MAX LVs: 256 FREE PPs: 205 (3280 megabytes)
LVs: 11 USED PPs: 306 (4896 megabytes)
OPEN LVs: 10 QUORUM: 2 (Enabled)
TOTAL PVs: 1 VG DESCRIPTORS: 2
STALE PVs: 0 STALE PPs: 0
ACTIVE PVs: 1 AUTO ON: yes
MAX PPs per VG: 32512
MAX PPs per PV: 1016 MAX PVs: 32
LTG size (Dynamic): 256 kilobyte(s) AUTO SYNC: no
HOT SPARE: no BB POLICY: relocatable
PV RESTRICTION: none INFINITE RETRY: no
DISK BLOCK SIZE: 512 CRITICAL VG: no
Notes:
The lsvg command, with no parameters, lists the volume groups in the system. If used with the –o
options, all varied on/active volume groups are displayed.
To further list the information about the status and content of a particular volume group, run lsvg
<Volumegroup_name>.
The output provides status information about the volume group. The most useful information here
is:
• Volume group state (VG STATE - active or inactive/complete if all physical volumes are active)
• Physical partition size
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# lsvg -p rootvg
rootvg:
PV_NAME PV STATE TOTAL PPs FREE PPs FREE DISTRIBUTION
hdisk0 active 99 23 15..00..00..00..08
hdisk5 active 31 31 07..06..06..06..06
# lsvg -l rootvg
rootvg:
LV NAME TYPE LPs PPs PVs LV STATE MOUNT
POINT
hd5 boot 2 2 1 closed/syncd N/A
hd6 paging 32 32 1 open/syncd N/A
hd8 jfs2log 1 1 1 open/syncd N/A
hd4 jfs2 15 15 1 open/syncd /
hd2 jfs2 177 177 1 open/syncd /usr
hd9var jfs2 26 26 1 open/syncd /var
hd3 jfs2 8 8 1 open/syncd /tmp
hd1 jfs2 1 1 1 open/syncd /home
hd10opt jfs2 20 20 1 open/syncd /opt
hd11admin jfs2 8 8 1 open/syncd /admin
livedump jfs2 16 16 1 open/syncd
/var/adm/ras/livedump
© Copyright IBM Corporation 2009, 2015
Notes:
The lsvg -p Volumegroup command gives information about all of the physical volumes within
the volume group. The information given is:
• Physical volume name (PV_NAME)
• Physical volume state (PV STATE - active or inactive)
• Total number of physical partitions (TOTAL PPs)
• Number of free physical partitions (FREE PPs)
• How the free space is distributed across the disk (FREE DISTRIBUTION)
Free distribution is the number of physical partitions that are allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes within
the volume group. The details given are:
• Logical volume name (LVNAME)
• Type of logical volume (TYPE, for example, file system, paging)
8-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
* VOLUME GROUP name datavg
* Activate volume group AUTOMATICALLY no +
at system restart?
* A QUORUM of disks required to keep the volume no +
group on-line ?
Concurrent Capable? no +
Change to big VG format? no +
Change to scalable VG format? no +
LTG Size in kbytes 256 +
Set hotspare characteristics n +
Set synchronization characteristics of stale n +
partitions
Max PPs per VG in units of 1024 32 +
Max Logical Volumes 256 +
Mirror Pool Strictness +
Infinite Retry Option no +
Notes:
The chvg command changes the characteristics of a volume group. In the example that is shown in
the visual, attributes Activate volume group AUTOMATICALLY at system restart? and
A QUORUM of disks required to keep the volume group on-line? are set to No,
which causes the following command to run: chvg –a n –Q n datavg
8-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
hdisk0 hdisk1
Notes:
Add a physical volume to a volume group
To add a disk to an existing volume group, use the extendvg command or SMIT fast path smit
extendvg. The disk must be installed in the system or connected to it externally, and must be
powered on.
extendvg formats the disk into physical partitions and then adds them to the physical partition
mapping maintained in the VGDA for the volume group. The space on the new disk is now available
to be allocated to logical volumes in the volume group. If the existing data in the VGDA on the disk
shows that it is part of another volume group, the -f option forces the addition of the disk to the
volume group, without requesting confirmation.
Use this option when adding a disk, which has been previously used, but contains data that is no
longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
8-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
* VOLUME GROUP name [db2_vg] +
Notes:
You can use the smit reducevg2 fast path to remove a volume group. It runs a script that
identifies what physical volumes are in the volume group and then runs the reducevg command to
remove each physical volume until there are no more physical volumes in the volume group.
The Remove a Volume Group menu does not have a corresponding high-level command. The
correct way to remove a volume group, is to use the Remove a Physical Volume from a Volume
Group option, which calls the reducevg command. This removes the volume group when you
remove the last physical volume within it.
The syntax of the reducevg command is:
reducevg [-d] [-f] VolumeGroup PhysicalVolume
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
* VOLUME GROUP name [datavg] +
RESYNCHRONIZE stale physical partitions? yes +
Activate volume group in SYSTEM no +
MANAGEMENT mode?
FORCE activation of the volume group? no +
Warning--this may cause loss of data integrity.
Varyon VG in Concurrent Mode? no +
Synchronize Logical Volumes? no +
[Entry Fields]
* VOLUME GROUP name [datavg] +
Put volume group in SYSTEM no +
MANAGEMENT mode?
Notes:
The varyonvg command
The varyonvg command is used to activate a volume group that is not activated at system startup,
or has been added to the system since startup.
The -f option is used to force a volume group online. It allows a volume group to be made active
that does not currently have a quorum of available disks. Any disk that cannot be brought to an
active state is put in a removed state. At least one disk must be available for use in the volume
group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes should be
open when this command is issued. Removing a disk without deactivating the volume group might
cause errors and loss of data in the volume group descriptor areas, and the logical volumes within
that volume group.
8-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
VOLUME GROUP name [datavg]
* PHYSICAL VOLUME name [hdisk3] +
Volume Group MAJOR NUMBER [] +#
[Entry Fields]
* VOLUME GROUP name [datavg] +
Note:
The volume group must be inactive before it is exported.
© Copyright IBM Corporation 2009, 2015
Notes:
Exporting a volume group
If you export the volume group from the current system using the exportvg command, this
removes all information about the volume group from the system. This is only a local system
operation to update the ODM; no data in the volume group is changed. To export a volume group, it
must be inactive first.
Importing a volume group
If you have a volume group on one or more external disks that you want to access on another
system, it must be imported to the system using the importvg command. Never attempt to import
volume group that is active (varied on) on another system.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Logical storage
IBM Power Systems
Physical volumes
1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49
1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
© Copyright IBM Corporation 2009, 2015
Notes:
Logical volumes
A logical volume is a group of logical partitions that can span physical volumes, as long as the
physical volumes are in the same volume group. A file system resides on top of a logical volume
(LV). A logical volume can be dynamically extended.
Logical partitions
Logical partitions are mapped one-to-one to physical partitions unless they are being mirrored.
8-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
LVM supports three software RAID configurations:
• RAID 0: Striping provides improved performance and additional storage, but no fault tolerance.
Any disk failure destroys the array, which becomes more likely with more disks in the array. A
single disk failure destroys the entire array because when data is written to a RAID 0 drive, the
data is broken into fragments. The fragments are written to their respective disks simultaneously
on the same sector. This allows smaller sections of the entire chunk of data to be read off the
drive in parallel, giving this type of arrangement huge bandwidth. RAID 0 does not implement
error checking so any error is unrecoverable. More disks in the array means higher bandwidth,
but greater risk of data loss.
• RAID 1: Mirroring on AIX provides fault tolerance from disk errors by creating up to three copies
of the data on different drives.
• RAID 10: Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance along with
improved performance.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Scheduling policy
– Dictates how data is read/written for mirrored LVs
• Write verify
– Verifies all writes with a read operation
– Default is no. Generally it is not recommended to set to yes as it
impacts system (write) performance.
Notes:
The visual highlights key LVM options that affect performance.
8-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Mirroring (RAID1)
IBM Power Systems
hdisk0 fslv00
First copy PP1
PP2 LP1
LP2
hdisk1
Second copy PP1
PP2
hdisk2
Third copy PP1
PP2
Notes:
Mirroring of data over multiple drives protects against a potential hardware failure. The structure of
LVM enables mirroring by manipulating the relationship between the physical partition and the
logical partition. The AIX mirror function does not apply to a physical disk, only to logical volumes.
This is the most important principle to understand for the AIX LVM mirroring function. In a normal
operating environment, each physical partition is mapped to a logical partition. When you mirror
data, the ratio becomes one logical partition to two physical partitions for a two-way mirror. Or, one
logical partition to three physical partitions for a three-way mirror.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Mirroring, allocation
IBM Power Systems
Notes:
When mirroring data, it is essential that all PP copies are stored on different disks. The placement
of PP is governed by the allocation policy, which by default is set to strict. Strict policy ensures that
all mirrored copies are placed on different disks. However, under LVM RAID 0 +1 configurations,
strict policy can lead to situations where mirrored copies of the data are on the same disk. To
protect against this, the system automatically sets the allocation policy to superstrict. Also, using an
initial non-mirrored allocation with the inter-policy set to spread the allocations over multiple disks
(the so called poor man’s striping) can result in a non-superstrict situation when mirroring is
implemented. When implementing the LVM snapshot VG, the mirroring must be superstrict.
8-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Striping (RAID 0)
IBM Power Systems
Notes:
Striping
Striping is a technique for spreading the data in a logical volume across several disks, so that the
I/O capacity of the disk drives can be used in parallel, so to access data on the logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large sequential
files. Striping can also be used to distribute data evenly across a set of disks, so that random I/O
can be scattered across many drives simultaneously. In non-striped logical volumes, data is
accessed by using addresses to data blocks within physical partitions. In a striped logical volume,
data is accessed by using addresses to stripe units.
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB -128 MB
in powers of two.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Constraints
There are some constraints that are imposed by implementing striping:
• The number of physical partitions that are allocated to a striped logical volume must be evenly
distributable among the disks.
• At least two physical volumes are required.
Performance considerations
There are some considerations in configuring striping for performance:
• Use as many adapters as possible. For example, if multiple disks in the stripe width are on the
same storage adapter, a read/write of a stripe is not able to read/write the stripe units in parallel.
• Design to avoid contention with other uses of the disks that are used by the striped logical
volume.
• Create on a volume group that is dedicated to striped logical volumes.
It is not a good idea to mix striped and non-striped logical volumes in the same physical volume.
Physical volumes should ideally be the same size within the set that is used for a striped logical
volume. Just because a logical volume is striped, it does not mean that the file's data blocks are
going to be perfectly aligned with the stripe units. Therefore, if a file block crosses a stripe
boundary, the block gets split into multiple LVM I/Os.
8-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
1 3 5 1 3 5 1
2
hdisk2 hdisk0 3
4
2
5
2 4 6 4 6
6
Stream of
hdisk3 hdisk1 data
Notes:
RAID 10 meets performance and high availability requirements by mirroring strip sets to different
disks. However, this comes at a cost as more disks are required (minimum 4).
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Mirror pools
IBM Power Systems
hdisk0
PP1
First copy PP3
on PoolA
hdisk1 lv00
PP2
PoolB hdisks PP4 LP1
should be on a LP2
remote storage LP3
server!
hdisk2 LP4
PP1
PP3
Second copy
on PoolB hdisk3
PP2
PP4
Notes:
This visual shows an example of RAID 10, a combination of RAID 1 + 0. Mirroring of data over
multiple drives protects against a potential hardware failure. Copies of LP1 are on hdisk0 and
hdisk2, and copies of LP2 are on hdisk1 and hdisk3. Physically, hdisk0/hdisk1 and hdisk2/hdisk3
are placed on different SAN storage servers. Now, let‘s imagine that lv00 is placed to more than
four hdisks and we need to be sure that all copies are placed on different storage servers. Also
consider that we need to increase the size of lv00 and that we are required to attach more hdisks to
our system. Proper PP distribution is not an easy task in this situation.
Mirror pools simplify the task of mirroring data over multiple drives.
Mirror pool requirements and restrictions:
• A mirror pool is made up of one or more physical volumes (hdisk).
• Each physical volume can belong to only one mirror pool.
• Mirror pools are only available for scalable volume groups.
• rootvg cannot be assigned to mirror pools (rootvg cannot be a scalable volume group).
• Mirror pools are available in AIX 7.1 and AIX V6.1 TL 2 and up.
8-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • After assigning PVs (physical volumes) to a mirror pool, the volume group can no longer be
imported to a previous version of AIX that does not support mirror pools.
• Any changes to mirror pool characteristics do not affect physical partitions that are allocated
before the changes were made. The reorgvg command should be used after mirror pool
changes are made to move the allocated physical partitions to conform to the mirror pool
restrictions.
No additional commands for mirror pools have been added to AIX. Instead, the existing AIX LVM
commands have been extended to incorporate the mirror pool functionality. Following are some
examples of mirror pool enhanced AIX LVM commands.
To create a mirror pool with the defined list of disk (disks should be part of a volume group):
# chpv –p <mirror_pool_name> <hdisk list>
To create a logical volume in the given mirror pools:
# mklv -c 2 -p copy1=PoolA -p copy2=PoolB datavg 10
To list mirror pools that are defined in volume group:
# lsmp datavg
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Center Inner-middle
Edge
Notes:
Introduction
When creating or changing a logical volume, you can define the way the Logical Volume Manager
decides which physical partitions to allocate to the logical volume. This affects the performance of
the logical volume.
Intra-physical volume allocation policy
The intra-disk allocation policy choices are based on the five regions of a disk where physical
partitions can be located. The closer a given physical partition is to the center of a physical volume,
the lower the average seek time is because the center has the shortest average seek distance from
any other part of the disk. The file system log is a good candidate for allocation at the center of a
physical volume because it is so frequently used by the operating system. At the other extreme, the
boot logical volume is used infrequently, and is therefore allocated at the edge or middle of the
physical volume. The general rule is that the more I/Os, either absolutely or during the running of an
important application, the closer to the center of the physical volumes the physical partitions of the
logical volume need to be allocated.
8-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
– Parallel (default)
• Write operations on different physical partitions start at the same time.
• When the longest write finishes, the write operation is complete.
• Improves performance (especially RAID-Performance)
– Parallel write/sequential read
> Primary copy is read first, If unsuccessful, the next copy is used.
– Parallel write/round robin read
> Round-robin reads alternate disks between copies.
– Sequential
• Second physical write operation is not started unless the first operation has
completed successfully.
• In case of a total disk failure, there is always a “good copy”.
• Increased availability, but decreases performance
Notes:
Scheduling policies
The scheduling policy determines how reads and writes are conducted to a mirrored logical volume.
LVM offers several scheduling policies for mirrored volumes to control how data is written and read
from the copies.
Parallel write
Parallel mirroring simultaneously starts the write operation for all the physical partitions in a logical
partition. When the write operation to the physical partition that takes the longest to complete
finishes, the write operation is completed.
Sequential write
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical partitions
representing the mirrored copies of a single logical partition are designated primary, secondary, and
tertiary. In sequential scheduling, the physical partitions are written to in sequence. The system
waits for the write operation for one physical partition to complete before starting the write operation
for the next one. When all write operations have been completed for all mirrors, the write operation
is complete.
8-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The LVM always ensures data consistency among mirrored copies of a logical volume during
normal I/O processing.
For every write to a logical volume, the LVM generates a write request for every mirror copy. A
problem arises if the system crashes in the middle of processing a mirrored write, and before all
copies are written. If mirror write consistency recovery is requested for a logical volume, the LVM
keeps additional information to allow recovery of these inconsistent mirrors. Mirror write
consistency recovery should be performed for most mirrored logical volumes. Logical volumes,
such as the paging space that does not use the existing data when the volume group is varied-on,
do not need this protection.
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which logical
partitions might be inconsistent if the system is not shut down correctly. When the volume group is
varied back online, this information is used to make the logical partitions consistent again. Note:
With Mirror Write Consistency LVs, because the MWC control sector is on the edge of the disk,
performance can be improved if the mirrored logical volume is also on the edge.
Beginning in AIX 5.1, a mirror write consistency option that is called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is Active
8-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty MWC. Active MWC provides fast recovery at reboot time after a crash has occurred. However, this
benefit comes at the expense of write performance degradation, particularly in the case of random
writes. Disabling Active MWC eliminates this write-performance penalty, but upon reboot after a
crash, you must use the syncvg -f command to manually synchronize the entire volume group
before users can access the volume group. To achieve this, automatic vary-on of volume groups
must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty that is associated with
Active MWC, but logical volumes are automatically resynchronized as the partitions are being
accessed. This means that the administrator does not have to synchronize logical volumes
manually or disable automatic vary-on. The disadvantage of Passive MWC is that slower read
operations can occur until all the partitions have been resynchronized.
You can select either mirror write consistency option within SMIT, when creating or changing a
logical volume. The selection option takes effect only when the logical volume is mirrored (copies >
1).
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit lv
Logical Volumes
Notes:
This is the top-level SMIT menu for logical volumes. The next few pages discuss these items.
8-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
Logical volume NAME [datalv]
* VOLUME GROUP name datavg
* Number of LOGICAL PARTITIONS [100] #
PHYSICAL VOLUME names [hdisk2 hdisk3] +
Logical volume TYPE [jfs2] +
POSITION on physical volume middle +
RANGE of physical volumes minimum +
MAXIMUM NUMBER of PHYSICAL VOLUMES [] #
to use for allocation
Number of COPIES of each logical 2 +
partition
Mirror Write Consistency? active +
Allocate each logical partition copy yes +
on a SEPARATE physical volume?
RELOCATE the logical volume during yes +
reorganization?
Logical volume LABEL []
MAXIMUM NUMBER of LOGICAL PARTITIONS [512] #
Enable BAD BLOCK relocation? yes +
SCHEDULING POLICY for writing/reading parallel +
logical partition copies
Enable WRITE VERIFY? no +
File containing ALLOCATION MAP []
Stripe Size? [Not Striped] +
Serialize IO? no +
Mirror Pool for First Copy +
Mirror Pool for Second Copy +
Mirror Pool for Third Copy +
Infinite Retry Option no +
Notes:
The mklv command creates a logical volume. The name of the logical volume can be specified or a
system-generated name is used. The volume group the logical volume belongs to and the size in
logical partitions must be specified. Other characteristics that can be set are the allocation policy,
copies (mirroring), scheduling policy, and striping.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Show LV characteristics (1 of 2)
IBM Power Systems
# lslv datalv
LOGICAL VOLUME: datalv VOLUME GROUP: datavg
LV IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
PERMISSION: read/write
VG STATE: active/complete LV STATE: closed/syncd
TYPE: jfs2 WRITE VERIFY: off
MAX LPs: 512 PP SIZE: 4 megabyte(s)
COPIES: 2 SCHED POLICY: parallel
LPs: 10 PPs: 20
STALE PPs: 0 BB POLICY: relocatable
INTER-POLICY: minimum RELOCATABLE: yes
INTRA-POLICY: middle UPPER BOUND: 1
MOUNT POINT: N/A LABEL: None
MIRROR WRITE CONSISTENCY: on/ACTIVE
EACH LP COPY ON A SEPARATE PV ?: yes (superstrict)
Serialize IO ?: NO
INFINITE RETRY: no
DEVICESUBTYPE: DS_LVZ
COPY 1 MIRROR POOL: None
COPY 2 MIRROR POOL: None
COPY 3 MIRROR POOL: None
# lslv -l datalv
datalv:N/A
PV COPIES IN BAND DISTRIBUTION
hdisk2 010:000:000 100% 000:010:000:000:000
hdisk3 010:000:000 100% 000:010:000:000:000
Notes:
To list the characteristics of a logical volume use the command: lslv <logicalvolume_name>
The –l flag lists the following fields for each physical volume in the logical volume:
• PV: Physical volume name.
• Copies:
- The number of LPARs containing at least one physical partition (no copies) on the PV
- The number of LPARs containing at least two physical partitions (one copy) on the PV
- The number of LPARs containing three physical partitions (two copies) on the PV
• In band: The percentage of physical partitions on the physical volume that belong to the logical
volume, and were allocated within the physical volume region that is specified by Intra-physical
allocation policy.
• Distribution: The number of physical partitions that are allocated within each section of the PV:
outer edge, outer middle, center, inner middle, and inner edge of the PV.
8-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Show LV characteristics (2 of 2)
IBM Power Systems
Notes:
The lslv –m flag shows the LP to PP relationship. The example in the visual, shows LP number 1
for datalv, is mapped to physical partition number 104 on hdisk2, and is also mirrored to the same
physical partition number on hdisk3.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
1 2 3 4
empty
5 6 7 8
1 3 5 7 2 4 6 8
Notes:
Reorganizing a volume group
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner edge, and
inner middle) is changed after the logical volume is created, the physical partition does not relocate
automatically. The reorgvg command is used to redistribute the physical partitions of the logical
volumes of a volume group according to their preferred allocation policies. This should improve disk
performance. Preference is given in the order that is listed on the command line.
reorgvg syntax
The syntax is: reorgvg Volumegroup [LogicalVolume]
For example: reorgvg rootvg hd4 hd5
Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.
8-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
* LOGICAL VOLUME name datalv
* NEW TOTAL number of logical partition 3 +
copies
PHYSICAL VOLUME names [hdisk4] +
POSITION on physical volume middle +
RANGE of physical volumes minimum +
MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #
to use for allocation
Allocate each logical partition copy yes +
on a SEPARATE physical volume?
File containing ALLOCATION MAP []
SYNCHRONIZE the data in the new yes +
logical partition copies?
Mirror Pool for First Copy [] +
Mirror Pool for Second Copy [] +
Mirror Pool for Third Copy [] +
Notes:
Adding a copy of a logical volume
The mklvcopy command is used to add up to three copies to a logical volume. Specify the logical
volume to change and the total number of copies wanted. This succeeds only if there are enough
physical partitions to satisfy the requirements on the physical volumes that are specified to be used.
That is, if all copies are to be on different physical volumes. Once a logical volume has been
created, striping cannot be imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume must be synchronized by using the
syncvg command. This can be done with the -k option when the copy is originally started. It can
be done later, by using the syncvg command.
Removing a copy of a logical volume
The rmlvcopy command is used to reduce the total number of copies for a logical volume. Specify
the total number wanted. For example, two if you are reducing the number of copies from three to
two. The rmlvcopy command allows you to specify which disk to remove the copy from.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
* LOGICAL VOLUME name datalv
* Number of ADDITIONAL logical partitions [20] #
PHYSICAL VOLUME names [] +
POSITION on physical volume middle +
RANGE of physical volumes minimum +
MAXIMUM NUMBER of PHYSICAL VOLUMES [1] #
to use for allocation
Allocate each logical partition copy yes +
on a SEPARATE physical volume?
File containing ALLOCATION MAP []
Notes:
The extendlv command increases the number of logical partitions that are allocated to the logical
volume, by allocating the number of additional logical partitions that are represented by the Number
of Additional logical partitions parameter. The Logical Volume name parameter
can be a logical volume name or a logical volume ID. To limit the allocation to specific physical
volumes, use the names of one or more physical volumes in the Physical Volume names
parameter. Otherwise, all the physical volumes in a volume group are available for allocating new
physical partitions.
The default maximum number of partitions for a logical volume is 512. Before extending a logical
volume to more than 512 logical partitions, use the chlv command to increase the default value.
The default allocation policy is to use a minimum number of physical volumes per logical volume
copy to place the physical partitions belonging to a copy as contiguously as possible, and then to
place the physical partitions in the requested region that is specified by the -a flag. Also by default,
each copy of a logical partition is placed on a separate physical volume.
8-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
LOGICAL VOLUME name [datalv2] +
Notes:
The rmlv command removes logical volumes, and in the process, destroys all data.
The Logical Volume name parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode, the logical
volume must be closed on all the concurrent nodes on which the volume group is varied on. For
example, if the logical volume contains a file system, it must be unmounted. However, removing the
logical volume does not notify the operating system that the file system residing on it has been
destroyed.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# lsvg -o | lsvg -i –l
datavg:
LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT
datalv jfs2 30 90 3 closed/syncd N/A
rootvg:
LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT
hd5 boot 2 2 1 closed/syncd N/A
hd6 paging 32 32 1 open/syncd N/A
hd8 jfs2log 1 1 1 open/syncd N/A
hd4 jfs2 15 15 1 open/syncd /
hd2 jfs2 177 177 1 open/syncd /usr
hd9var jfs2 26 26 1 open/syncd /var
hd3 jfs2 8 8 1 open/syncd /tmp
hd1 jfs2 1 1 1 open/syncd /home
hd10opt jfs2 20 20 1 open/syncd /opt
hd11admin jfs2 8 8 1 open/syncd /admin
livedump jfs2 16 16 1 open/syncd
/var/adm/ras/livedump
Notes:
From the smit lv fast path, the List all Logical Volumes by Volume Group option uses lsvg -o to
find out the active volume groups, and then lsvg -il to list the logical volumes within them. The -i
option of lsvg reads the list of volume groups from standard input.
8-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
* VOLUME GROUP name rootvg
Mirror sync mode [Foreground] +
PHYSICAL VOLUME names [hdisk1] +
Number of COPIES of each logical 2 +
partition
Keep Quorum Checking On? no +
Create Exact LV Mapping? no +
# bosboot -a -d /dev/hdisk1
Notes:
The mirrorvg command takes all the logical volumes on a given volume group and mirrors those
logical volumes. This same functionality might also be accomplished manually if you run the
mklvcopy command for each individual logical volume in a volume group. As with mklvcopy, the
target physical drives to be mirrored with data, must already be members of the volume group.
When mirrorvg is run, the default behavior of the command requires that the synchronization of
the mirrors must complete before the command returns to the user. If you want to avoid the delay,
use the –S (background sync) or -s (disable sync) option. The default value of two copies is always
used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking On should
be set to no. Otherwise, if a disk fails, the entire volume group would go offline.
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to achieve this.
When mirroring rootvg there are additional steps to perform:
• Create a boot image on the mirrored disk, by using bosboot command.
• Add the newly mirrored disk to the bootlist.
• Shut down and reboot the system.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Physical volumes
IBM Power Systems
1 1 4
4
2 2 3
7 3 7 10
10 8
8 9 9
13 13 16
16 14
14 15 19 15
19 22 22
20 20 21
25 21 25 28
28 26 27
26 27 31
31 34 34
32 32 33
35 33 35
38 38
36 36 37
41 37 41 44
44 42 43
42 43 47
47 50 50
48 49 48 49
Physical partitions
• Physical volume (PV)
– Hard disk, a virtual disk, or a LUN
• Physical partition (PP)
– Smallest assignable unit of allocation on a physical disk
© Copyright IBM Corporation 2009, 2015
Notes:
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
Physical partitions (PP) must be the same size across an entire volume group. However, there can
be multiple volume groups on a single system, each with a different PP size.
The limitations for each type of volume group (original, big, and scalable) such as the number of
physical volumes and size of the physical partitions, was given in the last unit, System Storage
Overview.
8-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit pv
Physical Volumes
Notes:
This is the top-level menu for physical volumes. Each of these items is discussed in the following
pages.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
From the smit pv fast path, the List all Physical Volumes in System option uses the
undocumented command lspv | /usr/bin/awk {print$1}'' to list the physical volumes in
the system.
The lspv command with no parameters can be used to list the physical volume name, physical
volume identifier, and volume group for all physical volumes in the system.
The lspv pvname command gives status information about the physical volume. The most useful
information here is:
• State (active or inactive)
• Number of physical partition copies that are stale (are not up to date with other copies)
• Total number of physical partitions
• Number of free physical partitions
• Distribution of free space on the physical volume
8-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lspv -l hdisk0
hdisk0:
LV NAME LPs PPs DISTRIBUTION MOUNT POINT
hd2 35 35 00..00..03..20..12 /usr
hd9var 5 5 00..05..00..00..00 /var
hd8 1 1 00..00..01..00..00 N/A
hd4 15 15 00..00..15..00..00 /
hd5 1 1 01..00..00..00..00 N/A
hd6 8 8 00..08..00..00..00 N/A
hd10opt 4 4 04..00..00..00..00 /opt
hd3 3 3 00..03..00..00..00 /tmp
hd1 1 1 00..01..00..00..00 /home
hd11admin 2 2 00..02..00..00..00 /admin
fslv00 2 2 02..00..00..00..00 /db2
loglv00 1 1 00..01..00..00..00 N/A
Notes:
The lspv -l pvname command lists all the logical volumes on a physical volume including the
number of logical partitions, physical partitions, and the distribution of the physical partitions on the
disk.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# lspv -p hdisk0
hdisk0:
PP RANGE STATE REGION LV NAME TYPE MOUNT
POINT
1-1 used outer edge hd5 boot N/A
2-14 free outer edge
15-16 used outer edge fslv00 jfs2 /db2
17-20 used outer edge hd10opt jfs2 /opt
21-28 used outer middle hd6 paging N/A
29-29 used outer middle loglv00 jfs2log N/A
30-31 used outer middle hd11admin jfs2 /admin
32-32 used outer middle hd1 jfs2 /home
33-35 used outer middle hd3 jfs2 /tmp
36-40 used outer middle hd9var jfs2 /var
41-41 used center hd8 jfslog N/A
42-56 used center hd4 jfs2 /
57-59 used center hd2 jfs2 /usr
60-79 used inner middle hd2 jfs2 /usr
80-91 used inner edge hd2 jfs2 /usr
92-99 free inner edge
Notes:
The lspv -p pvname command lists all the logical volumes on a disk, and the physical partitions
to which its logical partitions are mapped. It is listed in physical partition order and shows which
partitions are free and which are used, as well as the location; that is, center, outer middle, outer
edge, inner edge, or inner middle.
8-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Although there is an option in SMIT to add a physical volume to the system smit > Devices > Add
a Disk, in reality the use of this function is not required. Today, almost all disks can be configured to
AIX by using the configuration manager (cfgmgr).
Preparation to remove a physical device
The migratepv command can be used to move all partitions, or partitions from a selected logical
volume, from one physical volume, to one or more other physical volumes in the same volume
group. This would be used if the physical volume is about to be taken out of service and removed
from the machine or to balance disk usage.
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
It is important to have your storage information readily available in case you have a problem with
your system, or in the worst case, a system crashes. The commands in the visual help you to get
this information.
8-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint
IBM Power Systems
1. True or False: A logical volume can span more than one physical
volume.
2. True or False: A logical volume can span more than one volume group.
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
Notes:
8-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 8. Working with the Logical Volume Manager 8-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
8-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 9. File system administration
References
Online AIX Version 7.1 Operating system and device management
AIX Version 7.1 File Reference
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction and
Concepts (Redbooks)
http://www.redbooks.ibm.com/abstracts/sg245432.html
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
9-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Journaled file systems (JFS)
JFS was developed for transaction-oriented, high performance Power Systems. JFS is both salable
and robust. One of the key features of the file system is logging. JFS is a recoverable file system,
which ensures that if the system fails during power outage, or system crash, no file system
transactions are left in an inconsistent state.
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully utilize
the JFS2 features, the following steps are necessary:
1. Back up JFS file system data.
2. Create new JFS2 file systems.
3. Restore JFS file system data to new JFS2 file systems.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Increased performance
• Increased flexibility
– File systems can be dynamically increased and decreased.
– Support for larger enabled file systems
– Internal or external JFS logging
– Data encryption
– Support for snapshots
Notes:
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
JFS file systems:
• Cannot be dynamically decreased
• Can support large files, greater than 2 GB, only if created in a special large enabled file system
- Individual file size can be up to 64 GB with JFS as opposed to 16 TB with JFS2.
• Support external JFS logging only
• Have no support for data encryption or snapshots. A snapshot is a point-in-time image, like a
photograph, of a JFS2 file system.
9-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Superblock
– The superblock maintains information about the entire file system.
• i-nodes
– Each file has an i-node that contains access information, such as file type,
access permissions, owner's ID, and the number of links to that file.
• Data blocks
– Data blocks contain file data.
– Each file system has a user settable fixed block size attribute.
• 512, 1024, 2048, or 4096 bytes
• Allocation maps
– Allocation maps record the location and allocation of all i-nodes and the
allocation state of each data block.
• Allocation groups
– Allocation groups are responsible for dividing the file system space into
chunks so that related data blocks and i-nodes can be clustered together to
achieve good locality.
Notes:
Superblock
The first addressable logical block on the file system is the superblock. The superblock contains
information such as the file system name, size, number of i-nodes, and date/time of creation. The
superblock is critical to the file system and, if corrupted, prevents the file system from mounting. For
this reason, a backup copy of the superblock is always written in block 31.
i-nodes
Each file and directory has an associated i-node that contains metadata such as ownership and
access times. JFS2 allocates i-nodes, as required.
Data blocks
An individual file within a file system, by default, has units that are allocated to it in blocks of 4096
bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A smaller block size
uses less disk space for small files, but can degrade performance. Some AIX commands often
report file sizes in units of 512 bytes to remain compatible with other UNIX file systems. This is
independent of the actual unit of allocation.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Allocation maps
A JFS2 file system has two allocation maps:
• The i-node allocation map records the location and allocation of all i-nodes in the file system.
• The block allocation map records the allocation state of each file system block.
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow JFS2
allocation policies to use well-known methods for achieving optimum I/O performance. The
allocation policies try to cluster related disk blocks and disk i-nodes to achieve good locality for the
disk, as files are often read and written sequentially, and the files within a directory are often
accessed together.
9-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# istat datafile1
Inode 12309 on device 10/8 File
Protection: rw-r----- i-node
Owner: 211(adminusr) Group: 7(security) number
Link count: 1 Length 119 bytes
Notes:
The istat command can be used to display the i-node information for a particular file or directory.
You can specify the file either by providing a file or directory name, or by providing an i-node
number using the –i flag. I-node numbers can be discovered by using the –i flag with the ls
command.
The file system block size information can be discovered by using the lsfs command.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G –m /data
Add an Enhanced Journaled File System
[Entry Fields]
Volume group name datavg
SIZE of file system
Unit Size Gigabytes +
* Number of units [1] #
* MOUNT POINT [/data]
Mount AUTOMATICALLY at system restart? no +
PERMISSIONS read/write +
Mount OPTIONS [] +
Block Size (bytes) 4096 +
Logical Volume for Log +
Inline Log size (MBytes) [] #
Extended Attribute Format +
ENABLE Quota Management? no +
Enable EFS? no +
Allow internal snapshots? no +
Mount GROUP []
Notes:
The SMIT screen in the visual shows the creation of a 1 GB file system (/data) in volume group:
datavg. The creation is done by the crfs command.
In this example, the crfs command creates a file system on a new logical volume, within a
previously created volume group. An entry for the file system is put into the /etc/filesystems
file.
The minimum size of a JFS2 file system is 16 MB.
For further information, see the crfs man page.
9-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lsfs /data
Name Nodename Mount Pt VFS Size Options Auto
Accounting
/dev/fslv01 -- /data jfs2 2097152 -- no
no
# lsvg -l datavg
datavg:
LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT
loglv00 jfs2log 1 1 1 closed/syncd N/A
fslv00 jfs2 256 256 1 closed/syncd /data
JFS log automatically created, 1
LP in size (if one does not
already exist) for the VG.
Notes:
The visual shows the actual creation of the /data file system that is shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
Before the creation of the file system, the contents of the datavg volume group were empty. We can
see two logical volumes that are created, loglv00 and fslv00. The loglv00 volume acts as the JFS
log for both the /data file system and by default any other file systems that are created. In creating
a file system this way the underlying logical volume is created by using default options. Often it is
preferable to first create the logical volume (using custom values) and then create the file system on
top. We shall see this procedure later in the unit.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Figure 9-8. Mounting a file system and the /etc/filesystems file AN124.0
Notes:
Upon creation of a file system, a stanza in appended to the /etc/filesystems file. The stanza
includes:
• The device (dev) which is the underlying logical volume
• The virtual file system type (VFS)
• The path to the JFS log device (log)
• Whether the file system should be mounted at system start time (mount) and processed by the
AIX accounting system (account).
Before the filesystem can be used it must first be mounted, by using the mount command. As there
is a stanza in the /etc/filesystems file, the only parameter that is required is the name of the file
system. The mount command with no options displays all file systems that are currently mounted
and available for use.
9-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# logform /dev/my_jfs2_log
logform: destroy /dev/rmy_jfs2_log (y)?y
Notes:
As we have seen by default, a JFS log file is created when the first file system is created in a
volume group. This JFS log acts as the global logging device for all file systems, unless:
• A specific external log is created for each file system in the volume group. This approach has
several advantages. It will aide performance and availability. If the logging device were to
become corrupted, it would affect only the associated file system.
• The JFS log device is internal to the file system (inline). This saves time having to create,
format, and manage a separate JFS log volume. Inline logging is only available with JFS2 file
systems.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit crfs_j2
# crfs -v jfs2 –d lv_for_data –m /data2 –A yes
[Entry Fields]
* LOGICAL VOLUME name lv_for_data +
* MOUNT POINT [/data2]
Mount AUTOMATICALLY at system restart? yes +
PERMISSIONS read/write +
Mount OPTIONS [] +
Block Size (bytes) 4096 +
Logical Volume for Log +
Inline Log size (MBytes) [] #
Extended Attribute Format +
ENABLE Quota Management? no +
Enable EFS? no +
Allow internal snapshots? No +
Mount GROUP []
Figure 9-10. Creating a file system on a previously defined logical volume AN124.0
Notes:
Adding a file system to a previously created logical volume provides greater control over where the
file system resides on disk and provides options for availability and performance. When creating file
systems in highly available environments (for example, using PowerHA or Veritas Cluster
Services), one should always follow this method, in order to use your own naming convention for
the logical volume names.
On creation, the size of the file system is set to the size of the logical volume. For example, if the PP
size for the volume group is 64 MB, and the logical volume was 4 LPs in size, then the size of the
file system would be (4 x 64 MB) 256 MB.
After the file system is created:
• If the logical volume is expanded, the size of the file system is not increased.
• The underlying logical volume policies can be dynamically changed. However, there is a
performance hit, especially for large file systems.
9-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
File system name /data2
NEW mount point [/data2]
SIZE of file system
Unit Size Gigabytes +
Number of units [10] #
Notes:
JFS2 file systems can be dynamically increased or decreased in size (subject to available space
and LVM rules). You can either choose to increase or decrease by a set amount, using + or –
options respectively, or by providing a specific set number, as shown in the SMIT example.
The minimum size that you can decrease by is 16 MB.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
* FILE SYSTEM name /data2 +
Remove Mount Point no +
Notes:
Ways to remove a file system
The rmfs command or SMIT can be used to remove a file system.
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this cannot be
done if the file system is in use, that is, some user or process is using the file system or has it as a
current directory.
Effects of using rmfs command
The rmfs command removes any information for the file system from the ODM and
/etc/filesystems. When the file system is removed, the logical volume on which it resides is also
removed.
9-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
• r Removes the mount point of the file system
• i Displays warning and prompts the user before removing the file system
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The Resource Monitoring and Control (RMC) subsystem
You can also use the Resource Monitoring and Control (RMC) subsystem that is based on the AIX
Reliable Scalable Cluster Technology (RSCT) file sets to monitor file system space management.
Web-based System Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.
9-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Importance of the df command
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in a file
system (especially / or /tmp), system corruption can occur.
Useful df command flags
A number of flags (options) can be used with the df command. Some of the most useful of these
flags are shown below:
• -i: Displays the number of free and used i-nodes for the file system; this output is the default
when the specified file system is mounted
• -I: Displays information on the total number of blocks, the used space, the free space, the
percentage of used space, and the mount point for the file system
• -k: Displays statistics in units of 1024-byte blocks
• -m: Displays statistics in units of MB blocks
• -g: Displays statistics in units of GB blocks
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
#!/bin/ksh
if [ $PERC -gt 70 ]
then
mail -s "Filesystem check on box: `hostname`" \
admin@ibm.com << EOF
$FILESYSTEM is $PERC% full, please check
EOF
fi
done
Notes:
The need to monitor file system growth
Although AIX provides for dynamic expansion of a file system, it does not expand the file system
dynamically. The system administrator must continually monitor file system growth and expand file
systems as required before they get full. If a file system becomes 100% full, then the users receive
out of space messages when they try to extend files.
Regular use of the df command
One useful technique is to run the df command through cron, the job scheduler to perform a
regular check of the space available in the file system and produce a report. cron is covered in a
later unit.
9-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
/export # du FirstBoot.sh
8 FirstBoot.sh
2131.16 mksysbaix53
1846.36 mksysbaix61
1373.11 mksysbaix61.light
248.52 spot
0.01 nim
0.01 bosinst.data
0.00 FirstBoot.sh
0.00 BUILD.sh
Notes:
Use of the du command
There may be a number of files or users that are causing the increased use of space in a particular
file system. The du command helps to determine which files, users, or both, are causing the
problem.
Specifying the units du should use
By default, du gives size information in 512-byte blocks. Use the -k option to display sizes in 1 KB
units, use the -m option to display sizes in 1 MB units, or use the -g option to display sizes in 1 GB
units.
Specifying output by file
By default, du gives a hierarchical listing of directories only. With the -a option, the hierarchical
listing includes the non-directory files. With the -s option, only the specified file is listed. For each
listed directory, the size is the total amount of space for that directory and all files underneath it,
recursively.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
9-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• /var/adm/wtmp
• /etc/security/failedlogin
• /var/adm/sulog
• /var/spool/*/*
• /var/tmp/*
• $HOME/smit*
Notes:
Managing files that grow
Growing files should be monitored and cleaned out periodically. Some of the files that grow are
listed on the visual.
Records of login activity
The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are needed
because they contain historical data regarding login activity. Thus, these files should always contain
a few days of login activity. If accounting is turned on, /var/adm/wtmp is kept to a reasonable size.
If accounting is not turned on, to capture the data to archive it, use who -a on /var/adm/wtmp and
/etc/security/failedlogin and redirect the output to a save file. Then, the log file can be purged
by overwriting it with a null string. Two ways of overwriting a log file in this way are illustrated in the
following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try to clear
the queuing subsystem by running the following commands:
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
rm /var/spool/qdaemon/*
startsrc -s qdaemon
Records of SMIT and web-based System Manager activity
Files such as smit.log in the home directory of the root user, and other system administration
accounts, can also become large. These files need to be monitored regularly and managed
appropriately.
9-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Modify the skulker shell script to suit local needs for the
removal of files.
– Test carefully!
Notes:
Function of the skulker command
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are executed by
each entry, print or view the contents of the /usr/sbin/skulker file.
Concerns that are related to skulker
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to use an
old version of skulker. In addition, the skulker shell script is moderately complex. When making
modifications, you should make a copy of the shell script first - just in case!
Note that if skulker is modified, or if it is used on the incorrect version of the operating system, it
ceases to be a supported component of AIX.
Note: The skulker is disabled by default.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Benefits of a small block size
In JFS, as many whole blocks as necessary are used to store a file or directory's data. Consider
that we have chosen to use a block size of 4 KB, and we are attempting to store file data that
only partially fills a block. Potentially, the amount of unused or wasted space in the partially filled
block can be quite high. For example, if only 500 bytes are stored in this block, then 3596 bytes
are wasted. However, if a smaller block size, say 512 bytes, was used, the amount of wasted
disk space would be greatly reduced - to only 12 bytes. Therefore, it is better to use small block
sizes, if efficient use of available disk space is required, in a file system that consists of lots of
small files.
Adverse effects of a small block size
Although small block sizes can be beneficial in reducing wasted disk space, they can have an
adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4 KB, only one disk
I/O operation would be required to either read or write the file. If the choice of the block size was
512 bytes, a 4 KB file would be allocated a 4 KB block only, if one were available. If a single 4
KB block were not available, 512 byte blocks would be used, with a potential to allocate eight
blocks for this file. For a read or write to complete, several additional disk I/O operations (disk
9-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty seeks, data transfers, and allocation activity) would be required. Therefore, for file systems that
use a block size of 4 KB, the number of disk I/O operations are far less than file systems that
employ a smaller block size.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Fragmentation considerations
IBM Power Systems
Used block
Free block
FileA
Notes:
Irrespective of the block size, over time data can become fragmented on disk. The defragfs
command attempts to increases a file system's contiguous free space by reorganizing free block
allocations to be contiguous, rather than scattered across the disk. The file system to be
defragmented can be specified with the device variable, which can be the path name of the logical
volume (for example, /dev/hd4) or the name of the file system, which is the mount point in the
/etc/filesystems file.
Another approach, is to back up and restore the data in a new file system or backup the data,
delete, re-create the file system and restore. This method is certainly cleaner, but requires some
element of downtime.
9-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• fsck command
– Checks file system consistency and interactively repairs the file system
– If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
/etc/filesystems.
– Orphan files are placed in the lost+found directory.
• Unmount the file system before running fsck.
# fsck /data
The current volume is: /dev/fslv00
Primary superblock is valid.
J2_LOGREDO:log redo processing for /dev/fslv00
Primary superblock is valid.
*** Phase 1 - Initial inode scan
*** Phase 2 - Process remaining directories
*** Phase 3 - Process remaining files
*** Phase 4 - Check and repair inode allocation map
*** Phase 5 - Check and repair block allocation map
File system is clean.
Notes:
Always run the fsck command on file systems after a system malfunction. The internal integrity of
a file system should be checked before the file system is mounted. By default, the fsck command
runs interactively, prompting the administrator for the action to perform in order to repair the file
system. If orphaned files or directories (those that cannot be reached) are found, fsck attempts to
store them file in the /lost+found directory.
For further information, see the fsck man page.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The visual shows the hints for documenting the file systems on your system.
9-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Logical volumeStructure
Logical Volume storage
hd2
Notes:
Difference between file system and simple directory
It is important to understand the difference between a file system and a directory. A file system is a
section of disk that has been allocated to contain files. This section of disk is the logical volume.
The section of disk is accessed by mounting the file system over a directory. Once the file system is
mounted, it looks like any other directory structure to the user.
File systems on the visual
The directories on the right of the bottom portion of the visual are all file systems. These file
systems are all mounted on the directories /usr, /tmp, /var, and /home. Notice the corresponding
logical volume in the graphic at the top of the visual.
Simple directories
The directories on the left of the bottom portion of the visual are strictly directories that contain files
and are part of the /(root) file system. There is no separate logical volume that is associated with
these directories.
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (1 of 2)
IBM Power Systems
1. Does the size of the file system change when the size of the logical
volume it is on is increased?
Notes:
9-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint (2 of 2)
IBM Power Systems
7. What command can you use to determine whether a file system is full?
8. What command can produce a report listing the size (in MB) of all the
files and directories that are contained in a specific location?
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
File system
administration
Notes:
9-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 9. File system administration 9-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
9-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 10. Paging space
References
Online AIX Version 7.1 Operating system and device management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
10-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Real
Virtual memory
memory (RAM)
Active
page,
Page resident in
frame memory Paging
table space
Inactive
page, paged
out
Notes:
How data is placed into Paging Space?
Memory under AIX is virtualized by the Virtual Memory Manager (VMM). The basic idea behind
virtual memory is that each program has its own address space that is partitioned into segments. A
segment is a 256 MB, contiguous portion of the virtual-memory address space into which a data
object can be mapped.
Virtual-memory segments are partitioned into fixed-size units called pages. Each page in a segment
can be in real memory (RAM), or stored on disk until it is needed. Similarly, real memory is divided
into page frames.
A page might be resident in memory (that is, mapped into a location in physical memory), or a page
might be resident on a disk (that is, paged out of physical memory into paging space or a file
system).
The role of the VMM is to manage the allocation of real-memory page frames and to resolve
references by the program to virtual-memory pages that are not currently in real memory or do not
yet exist (for example, when a process makes the first reference to a page of its data segment).
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Page Frame Table (PFT) is the data structure that is used by a VMM to store the mapping between
virtual addresses and physical addresses.
When the number of available real memory frames on the free list becomes low, a page stealer is
invoked. A page stealer moves through the PFT, looking for pages to steal from Real Memory to
Paging Space. The PFT includes flags to signal which pages have been referenced and which have
been modified. If the page stealer encounters a page that has been referenced, it does not steal
that page, but instead, resets the reference flag for that page. The next time the clock hand (page
stealer) passes that page and the reference bit are still off, that page is stolen.
Paging space is not a substitute for sufficient real memory. A persistent shortage of real memory
can result in so much paging space page-in and page-out activity, that it will severely impact the
performance of that system. For more information about memory and paging performance issue,
attend an AIX performance management course.
10-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Paging space
IBM Power Systems
Notes:
A secondary storage area
Paging space is disk storage for information that is resident in virtual memory, but is not currently
being accessed. As memory fills, inactive pages are moved to the paging space on disk.
A temporary holding area for inactive pages
It is important to remember that paging is a temporary holding area for inactive pages; it is not a
substitute for real memory. If your machine has many active processes, it requires more real
memory. You must ensure that the machine has enough memory to maintain all the active
processes. If you run out of memory, your machine reaches a constant state of paging called
thrashing. As it attempts to make room in memory, it completes a page-out; as soon as the page
reaches the disk, it is needed again because it is still active. Your machine's resources are wasted
performing only paging activity, and no real work gets done.
Thrashing indicates a need for additional memory
Increasing the amount of paging space when your machine is thrashing does not solve the problem.
Thrashing is a result of not enough real memory.
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
10-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Creation of paging space
Paging space is created during AIX installation. The initial size depends on various factors,
particularly the amount of RAM in your system. Currently, the initial paging space size is determined
according to the following standards:
- If real memory < 256 MB then page space = 2 x real
- If real memory >= 256 MB then page space = 512 MB
- No more than 20% disk
Adjusting the amount of paging space
The initial size of paging space is just a starting point. This is not necessarily the amount of the
paging space that is right for your machine. The number and types of applications dictates the
amount of paging space that is needed. Many sizing rules of thumb have been published, but the
only way to correctly size your machine's paging space is to monitor the utilization of your paging
space.
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
10-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Impact and messages of low paging space
Running low on paging space can prevent new processes from starting. The result can even be a
hung or crashed operating system.
You might see these warning messages:
"INIT: Paging space is low"
"ksh: cannot fork no swap space"
"Not enough memory"
"Fork function failed"
"fork () system call failed"
"unable to fork, too many processes"
"Fork failure - not enough memory available"
"Fork function not allowed. Not enough memory available."
"Cannot fork: Not enough space"
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
10-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# lsps -a
Page Space Physical Volume Volume Group Size %Used Active Auto Type
hd6 hdisk0 rootvg 512MB 13 yes yes lv
# lsps –s
Total Paging Space Percent Used
512MB 13%
# vmstat 1 10
Notes:
The lsps command
The lsps command lists detailed information regarding the paging spaces on the system, including
whether they are in use at the time and, if so, what percentage of their total space is allocated.
Another useful option available with the lsps command, is the -s option, which specifies the
summary characteristics of all paging spaces. The information consists of the total size of the
paging spaces (in MB) and the percentage of paging spaces currently used.
The paging space created during system installation, is named hd6. Paging spaces created by the
system administrator after system installation, are named paging00, paging01, and so on.
svmon is an advanced command that captures and analyzes the current snapshot of virtual
memory. It is the only system command that shows the breakdown of page frame sizes.
10-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Placement guidelines:
– More than one page volume.
– Paging spaces all the same size including hd6.
– Only one paging space per physical disk.
– Use disks with the least activity.
– Do not extend “a paging space” over multiple physical volumes.
– Place on SAN disks for better performance.
– Mirror all page spaces that are on internal or nonraided disk.
hd6 paging00
paging01
Notes:
Introduction
Placement and size of your paging space does impact its performance. The following material
contains tips regarding placement and size of paging areas.
Configure only one paging space per disk
Do not have more that one paging space per disk. The paging space is allocated in a round-robin
manner, and uses all paging areas equally. If you have two paging areas on one disk, then you are
no longer spreading the activity across several disks.
Use disks with low levels of activity
Paging space performs best when it is not competing with other activity on the disk. Use disks that
do not have much activity.
Create paging spaces of roughly the same size
Paging spaces should be roughly the same size. Because of the round-robin technique that is used,
if they are not the same size, then the paging space usage is not balanced. Smaller paging areas fill
faster.
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
10-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Notes:
Ways of adding extra paging space
To add extra paging space volumes to the system, you can use SMIT (as illustrated on the visual),
the mkps command, or the web-based System Manager.
Using the mkps command
When using the mkps command, the syntax and options are:
mkps [-a] [-n] [-t Type] -s NumLPs Vgname [Pvname]
• Vgname: The volume group within which to create the paging space
• Pvname: Specifies the physical volume of the volume group
• -s NumLPs: Sets the size of the new paging space in logical partitions
• -a: Activate the paging space at the next restart (adds it to /etc/swapspaces)
• -n: Activate the paging space immediately.
• -t Type: Specifies the type of paging space (lv or nfs)
When a paging space is created, the /etc/swapspaces file is also updated.
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Characteristics that can be changed
A paging space might have its size increased or decreased and might have its autostart options
changed while it is in use (this updates /etc/swapspaces).
These changes can be made through SMIT (as illustrated on the visual) or by using the chps
command.
Decreasing paging space
The ability to dynamically decrease paging space was introduced in AIX 5L V5.1. The argument -d
to the chps command calls the shrinkps shell script to reduce the size of an active paging
space. The use of a shell script reduces the possibility of getting into an unbootable state because
users are not allowed to run out of paging space. The script checks paging space actually in use
and adds a paging space warning threshold buffer. The SMIT fast path is smit chps.
10-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit rmps
Remove a Paging Space
# lsps -a
Page Space PV VG Size %Used Active Auto Type
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Notes:
Deletion of surplus paging space
As we have discussed, paging space can be added to the system, if necessary. Similarly, surplus
paging space can be deleted to free up the disk space for other logical volumes.
Deactivation of paging space
Inactive paging space can be activated dynamically to meet system demand. In order to delete
paging space, it must be inactive (that is, not used by the kernel.) Beginning with AIX 5L V5.1,
active paging spaces can be deactivated while the system is running by using the swapoff
command or with the SMIT fast path swapoff.
Reasons the swapoff command might fail
The swapoff command might fail due to:
• Paging size constraints: The process to remove an active paging space is to move all the pages
of the paging space being removed to another paging space. If there is not enough active
paging space to do this, the command fails.
• I/O errors.
10-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The visual shows some hints to solve paging space issues.
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Running lsps
Run lsps to monitor paging space activity. Keep good documentation so that you know what is
normal for that system.
The /etc/swapspaces file
The file /etc/swapspaces contains a list of the paging space areas that are activated at system
startup.
Keep a copy of /etc/swapspaces so that you know what paging spaces are defined to start at boot.
10-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint
IBM Power Systems
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
Paging
space
Notes:
This lab allows you to add, decrease, monitor, and remove paging space.
10-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 10. Paging space 10-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
10-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 11. Backup and restore
References
Online AIX Version 7.1 Operating system and device management
AIX Version 7.1 Installation and migration
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
11-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Backup introduction
IBM Power Systems
Notes:
Why back up your data?
The data on a computer is usually far more important and expensive to replace than the machine
itself. Data loss can happen in many ways. The most common causes are hardware failure and
accidental deletion. AIX provides several ways in which we can back up and restore data.
- Volume group backup: AIX provides a mksysb utility that creates a back up image of the
operating system (that is, the root volume group) and the savevg utility to backup
user-defined volume groups. It is important that regular mksysb backups are created as
they allow us to reinstall a system to its original state if it has been corrupted. If you create
the backup on external media, for example tape, the media is bootable and includes the
installation programs that are needed to install from the backup.
- Full backup: A full backup (sometimes referred to as level 0 backup) backs up all files and
directories in the specified location. AIX provides the backup command and several
standard UNIX utilities for performing a full backup such as tar, cpio, and pax.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
- Incremental backup: An incremental backup, backs up all the files that have changed
since the last full or incremental backup. The backup command on AIX is capable of
providing this functionality.
AIX (and UNIX) systems are often deployed in high performance, fault tolerant, 24x7 mission critical
environments. As a result of this, often enterprise backup solutions are deployed, like IBM Tivoli
Storage Manager (TSM) for System Backup and Recovery (Sysback). TSM for Sysback is
designed to provide centralized, automated data protection that can help reduce the risks that are
associated with data loss while also helping to reduce complexity, manage costs, and address
compliance with regulatory data retention requirements. TSM for Sysback is outside the scope of
this class.
11-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The mksysb utility provides the following functions:
• Saves the definition of the paging space
• Provides a non-interactive installation that gives information that is required at installation time
through a data file
• Saves the inter-disk and intra-disk policies for the logical volumes
• Saves map files for logical volumes, if requested by the user
• Provides the ability to shrink the file system and logical volume in a volume group at system
installation or mksysb recovery time
• Saves the file system characteristics
• Allows the user to restore single or multiple files from a system image
The volume group image is saved in backup format.
System backup or clone?
If the mksysb command is used for to backup the source system, it is considered a system backup.
However, if the intent of the backup is to provide a customized system for use on other machines,
the mksysb is considered a clone. Cloning means preserving either all or some of a system's
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
customized information for use on a different machine. During installation, the default option is
Enable System Backups to install any system = Yes. This means that mksysb files
are not system-specific. Otherwise, if the mksysb by itself, is used to clone a machine or LPAR that
is not a hardware clone, it might not work, as it cannot provide support for hardware devices unique
to the new machine or LPAR. For example, loading a mksysb image that is made from a physical
machine will not install correctly on a virtual LPAR because they use different AIX file sets.
However, this is an easy problem to resolve. In addition to the mksysb, you also need to boot using
the AIX installation media to provide the file sets needed by the other machine or LPAR. If using a
NIM server, a bosinst.data file must be defined with the option
INSTALL_DEVICES_AND_UPDATES = yes and the lppsource that is allocated to the client
machine, must also have all the possible device support.
Non-interactive installation
If a system backup is being made to install another system or to reinstall the existing system, a
customer can predefine installation information so questions at installation time are already
answered. This keeps user interaction at the target node to a minimum. The system backup and
BOS installation interact through several files. The mksysb saves the data, which is used by the
installation, through taking a snapshot of the current system, and its customized state.
System backup components
The components that are provided as part of the system backup utility, are packaged in the
bos.sysmgt.sysbr package.
11-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Introduction
The SMIT screen that is shown in the visual, Back Up This System to Tape/File or UDFS
capable media, performs a mksysb operation and backs up only mounted file systems in rootvg.
Create MAP files?
This option generates a layout mapping of the logical-to-physical partitions for each logical volume
in the volume group. This mapping is used to allocate the same logical-to-physical partition
mapping when the image is restored.
EXCLUDE files?
This option excludes the files and directories that are listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file that is listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
11-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
image.data file
IBM Power Systems
logical_volume_policy:
SHRINK = no
EXACT_FIT = no
[ . . . ]
Notes:
The image.data file contains information describing the image that is installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of logical
volumes and file systems in the root volume group. The mkszfile command generates the
image.data file. It is not recommended that the user modify the file. Changing the value of one
field without correctly modifying any related fields, can result in a failed installation, and a corrupted
backup image. The only exception to this recommendation is the SHRINK field, which the user
might modify to instruct the BOS installation routines to create the file systems as specified in the
image.data file, or to create the file systems only as large as is required to contain all the data in
the file system.
The BOS installation process also takes input from the image.data file regarding defaults for the
machine being installed. Any default values in the image.data file overrides values that are
obtained when the BOS installation queries the hardware topology and existing root volume group.
The image.data file resides in the / directory.
To create a mksysb backup image with a customized image.data file:
• Create a new image.data file: # mkszfile
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
11-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
bosinst.data file
IBM Power Systems
• Defines defaults for variables controlling an installation
• Can be used to created non-prompted installations
• Key options below, for a full description see:
– /usr/lpp/bosinst/bosinst.template.README
control_flow: FIREFOX_BUNDLE = no
CONSOLE = Default KERBEROS_5_BUNDLE = no
INSTALL_METHOD = overwrite SERVER_BUNDLE = yes
INSTALL_EDITION = REMOVE_JAVA_118 = no
PROMPT = no HARDWARE_DUMP = yes
EXISTING_SYSTEM_OVERWRITE = yes ADD_CDE = no
INSTALL_X_IF_ADAPTER = no ADD_GNOME = no
RUN_STARTUP = yes ADD_KDE = no
RM_INST_ROOTS = no ERASE_ITERATIONS = 0
ERROR_EXIT = ERASE_PATTERNS =
CUSTOMIZATION_FILE = SCREEN MKSYSB_MIGRATION_DEVICE =
TCB = no TRUSTED_AIX = no
INSTALL_TYPE = TRUSTED_AIX_LSPP = no
BUNDLES = TRUSTED_AIX_SYSMGT = yes
RECOVER_DEVICES = no SECURE_BY_DEFAULT = no
BOSINST_DEBUG = no ADAPTER_SEARCH_LIST =
ACCEPT_LICENSES = target_disk_data:
ACCEPT_SWMA = LOCATION =
DESKTOP = CDE SIZE_MB =
INSTALL_DEVICES_AND_UPDATES = yes HDISKNAME = hdisk0
IMPORT_USER_VGS = locale:
CREATE_JFS2_FS = Default BOSINST_LANG = en_US
ALL_DEVICES_KERNELS = no CULTURAL_CONVENTION = en_GB
GRAPHICS_BUNDLE = yes MESSAGES = en_US
SYSTEM_MGMT_CLIENT_BUNDLE = yes KEYBOARD = en_GB
Notes:
/bosinst.data file
This file enables the administrator to specify the requirements at the target system and how the
user interacts with the target system. It provides flexibility by allowing unattended installations. The
system backup utilities simply copy the /bosinst.data into the second file on the mksysb tape. If
this file is not in the root directory, the /usr/lpp/bosinst/bosinst.template is copied to the
/bosinst.data.
Key fields (highlight in the visual):
• PROMPT: determines whether the installation is to be prompted (yes) or non-prompted (no).
• INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a
different hardware configuration, boot from product media to get any missing device drivers
installed. In addition, if the product media is a later level of AIX than the mksysb, software in the
mksysb image is updated. To prevent either of these additional installations from occurring, set
this field to no. The default is yes.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
11-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
This visual shows the tape layout of a mksysb image.
BOS boot image
The BOS boot image contains a copy of the system's kernel and device drivers that are needed to
boot from the tape.
mkinsttape image
The mkinsttape image contains the following files:
• ./image.data holds the information that is needed to re-create the root volume group
and its logical volumes and file systems.
• ./bosinst.data contains the customizable installation procedures and dictates how the
BOS installation program behaves. This file allows for the non-interactive installations.
• ./tapeblksz contains the block size setting of the tape drive that is used during the
backup. This applies to the files in the fourth section.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the BOS
installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved by using the
backup command that is discussed shortly.
• Listing and extracting files in a tape mksysb image
The easiest way to list files or to restore individual files from any media (tape or optical) is to use
the generic list and restore commands:
- # lsmksysb -f <device> , where <device> might be /dev/rmt0 or /dev/cd0.
- # restorevgfiles -f <device> <file name>,
• <device> might be /dev/rmt0 or /dev/cd0.
• <file> can be one of more files such as /etc/inittab.
For tape specific restores, a combination of tape control and AIX file system restore
commands can be used:
- # tctl -f /dev/rmt0 rewind
- # tctl -f /dev/rmt0.1 fsf 3
- # restore -Tvf /dev/rmt0
OR
- # restore -Tv –s4 -f /dev/rmt0
The tctl command can be used to rewind and fast forward the tape to the start of the
fourth section (third tape mark). Then, the restore command, as shown in the example
can be used to extract (-x) or list (-T) files on the tape. Alternatively, if the tape is already
rewound, then the restore command can be used directly to extract files from the fourth
section (-s4).
For further information regarding tape manipulation, see the tctl man page.
11-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Using the SMS menus, boot the system from the tape device.
• Restore mksysb image from the device, that is, tape
(/dev/rmt0), as follows:
Welcome to Base Operating System
Installation and Maintenance
Notes:
Start a mksysb restoration
To restore a mksysb image from tape, boot the machine into SMS just as if you were performing an
installation. As shown previously in the installation unit, select the device to boot from (in this case
tape). Then, insert the mksysb tape and start the machine or LPAR. The machine boots from the
tape and prompts you to define the console and select a language for installation. Once you have
answered those questions, then the Installation and Maintenance menu is presented.
You can also boot from installation media that presents the same screens. Be sure to put the
mksysb tape in the tape drive before answering the last question.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Type the number of your choice and press Enter. Choice is indicated by >>.
1 Start Install Now With Default Settings
>> 2 Change/Show Installation Settings and Install
3 Start Maintenance Mode for System Recovery
4 Configure Network Disks (iSCSI)
Please wait...
Notes:
Changing installation settings
From the Installation and Maintenance menu, select option 2, Change/Show Installation
Settings and Install.
(Not all menu options are shown, due to format space limitations).
The options from the System Backup and Installation and Settings menu are:
1 Disk where you want to install
- Select disks where you want to install.
Use Maps
- The option Use Maps lets you choose whether to use the map files created (if you created
any) during the backup process of the mksysb tape. The default is no. If the selected disks
do not have map files, then this option would not be available.
2 Shrink Filesystems
11-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty - The option Shrink Filesystems installs the file systems using the minimum required space.
The default is no. If yes, all file systems in rootvg are shrunk. So remember after the
restore, evaluate the current file system sizes. You might need to increase their sizes.
0 Install with the settings listed above
- At the end, select option 0, which installs by using the settings that are selected. Your
mksysb image is restored.
The system then reboots.
Additional options that you might see are:
Import User Volume Groups
- You have the option to have user volume groups that are imported after the installation
completes. The default is yes.
Recover devices
- BOS installation program attempts to re-create the devices the same way they were on the
machine the mksysb was created on. This is normal procedure for regular mksysb restores
on the same system. However, for cloning (installing the mksysb image on another system),
you might not want these devices configured this way, especially for network configuration.
The default is yes.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
First, the resources (mksysb image, bosinst.data, SPOT) must be allocated to the client on the
NIM server and the NIM server must run a bosinst operation on your client machine. This is
covered in the NIM course, AN22.
Next, boot the client into SMS mode and select option 2, Setup Remote IPL. This option allows us
to define the network parameters of the NIM server and client. Once the IPL details have been
entered, press ESC to return to the main menu.
11-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Please wait...
Notes:
The visual shows the rest of the steps that are involved in completing the mksysb restore.
This example assumes that the NIM server was configured to provide a bosint.data file with
PROMPT=NO and all the necessary information provided. Otherwise, the system console would
need to be used to walk through the Install and Maintenance panels that are shown on the previous
visuals.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
To back up non-rootvg volume groups, use smit savevg or smit vgbackup. The parameters
are identical to creating a mksysb image.
The savevg command finds and backs up all files belonging to a specified volume group. The
volume group must be varied-on, and the file systems must be mounted. The savevg command
uses the data file that is created by the mkvgdata command. This data file can be one of the
following:
•/tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the name of
the volume group. The savevg command uses this file to create a backup image that can be
used by the restvg command to remake the user volume group.
11-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The visual shows the process of restoring a non-rootvg volume group. Standard out from the SMIT
screen is shown below:
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
datavg
loglv01
fslv00
New volume on /tmp/datavf_bk_svg:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Mon 20 Oct 20:29:05 2014
Files are backed up by name.
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
The total size is 5530 bytes.
The number of restored files is 11.
11-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• AIX
– Backup and restore
• Compression utilities
– Compress, restore using uncompress or zcat
– gzip, restore using gunzip
Notes:
The visual shows traditional commands for backup, restore, and compression in UNIX and AIX
operating systems.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Relative paths
# find /home/aix | backup -iqvf /dev/rmt0
# cd /home/aix
# find . | backup -iqvf /backup/aix.backup List files
Notes:
The backup command
The backup command is a useful command for making backups of AIX files and directories.
backup supports two different methods:
• Backup by file name
• Backup by i-node (also call a file system backup)
• When performing a backup by filename, the files must be in a mounted file system to be backed
up. Backup by i-node, backs up file systems when they are unmounted.
Note: Relative versus full file names impact the location of files on recovery!
Popular backup flags
• -q: Media is ready
• -i: Specifies that files be read from standard input and archived by file name
• -v: Verbose - display file names during backup
• -f: Device
11-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# cat /etc/dumpdates
/dev/rfslv00 1 Fri Nov 21 15:45:21 2008
Incremental
/dev/rfslv00 0 Fri Nov 21 15:40:54 2008 backup
Backup history
Notes:
Backup by inode is useful for performing full (level 0) and incremental backups of file systems.
Backup by inode should be completed only when the filesystem is unmounted!
Note: The command completes if the filesystem is in use, but the following warning message is
displayed: Backup: 0511-251 The file system is still mounted; data may not
be consistent.
Popular backup by inode flags
• -u: Update /etc/dumpdates will backup transaction history
• -0-9: Backup level, 0 is full, 1...9 represents incremental change since level n-1
• -f: Device
Popular restore by inode flags
• -r: Restore files
For further information, see the man pages.
11-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty When restoring file system archives, the restore command creates and uses a file that is named
restoresymtable. This file is created in the current directory. The file is necessary for the
restore command to do incremental file system restores. Do not remove the restoresymtable
file if you perform incremental file system backups and restores.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
tar command
IBM Power Systems
Notes:
The tar command archives and restores files. tar is most commonly used in tandem with an
external compression utility, since it has no built-in data compression facilities.
Here is a list of the commonly used options:
• -c creates a tar backup.
• -x extracts (restores) one or more files from a tar file.
• -t reads the content of the tar file (verify the backup).
• -v verbose output - displays files as they are backed up and restored.
• -f identifies the file or device that is holding the tar image.
• -h follows symbolic links.
• -u appends files to an existing archive.
• -p preserves file permissions, ignoring the present umask value.
• -B forces a consistent blocking factor to help ensure that this copy is made correctly.
The final .tar file is usually called a tarball.
11-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
cpio command
IBM Power Systems
Notes:
cpio copies file archives in from, or out to tape, disk, or another location on the local machine.
Here is a list of the commonly used options:
• -o command reads file path names from standard input and copies these files to standard
output, along with path names and status information.
• -i command reads from standard input an archive file that is created by the cpio -o
command and copies from it the files with names that match the Pattern parameter.
• -p copies files to another directory on the same system.
• -d creates directories as needed.
• -v verbose (print files).
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
pax command
IBM Power Systems
# pax -v –f /backup/home_pax.ar
Notes:
The pax command extracts, writes, and lists members of archive files; copies files and directory
hierarchies.
Rather than sort out the incompatible options that have crept up between tar and cpio, along with
their implementations across various versions of UNIX, the IEEE designed a new archive utility. Pax
means “peace” in Latin, so the utility is named to create peace between the tar and cpio.
11-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
dd command
IBM Power Systems
Notes:
The dd command reads in standard input or the specified input file, converts it, and then writes to
standard out or the named output.
The common options are:
• if= specifies the input file.
• of= specifies the output file.
• conv= designates the conversion to be done.
Copying specific blocks
The dd command is also useful when you need to copy specific blocks of data. For example, if a file
system’s superblock (stored in the first block of the file system) is corrupted, a copy is kept at the
31st block. The dd command can copy that 31st block back to the first to repair the file system. The
command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Compression commands (1 of 2)
IBM Power Systems
# uncompress /tmp/data.tar.Z
/tmp/data.tar.Z: This file is replaced with /tmp/data.tar.
zcat expands a
compressed file
# zcat /tmp/data.tar.Z | tar -xvf - to standard out.
Notes:
Files that are archived are usually further compressed to reduce their size. compress,
uncompress and zcat commands are standard commands across UNIX platforms for
compressing and uncompressing files.
11-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Compression commands (2 of 2)
IBM Power Systems
# gzip -v /tmp/data.tar
/tmp/data.tar: 97.7% -- replaced with
/tmp/data.tar.gz
# gunzip -v /tmp/data.tar.gz
/tmp/data.tar.gz: 97.7% -- replaced with Creates a
compressed
/tmp/data.tar tarball
(.tar.gz) of
the /data
# tar -cvf - /data | gzip -c > data_tar.gz directory.
Notes:
gzip is a software application that is used for file compression. gzip is short for GNU zip. The
program is popular and is a free replacement for the compress program that was predominately
used in early UNIX systems.
Another popular and free compression utility is bzip2 that is based on a lossless data compression
algorithm. bzip2 compression is generally more effective than gzip. The usage of bzip2 and
bunzip2 (for decompression) is fairly similar to gzip and gunzip respectively.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Good practices
IBM Power Systems
Notes:
• Take regular backups. Always take regular backups of data. The most efficient way of doing
this is through regular automated incremental backups, as done through products like TSM.
• Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker and
verify the contents without having to restore the data.
• Check the tape devices. The tapechk command can be used to check a number of files on a
tape. If no argument is specified, then the first block on the tape is checked. If a number is
specified, that number of files are checked. You can also position the tape before tapechk is
run by specifying a second number. For example, tapechk 2.1 reads two files after skipping
past the first file. The tapechk command can be used to detect malfunctioning hardware.
• Label your tapes. There is no way to know what is on the tape by looking at it. The label should
at least list the tape files, the commands that are used to create the tape, the date that is
created, and the block size.
• Keep old backups. Keep old backups in case something goes wrong with the new ones.
11-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • Keep a copy of backups securely offsite. Store a set of backups off site in case something
happens to your site.
• Test recovery procedures. Test your recovery procedure before you must. Know that you can
recover before you must recover.
• Consider deploying an enterprise storage solution. Enterprise storage solutions like Tivoli
Storage Manager provide centralized, automated storage management and data protection.
TSM storage management software protects you from the risks of data loss and helps you
reduce complexity, manage costs, and address compliance with data retention and availability
requirements.
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
Notes:
11-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 11. Backup and restore 11-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
11-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 12. Security and user administration: Part one
References
Online AIX 7.1 Information
SG24-7430 AIX V6 Advanced Security Features: Introduction and
Configuration (Redbooks)
SG24-7910 AIX Version 7.1 Differences Guide (Redbooks)
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.base/k
c_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
12-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
12-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
User accounts
IBM Power Systems
# id
uid=0(root) gid=0(system)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
Notes:
Importance of user accounts
The security of the system is based on a user being assigned a unique name, a unique user ID
(UID) and password, and a primary group ID (GID). When the user logs in, the UID is used to
validate all requests for file access. The UID, associated groups, and GIDs can be seen by the id
command.
File ownership
When a file is created, the UID associated with the process that created the file is assigned
ownership of the file. Only the owner or root can change the access permissions.
Automatically created user accounts
There are several user accounts automatically created. root, for example, is one. Some user
accounts are not made for login but only to own certain files. adm, sys, and bin are examples of that
type of account.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• root’s password:
– Carefully guard
– Non-trivial passwords
– Changed on an unannounced schedule
• Assign different root passwords to different machines.
• Always log in as an ordinary user first and then su to root
instead of logging in as root.
– audit trail in /var/adm/sulog
– Enforce use of the su method to use root authority:
Notes:
Guidelines for root account password
If the root password is known by too many people, no one can be held accountable. The root
password should be limited to just two or three administrators. The fewer people who know root's
password, the better. The system administrator should ensure that distinct root passwords are
assigned to different machines. You might allow normal users to have the same passwords on
different machines, but never do this for root.
Use of the su command
Attempts to become root through su can be investigated. Successful and unsuccessful attempts
might be logged by the audit system.
PATH variable for root account
Do not include unsecured directories in the value of PATH for the root account. Note that root's
PATH is used by many implicit system functions, not just by a user who is logged in as root.
12-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Groups
IBM Power Systems
Notes:
Function of groups
Users that require shared access to a set of files are placed in groups. Each group has a unique
name and Group ID (GID). The GID, like the UID, is assigned to a file when it is created. A user can
belong to multiple groups.
Predefined groups
There are several groups that are predefined on an AIX system. For example, the system group is
root's group and the staff group is for all ordinary users.
Planning and administering groups
The creation of groups to organize and differentiate the users of a system or network is part of
systems administration. The guidelines for forming groups should be part of the security policy.
Defining groups for large systems can be quite complex, and once a system is operational, it is very
difficult to change the group structure. Investing time and effort in devising group definitions before
your system arrives is recommended.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Groups should be defined as broadly as possible and be consistent with your security policy. Do not
define too many groups because defining groups for every possible combination of data type and
user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and administrators of a
group. It does not imply that the user has any administrative abilities for the system.
Types of groups
There are three types of groups on the system:
• User groups
User groups should be made for people who need to share files on the system, such as people
who work in the same department, or people who are working on the same project.
• System administrator groups
System administrators are automatically members of the system group. Membership of this
group allows the administrators to perform some of the system tasks without having to be the
root user.
• System defined groups
Several system-defined groups exist. Staff is the default group for all non-administrative users
who are created in the system. Security is another system-defined group with limited privileges
for performing security administration. The system-defined groups are used to control certain
subsystems.
Use of the newgrp command
A user's real group identification is used to determine the group ownership of a file that is created
by that user. The newgrp command changes a user's real group identification. If you provide a
group name as a parameter to the newgrp command, the system changes the name of your real
group to the group name specified (if the group name specified is part of your groupset). If no group
name is provided as a parameter, the newgrp command changes your real group to the group
specified as your primary group in the /etc/passwd file.
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)
12-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
system security
Rights to
printq administrative
adm functions
audit
shutdown
staff Ordinary
users
Notes:
Rights to administrative functions
As indicated on the visual, membership in some groups confers rights to the use of certain
administrative functions. Membership in the staff group does not provide rights to the use of
administrative functions.
Common groups
Common groups on the system (and their intended uses) are as follows:
• system for most configuration and standard hardware and software maintenance.
• printq for managing queuing.
- Typical commands that can be run by members of this group are: enable, disable, qadm,
qpri, and so forth.
• security to handle most passwords and limits control
- Typical commands that can be run by members of this group are: mkuser, rmuser,
pwdadm, chuser, chgroup, and so forth.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• adm most monitoring functions such as performance, cron, accounting staff, default group that
is assigned to all new users.
- You might want to change this in /usr/lib/security/mkuser.defaults.
• audit for auditors.
• shutdown allows use of the shutdown command.
12-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
1 Roles 2 Users
Authorizations Roles
• Domain RBAC
– Controls which objects can be administered
Internet interface
© Copyright IBM Corporation 2009, 2015
Notes:
Why do we need RBAC?
The difficulty with permission (or even access control list) based access control is that you must
secure the needed resource rather than the command. It was often difficult to know which
resources where the ones needed. In some cases, we are dealing with kernel resources. In
addition, a given resource might have multiple uses and a single group access to it might not work.
Allowing a program to be root with suid allowed one to bypass the resource permissions, but suid
itself was potential exposure. With Enhanced Resource Based Access Control (RBAC), resource
access is controlled through privileged commands and then only users with the proper authorization
are allowed to execute the privileged command. The authorization and privileges are fine grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with. Even though a
user was assigned a role, that user was often still unable to execute the associated tasks until a
requisite command was converted to a set uid executable and the user was made a member of the
associated group. In addition, the legacy framework was implemented without involvement of the
kernel.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC framework
involves the kernel and thus is more secure. The new framework is also more granular and
extensive than the legacy RBAC. Once a role is assigned to a user, they have the authorization to
do the related tasks without having to play with file permissions or group membership. While the
framework supports user-defined privileged commands, authorizations, and roles, Starting with
version 6.1, AIX provides 10 predefined roles that can be used without additional RBAC
configuration. The details of the RBAC framework are outside the scope of this course; however,
more detail with a simple example is included in topic two of this unit.
Sudo
Sudo (su “do”) is free add-on software for UNIX systems that enables a system administrator to
delegate authority to give certain users, or groups of users, the ability to run some, or all,
commands as root or another user while providing an audit trail of the commands and their
arguments. Enhanced RBAC, eliminates the use of sudo like tools.
12-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
File/directory permissions
IBM Power Systems
Notes:
Permission bits
There are a number of permission bits associated with files and directories. The standard r (read),
w (write), and x (execute) permissions, define three levels of access for the user (owner), group,
and others. In addition, there are three permission bits known as SUID (set UID), SGID (set GID),
and SVTX (sticky bit).
The SUID bit
SUID on an executable file means that when the file runs, the process runs with an effective UID of
the owner of the file. SUID is not supported on shell scripts.
SUID has no meaning on a directory.
The SGID bit
SGID on an executable file means that when the file runs, the process runs with an effective GID of
the group owner of the file.
SGID on a directory means that any file or directory that is created within the directory has the same
group ownership as the directory rather than the real group ID or primary group of the user.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The SGID permission bits are propagated down through the directory structure, so that any
directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed running, but with
memory management routines, this is no longer necessary. SVTX is known as the sticky bit.
SVTX on a directory means that even if the directory has global write permission (for example,
/tmp), users cannot delete a file within it, unless they either own the file, or the directory.
12-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Reading permissions
IBM Power Systems
s s t
S S T
Notes:
How SUID, SGID, and SVTX settings are indicated
The SUID bit is indicated by an S or s in the slot that is normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot that is normally
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the slot that
is normally reserved for the execute permission for others. Since this slot must show if execute is
on/off and whether the additional permission bit is on/off, the uppercase S or T is used to indicate
that the execute permission is off. The lowercase s or t indicates the execute permission is on.
Discussion of examples on visual
Three examples of files that use these additional permissions are shown on the visual:
• The passwd command allows users to change their passwords even though passwords are
stored in a restricted area.
• The crontab command allows users to create a crontab file even though access to the
directory where crontab files reside is restricted for ordinary users.
• Permission bit settings for /tmp allow everyone to write to the directory, but only the owner of a
file can remove a file from the /tmp directory.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Changing permissions
IBM Power Systems
4 2 1
SUID SGID SVTX
owner group other
r w x r w x r w x
4 2 1 4 2 1 4 2 1
Notes:
Setting the additional permission bits
To set the additional permission bits, you use the same command (chmod) as you do to set the
regular permission bits.
Using octal notation to set the additional permission bits
Using the octal notation, you are probably familiar with setting permissions using a command like: #
chmod 777 file1. When you issue this command, the complete command would be: # chmod
0777 file1. The fourth number, a zero, is implied. This fourth position determines whether the
additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the same. To set
the additional bits, you are affecting the x position in either the user, group, or other area. If you
assign numeric values to user (4), group (2), and other (1), these are the values that you insert into
the fourth position to set the additional bit:
• SUID is indicated in the user's area. Therefore, use a 4 in the fourth position.
• SGID is indicated in the group area. Therefore, use a 2 in the fourth position.
12-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • SVTX is indicated in the others area. Therefore, use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual shows how
to set the values using the symbolic method.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
umask
IBM Power Systems
Notes:
Function of umask
The umask specifies what permission bits are set on a new file when it is created. It is an octal
number that specifies which of the permission bits are not set.
Default value of umask
If no umask was used, then files would be created with permissions of 666 and directories would be
created with permissions of 777. The system default umask is 022 (indicating removal of the 2 bit, or
write from the group and others area). Therefore, removing write from group and other, results in an
initial permission for files of 644 and for directories, 755. Execute permission is never set initially on
a file.
Changing the umask to enhance security
The default setting of the umask is 022. For tighter security, you should make the umask 027, or
even 077. An initial umask value can be set as an attribute of the user definition.
12-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Using chown to change ownership
As illustrated on the visual, the chown command can be used by root to change the ownership on a
file.
Using chgrp to change group ownership
The chgrp command is used to change the group ownership of a file. Any owner of a file can
change the group ownership to any group in their groupset. The root user can change the group
ownership to any group on the system.
Changing both ownership and group ownership
The chown command can be used by root to set both the ownership, and group ownership, of a file.
As illustrated on the visual, this can be done two different ways.
12-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Identify the different types of users and what data they need
to access.
– Consider using enhanced RBAC roles to perform system
administration tasks (as opposed to using root).
• Organize groups around the type of work that is to be done.
• Organize ownership of data to fit with the group structure.
• Set SVTX on shared directories.
• Security policy and implementation design should be formally
documented.
Security
policy and
setup
Notes:
Planning user and group administration
Plan and organize your user and group administration. Every user does not need their own group.
Good planning up front reduces any reorganizing of users and groups later on.
Use of the sticky bit
Always protect your shared directories by setting the sticky bit. Then, users cannot remove each
other’s files accidentally, or intentionally.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Topic summary
IBM Power Systems
Notes:
12-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
12-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
/etc/security/user
chuser vi
/etc/security/passwd /etc/security/limits
/etc/passwd /etc/security/user
Notes:
While the user and group definitions are kept in flat ASCII files, the proper way to work with these
definitions is by executing high-level commands (or SMIT). Thus, the best way to update user
attributes in /etc/security/user is to use the mkuser and chuser commands. In situations
where these can’t be used (such as changing) default attributes, then you must use a command
such as chsec.
The tool of last resort is to use a file editor. Not only is it possible to make mistakes that can violate
the syntax of a file or value restrictions on the attributes, but you also might not properly coordinate
the multiple inter-related files.
The high-level commands allow you to change a value without knowing in which file that attribute is
stored, ensure that the files are consistent, and that values are within the proper ranges.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Use of validation commands
The commands that are listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root permissions,
they give administrative users the ability to make necessary changes to the
/etc/security/passwd file in a controlled way, without knowing the root password.
The usrck command
The usrck command verifies the validity of the user definitions in the user database files, by
checking the definitions for all the users or for the users who are specified by the user parameter.
You must select a flag to indicate whether the system should try to fix erroneous attributes.
Options for pwdck, usrck, and grpck commands
All the options for pwdck, usrck, and grpck are as follows:
• -n Reports errors but does not fix them
• -p Fixes errors but does not report them
• -t Reports errors and asks if they should be fixed
12-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Syntax:
chsec –f filename -s stanza_name -a attribute_name=value
lssec –f filename -s stanza_name -a attribute_name
Example:
# lssec –f /etc/security/user -s default -a umask
default umask=22
# chsec –f /etc/security/user -s default -a umask=027
Figure 12-18. chsec, lssec, and stanza format security files AN124.0
Notes:
Many security files are in a stanza format with the stanza name as a label followed by multiple
attributes, one line per attribute. It is common in stanza file to have a default stanza, followed by
override stanzas such as individual users or individual terminals. While high-level commands can
be used with specific users, the only command that can be used with the default stanza is the
chsec command.
The chsec and lssec commands work with many different files that are in this stanza format. To
locate the attribute, the command requires you to identify the file name, stanza name, and attribute
name.
12-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Here is a complete example of /etc/security/user showing the default stanza and a user stanza:
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minloweralpha = 0
minupperalpha = 0
minother = 0
mindigit = 0
minspecialchar = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
default_roles =
root:
admin = true
SYSTEM = "compat"
registry = files
loginretries = 0
account_locked = false
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
root
administer
root
admin user or group
root or administer
security group standard user or group
Notes:
Capabilities of members of certain groups
The ability to perform certain system tasks (like creating users) depends upon the standard AIX file
permissions. Most system administration tasks can be performed by users other than root if those
users are assigned to groups such as system, security, printq, cron, adm, audit, or shutdown.
In particular, a user in the security group can add, remove, or change other users and groups.
Purpose of user hierarchy
To protect important users and groups from users in the security group, AIX has three levels of
user hierarchy: root, admin users and groups, and normal users and groups. Only root can add,
remove, or change an admin user or admin group. Therefore, you can define a user that has a high
level of access, but is protected from users in the security group.
12-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit security
Security & Users
Users
Groups
Passwords
Login Controls
PKI
LDAP
Role Based Access Control (RBAC)
Trusted Execution
Cluster Security
Notes:
The Security & Users menu
The Security & Users menu is used to manage user and group IDs on the system. The menu
consists of the nine options that are described below.
• Users
This option is used to add users to the system, delete existing users and change the
characteristics of existing users.
• Groups
This option is used to add groups to the system, delete groups, and change the characteristics
of existing groups.
• Passwords
This option is used to change the password for a user. It is also required when setting up a new
user or when a user has forgotten their password.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Login Controls
This option provides functions to restrict access for a user account or on a particular terminal.
• PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to authenticate
users using certificates and to associate certificates with processes as proof of a user's identity.
• LDAP
LDAP stands for Light Directory Access Protocol. It provides a way to centrally administer
common configuration information for many platforms in a networked environment. A common
use of LDAP is the central administration of user authentication. The SMIT option here allows
us to configure this platform as either an LDAP client or an LDAP server.
• Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user to
perform a portion of root's functions.
• Trusted Execution
Trusted Execution (TE) refers to a collection of features that are used to verify the integrity of
the system and implement advanced security policies, which together can be used to enhance
the trust level of the complete system.
• Cluster Security
This option is used for setting Cluster Security Level and Advanced Cluster Security
Configuration.
12-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
SMIT users
IBM Power Systems
# smit users
Users
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
Notes:
• Add a User: Add user accounts.
• Change a User's Password: Make password changes.
• Change/Show Characteristics of a User: Changes the many characteristics that are part of
the user account. The password restrictions are part of this area.
• Lock/Unlock a User's Account: This is used to temporarily disable an account. It is a good
security practice to disable accounts if they are not expected to be used for a reasonably long
time, as when someone is on an extended leave of absence.
• Reset User's Failed Login Count: If the administrator has set a limit to the number of failed
attempts that can be made on an account before locking it, this resets that count.
• Remove a User: Removes the user account, but not files that are owned by that user.
• List all users: Runs the lsuser command.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Listing users
IBM Power Systems
Example:
# lsuser -a id home ALL
root id=0 home=/
daemon id=1 home=/etc
bin id=2 home=/bin
sys id=3 home=/usr/sys
adm id=4 home=/var/adm
uucp id=5 home=/usr/lib/uucp
guest id=100 home=/home/guest
alex id=333 home=/home/alex
Notes:
Function of the lsuser command
The lsuser command is used to list the attributes of all users (ALL) or individual users on the
system.
Using SMIT to list users
When the List All Users option in SMIT is used, the user name, ID, and home directory are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data can be listed in line format, in colon format
(-c), or in stanza format (-f). Individual attributes or all attributes can be selected. The output can
also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.
12-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Ways of adding a user
The mkuser command or SMIT can be used to add a user. User attributes can be specified to
override the default values.
User name
The only value that must be specified, is the user name. Traditionally, this name was restricted to
eight characters in length. Beginning with AIX V5.3, this limit can be changed to allow names as
long as 255 characters. The limit is modified in the Change/Show Characteristics of the Operating
System panel (smit chgsys).
Changing user characteristics
The Change / Show Characteristics of a User option, which runs the chuser command, allows any
of the user characteristics that are listed previously, except the user name, to be changed. This can
be executed only by root or a member of the security group. Only root can change an admin user.
This SMIT screen holds exactly the same attributes as the Add a User screen.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
12-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Assign a password
IBM Power Systems
OR
# passwd [username] root only
OR
# smit passwd root or
security group
Notes:
Setting an initial password
When a user ID is created with SMIT or with the mkuser command, the user ID is disabled. (An
asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or pwdadm
command must be used to set up the initial password for the user.
Entry of passwords (things to be aware of)
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag is set in
the flags field in /etc/security/passwd. The user is then prompted to change the password at
the next login.
Recovering from a forgotten password
There is no way to examine an existing password on the system. The only way to recover from a
forgotten password, is for an administrator or root to set a new one for the user.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
12-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Maintenance
3. Follow the options to activate the root volume group and obtain a shell.
4. Once a shell is available, execute the passwd command to change
root’s password.
5. Enter the following command:
# sync ; sync
6. Reboot the system.
Notes:
If the root password is lost, follow the steps as shown in the visual.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/passwd file
IBM Power Systems
Format: name:password:UID:principleGID:Gecos:HomeDirectory:Shell
# cat /etc/passwd
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh ! = Passwd is set in
/etc/security/passwd
* = no password set
Notes:
Role of the /etc/passwd file
The /etc/passwd file lists the users on the system and some of their attributes. This file must be
readable by all users because commands such as ls access it.
Fields in the /etc/passwd file
The fields in the /etc/passwd file are:
• User name: Up to eight alphanumeric characters (not all uppercase).
• Password: On older UNIX systems, this contained the encrypted password. On AIX, it either
contains an exclamation mark (!) to refer to the /etc/security/passwd file or an asterisk (*),
which means the user has no password that is assigned.
• UID: The user ID number for the user.
• GID: The ID of the primary group to which this user belongs.
• Information: Any descriptive text for the user.
• Directory: The login directory of the user and the initial value of the $HOME variable.
12-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • Login program: Specifies the initial program or shell that is executed after a user invokes the
login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for
better performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any that look
suspicious.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/security/passwd file
IBM Power Systems
# cat /etc/security/passwd
root:
password = etNKvWlXX5EFk
lastupdate = 1145381446
flags =
daemon:
password = *
bin:
password = *
alex:
password = XAkhucsiyVwAA
lastupdate = 1225381869
flags =
tyrone:
password = RWWoFp5iuL.JI
lastupdate = 1225381903
flags = ADMCHG,ADMIN,NOCHECK
Notes:
Role of the /etc/security/passwd file (commonly referred to as the shadow password file)
The /etc/security/passwd file contains the encrypted user passwords and can be accessed
by root only.The login, passwd, pwdadm, and pwdck commands, which run with root authority,
update this file. This file is in stanza format with a stanza for each user.
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files for
/etc/security/passwd and some related files. These index files provide for better performance
during the login process. These indexes are created by using the mkpasswd command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:
• Password: Either the encrypted password asterisk (*) for invalid, or blank for no password
• Lastupdate: The date and time of the last password update in seconds from 1 January 1970
• Flags:
12-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
SMIT groups
IBM Power Systems
# smit groups
Groups
Notes:
Purpose of groups
The purpose of groups is to give a common set of users the ability to share files. The access is
controlled using the group set of permission bits.
Group management restrictions
Only root and members of the security group can create groups. root and security group
members, can select a member of the group to be the group administrator. This privilege allows the
user to add and remove users from the group.
Predefined groups
There are a number of predefined groups on AIX systems, like the system group (which is root's
group), and the staff group (which contains the ordinary users).
12-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Listing groups
IBM Power Systems
Example:
# lsgroup –f -a id users ALL
system:
id=0
users=root,esaadmin,pconsole
staff:
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
id=2
users=root,bin
...
Notes:
The lsgroup command
The lsgroup command is used to list all groups, or selected groups, on the system. The data is
presented in line format by default, in colon format (-c), or in stanza format (-f).
Commonly used options of the lsgroup command
• The -c option displays the attribute for each group, in colon separated records.
• The -f option displays the group attributes in stanza format with each stanza identified by a
group name.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Add a Group
Notes:
The mkgroup command
The mkgroup command is the command to create a new group. The group name, traditionally,
must be a unique string of eight or fewer characters. With AIX 5L V5.3 and later, the maximum
name length can be modified to be as large as 255 characters.
Limit on group membership
A user can belong to no more than 32 groups.
The mkgroup/SMIT options
The mkgroup -a option is used to indicate that the new group is to be an administrative group.
Only the root user can add administrative groups to the system.
• ADMINISTRATOR list and USER list: In the SMIT screen that is shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to change the
characteristics of a group and add or remove members.
• Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field, Projects,
for tracking resource usage in the Advanced Accounting subsystem.
12-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty The following fields are related to Encrypted File Systems. This topic is outside the scope of this
class. Attend AN57 AIX Security, for training in this area.
• Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other security
privileged system users, to reset the user's keystore password. Otherwise, if the user forgets
their keystore password, they are not able to access their Encrypted File System files. If the
guard mode is selected, then root cannot reset the user's keystore password.
• Keystore Encryption Algorithm: This option specifies the algorithm for the user's key, within
the keystore. This key protects the encrypting key of files the user creates, within the Encrypted
File System.
• Keystore Access: The keystore enables the user to utilize files in the Encrypted File System.
The selection of file creates a keystore file that is associated with this user. It is recommended
that file is selected. Select none for no keystore to be created. All other EFS (efs_*) attributes do
not have any effect.
The chgroup command
The chgroup command is used to change the characteristics of a group. It can be run only by root
or a member of the security group.
Group attributes
The group attributes that can be changed are the same as set with mkgroup.
The chgrpmem command
The chgrpmem command can be used by any user to change either the administrators, or the
members of a group, for which the user running the command, is a group administrator.
The chsh command
The chsh interactive command can be used by any user to change that user’s login shell.
The chfn command
The chfn interactive command can be used by any user to their GECOS information in
/etc/passwd.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Group files
IBM Power Systems
# cat /etc/group
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
bin:!:2:root,bin
sys:!:3:root,bin,sys
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
...
# cat /etc/security/group
system:
admin = true
staff:
admin = false
bin:
admin = true
...
techies:
admin = false
adms = alex
Notes:
The /etc/group file
The fields in the /etc/group file are:
• Group: Up to eight alphanumeric characters (not all uppercase)
• Password: This field is not used in AIX and should contain an exclamation mark (!)
• ID: The group ID
• Members: A comma-separated list of the users who belong to this group
The /etc/security/group file
The /etc/security/group file is a stanza file with one stanza for each group. The valid entries are:
• admin: Defines whether the group is an administrative group; values are true or false
• adms: A comma-separated list of the users who are administrators for the group
• If admin=true, this stanza is ignored because only root can change an administrative group
• projects: A list of project names to be associated with the group
12-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# rmuser –p user01
# rmgroup finance
Notes:
Ways to remove a user
The Remove a User from the System option in SMIT, or the rmuser command, can be used to
remove any user from the system. Only the root user can remove administrative users.
The -p option of rmuser
The -p option removes authentication information from the /etc/security/* files. Typically, this
information is the user password, as well as other login restrictions that have been previously set for
the ID.
Removing the user's files
The user's home directory and associated files are not removed by this option. They must be
removed separately by the administrator. To do this, you can use the -r option on the rm command
to recursively remove files. Remember to back up any important files before removing the user's
home directory.
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Removing a user or group does not remove the files that are owned by that user or group. The files
remain with the same UID and GID in the i-node as they had before.
The home directory files are easy to locate, but that is not necessarily true for other files that can be
scattered around the system.
For ease of management it is recommended that you manage these files before deleting the owner.
If you do not, then you need to know the UID or GID number to find the related files.
For each file, you need to decide whether to back up and delete the file or to transfer ownership to
a different user or group.
12-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Topic summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (1 of 2)
IBM Power Systems
Notes:
12-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint (2 of 2)
IBM Power Systems
7. True or False: When you delete a user from the system, all
the user’s files and directories are also deleted.
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
Notes:
12-54 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 12. Security and user administration: Part one 12-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
12-56 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 13. Security and user administration: Part two
References
Online AIX 7.1 Information
SG24-7430 AIX V6 Advanced Security Features: Introduction and
Configuration (Redbooks)
SG24-7910 AIX Version 7.1 Differences Guide (Redbooks)
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
13-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
13-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
/etc/passwd
User verification check /etc/security/passwd
no
Login failed Valid?
yes
Log entry in: /var/adm/wtmp
/etc/security/failedlogin Update security logs
/etc/utmp
/etc/environment
Set up the environment. /etc/security/limits
/etc/security/user
Display /etc/motd
/etc/profile
Enter login shell $HOME/.profile
Notes:
Introduction
When a user attempts to log in, AIX checks a number of files to determine whether entry is
permitted to the system and, if permitted, what parts of the system the user can access. This
section provides an overview of the checks that are performed during the login process.
The getty process
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal that is attached to that port.
The actual message that is displayed, also known as the herald, by the getty process is defined in
/etc/security/login.cfg. Once the message is displayed, the getty process waits for a
user to make a login attempt.
Non-console logins
If logging in using a network utility like telnet, it’s similar to a console login, except that the service
daemon (such as telnetd) is the parent process rather than a getty process. In addition, some
network services, such as ssh and rlogin, do not use login.cfg.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
13-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Login-related attributes
IBM Power Systems
Notes:
A herald is the message that is displayed at an enabled terminal or in response to any initial
network connection (telnet and rlogin commands). It is a good practice to have words that
make it clear that only authorized persons should be logging in to the system. This and other
login-related attributes are defined in /etc/security/login.cfg. You can also customize the
login prompt. The only line command that modifies this file is chsec.
Some facilities make it practice of tightening up how long a login prompt can be outstanding without
an actual login,
Below are descriptions of the login-related attributes.
• herald: This attribute specifies the initial message to be printed out when getty or login
prompts for a login name. This value is a string that is written out to the login port. If the herald
is not specified, then the default herald is obtained from the message catalog that is associated
with the language set in /etc/environment.
• logintimes: This attribute defines the times that a user can use this port to log in.
• logindisable: This attribute defines the number of unsuccessful login attempts before this port
is locked. Use this with logininterval.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• logininterval: This attribute defines the number of seconds during which logindisable
unsuccessful attempts must occur before a port is locked.
• loginreenable: This attribute defines the number of minutes after a port is locked, that it
automatically unlocked.
• logindelay: This attribute defines the delay in seconds between unsuccessful login attempts.
This delay is multiplied by the number of unsuccessful logins. Therefore, if the value is two, then
the delay between unsuccessful logins is 2 seconds, then 4 seconds, then 6 seconds, and so
forth.
Other security attributes (usw stanza):
• shells: The list of valid login shells for a user; chuser and chsh change only a user's login
shell to one of the shells that are listed here.
• maxlogins: This attribute defines the maximum number of simultaneous logins that are allowed
on the system.
• logintimeout: This attribute defines the number of seconds the user is given to enter their
password.
• auth_type: This attribute determines whether PAM or the standard UNIX authentication
mechanism is used by PAM-aware applications. Valid values: STD_AUTH, PAM_AUTH
• The chsec command: Changes to the /etc/security/login.cfg file can be done by the
command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt="Password:"
To reset to the default value:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=
13-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Security logs
IBM Power Systems
Notes:
The sulog file
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the following
information is recorded: date, time, terminal name, and login name. The file also records whether
the login attempt was successful, and indicates a success by a plus sign (+) and a failed login by a
minus sign (-).
The utmp and wtmp files
The /etc/utmp file contains a record of users who are logged in to the system, and the
/var/adm/wtmp file contains connect-time accounting records. To obtain information from either
file use the who command with the file name. The who command normally examines the
/etc/utmp file, but you can specify either one of the files that are just mentioned as an argument
to the command.
The last command
The last command can also be used to display, in reverse chronological order, all previous logins,
and logoffs that are still recorded in the /var/adm/wtmp file. The /var/adm/wtmp file collects
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
login and logout records as these events occur, and holds them until the records are processed by
the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
AIX V5.2 introduced a new daemon that is called utmpd to manage the entries in the /etc/utmp
file. This daemon monitors the validity of the user process entries at regular intervals. The default
interval time would be 300 seconds. The syntax of the command is:
/usr/sbin/utmpd [ Interval ]
To start utmpd from the /etc/inittab, add the following entry to the file:
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts. The
file can be displayed by using the who command with the file as an argument.
13-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
LOGIN
Notes:
The /etc/environment file
/etc/environment is used to set variables. No commands should be placed in this file. Only root
can change this file.
The /etc/profile file
/etc/profile is read during every login. Like the /etc/environment file, this file can be
changed only by root.
The $HOME/.profile and $HOME/.kshrc files can be customized by the user. The user can
overwrite any variable set in /etc/environment and /etc/profile.
Common Desktop Environment (CDE) considerations
If you are using CDE, .profile is not read by default. In the user’s HOME directory, the
.dtprofile file is used to establish the environment when working with CDE. .dtprofile
replaces the function of .profile in the CDE environment. If you want to use both, in the
.dtprofile, uncomment the line near the end of the file that references the DTSOURCEPROFILE
variable.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/security/mkuser.default
mkuser /etc/passwd
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER
mkuser.sys
...
• Shell script
• Build home directory
/etc/security/.profile
• Copies default .profile to home directory
• Set permissions and ownerships
Notes:
Rather than require each user to learn how to set up their own .profile customization, many
system admins define how the user environments should be initially setup. Less common, but
possible, is changing the defaults of the /etc/passwd fields for new users.
The /etc/passwd fields are determined by the stanza oriented mkuser.default file. It has a
stanza for ordinary users and another stanza for administrative users.
The mkuser command invokes the mkuser.sys shell script. This provided script builds the user’s
home directory, copy the /etc/security/.profile to the home directory, and then set
appropriate ownership and permissions on the home directory and its contents. After making a copy
of the original script, it can be modified to create more files in the user’s home directory. For
example, you might want to create a .kshrc file.
Resources that are involved in user creation process
The following resources are involved in the user creation process:
• Default ID numbers that are stored in /etc/security/.ids
• The /usr/lib/security/mkuser.sys shell script that is used to set up a user ID.
13-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The file /etc/motd contains text that is displayed every time after a
user successfully logs in, before the shell prompt.
• This file should contain only information necessary for the users to see.
• Existence of a $HOME/.hushlogin file blocks MOTD display.
******************************************************************
* *
* AIX Version 7.1 TL 03 (7100-03-03-1415) *
* Education AIX AN12 erc 4.0 *
* *
* The system will be down for maintenance from Saturday 23:00 *
* until Sunday 22:00 *
******************************************************************
nimmaster:/
Notes:
Using the /etc/motd file
The message of the day (motd) is a convenient way to communicate information, such as installed
software version numbers or current system news, to all users. The message of the day is
contained in the /etc/motd file. To change the message of the day, simply edit this file.
13-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Locked account:
# chuser –a account_locked=false user_name
# chsec –f /etc/security/user –s username \
–a account_locked=false
Notes:
In /etc/security/lastlog:
• unsuccessful_login_count: Specifies the number of unsuccessful login attempts since the
last successful login. The value is a decimal integer. This attribute works with the user's
loginretries attribute, which is specified in the /etc/security/user file, to lock the user's
account after a specified number of consecutive unsuccessful login attempts. Once the user's
account is locked, the user cannot log in until the system administrator resets the user's
unsuccessful_login_count attribute to be less than the value of loginretries. To do this, enter
the following:
chsec -f /etc/security/lastlog -s username -a \ unsuccessful_login_count=0
In /etc/security/user:
• account_locked: This attribute defines whether the account is locked. Locked accounts cannot
be used for login or su. Possible values: true or false
• loginretries: This attribute defines the number of invalid login attempts before a user is not
allowed to log in. Possible values: a positive integer or 0 to disable this feature
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Security is only as good as the passwords being used. The /etc/security/user file has many
attributes that assist you in enforcing best practices regarding password management. While it is
possible to set these on a user by user basis with chuser or SMIT, you might want to set default
values by using the chsec command. The descriptions in the visual provide first the attribute name
and then the SMIT field name. This convention is also used on the following visuals.
• maxage: This attribute defines the maximum number of weeks a password is valid. The default
is 0, which is equivalent to unlimited. Possible values: 0 - 52
• pwdwarntime: This attribute defines the number of days before a forced password change
warning informs the user of the impending password change. Possible values: a positive integer
or 0 to disable this feature.
• histexpire: This attribute defines the period of time in weeks that a user cannot reuse a
password. Possible values: an integer value between 0 and 260. 26 (approximately 6 months)
is the recommended value.
• histsize: This attribute defines the number of previous passwords that cannot be reused.
Possible values: an integer between 0 and 50.
13-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • minage: This attribute defines the minimum number of weeks between password changes. The
default is 0. Possible values: 0 - 52
• maxexpired: This attribute defines the maximum number of weeks after maxage that an
expired password can be changed by a user. The default is -1, which is equivalent to unlimited.
Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to be enforced (root is
exempt from maxexpired)
• maxrepeats: This attribute defines the maximum number of times a given character can appear
in a password. The default is 8, which is equivalent to unlimited. Possible values: 0 - 8
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The dictionlist user attribute defines the password dictionaries that are used when checking new
passwords. The format is a comma-separated list of absolute path names to dictionary files. A
dictionary file contains one word per line where each word has no leading or trailing white space.
Words should contain 7-bit ASCII characters only. All dictionary files and directories should be write
protected from everyone except root. The default is valueless, which is equivalent to no dictionary
checking.
A sample dictionary list is provided and there are other variations available from other sources.
AIX 7.1 introduced two enhancements to the dictionlist capability. One is the recognition of a
$USER entry. This results in the rejection of not only a password that is the same as the user name,
but of any password that has the user name as a subset. The other enhancement is the ability to
pattern match passwords using regular expressions; this provides a powerful method for identifying
many passwords as easily guessed without having to enumerating every possible variation. The
regular expression must be proceeded with an * (asterisk, splat) in the first column.
13-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Not only can a minimum number of characters be required in a password, but you can require a
mixture of different types of characters. The major subset minimums are minalpha (alphabetic) and
minother (non-alphabetic). They cannot total more than minlen.
AIX 7.1 induced the ability to be even more specific about the type characters. You can now
distinguish between upper and lowercase alphabetic characters. You can also distinguish between
numbers and other non-alphabetic characters.
Here are the user attributes with their descriptions.
• minalpha: This attribute defines the minimum number of alphabetic characters in a password.
The default is 0. Possible values: 0 - 8
• minother: This attribute defines the minimum number of non-alphabetic characters in a
password. The default is 0. Possible values: 0 - 8
• minlen: This attribute defines the minimum length of a password. The default is 0. Range: 0 - 8
Note that the minimum length of a password is determined by minlen and “minalpha +
minother”, whichever is greater. “minalpha + minother” should never be greater than 8. If
“minalpha + minother” is greater than 8, then minother is reduced to “8 - minalpha”.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• minloweralpha: This attribute defines the minimum number of lowercase alphabetic characters
that must be in a new password. The value is a decimal integer string. The default is a value of
0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• minupperalpha: This attribute defines the minimum number of uppercase alphabetic
characters that must be in a new password. The value is a decimal integer string. The default is
a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
• mindigit: This attribute defines the minimum number of digits that must be in a new password.
The value is a decimal integer string. The default is a value of 0, indicating no minimum number.
Range: 0 to PW_PASSLEN.
• minspecialchar: This attribute defines the minimum number of special characters that must be
in a new password. The value is a decimal integer string. The default is a value of 0, indicating
no minimum number. Range: 0 to PW_PASSLEN.
13-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Topic summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
13-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
13-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
RBAC overview
IBM Power Systems
1
Roles
Authorizations
Manage Devices
Create 2
System WPARs
Operating System Administration
Users
Notes:
There are over 250 built-in pre-defined authorizations, such as manage devices, create WPARs,
and perform OS administration. To view all authorizations, type: # lsrole ALL.
Authorizations are assigned to commands and files that are considered privileged. By privileged,
we mean that we want to allow them to bypass traditional access controls. These authorizations are
then assigned to roles, which, in turn, are assigned to users. Users can then switch roles to perform
the necessary administrative actions.
Custom user-defined authorizations and roles can also be created. However, this requires the
kernel security tables to be updated. To do this, execute the setkst command.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
There are, by default, 17 predefined system roles, and 311 authorizations. They can be listed with
the lsrole and lsauth commands respectively.
To list the roles and the assigned authorizations, type:
# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg
Role Definitions:
isso - Information system security officer
The ISSO role is responsible for creating and assigning roles, and is thus the most powerful
user-defined role on the system. Some of the ISSO responsibilities include:
• Establishing and maintaining security policy
• Setting passwords for users
• Network configuration
• Device administration
13-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
13-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
4. User would then switch to the role and perform the necessary
operations.
• To switch roles, use swrole command
Notes:
A key part in implementing RBAC, is planning. Start by making a note of all the administration tasks
that might need to be performed, then allocate them to roles, and assign the roles to user IDs.
RBAC is enabled by default in AIX starting with version 6.1), and can be checked with the lsattr
command as shown on the visual.
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
RBAC example (1 of 2)
IBM Power Systems
Notes:
The visual demonstrates how to provide a user with the capability to start, stop, and reboot the
system.
If you are not sure whether the system authorization, aix.system.boot.shutdown, contains
the shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
/etc/security # grep shutdown privcmds
/usr/sbin/exec_shutdown:
accessauths = aix.system.boot.shutdown
/usr/sbin/shutdown:
accessauths = aix.system.boot.shutdown
13-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
RBAC example (2 of 2)
IBM Power Systems
Notes:
The rolelist command provides role and authorization information to the invoker, about their
current roles, or the roles that are assigned to them.
The swrole command creates a new role session, spawned in a sub shell, with the roles that are
specified by the role parameter (in this example, SysBoot). To exit the new role sub shell, type:
# exit rolelist –e or # exit rolelist SysBoot
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Topic summary
IBM Power Systems
Notes:
13-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint (1 of 2)
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (2 of 2)
IBM Power Systems
Notes:
13-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 13. Security and user administration: Part two 13-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
13-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 14. Scheduling and time
References
Online AIX 7.1 Commands Reference
AIX 7.1 Files Reference
AIX Version 7.1 Operating system and device management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
14-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Starts:
– at command events
(one time only execution at specified time)
Notes:
Function of the cron daemon
The system process that enables batch jobs to be executed on a timed basis, is the cron daemon.
Many people rely on cron to execute jobs. Jobs are submitted to the cron daemon in a number of
different ways:
• The at and batch facilities are used to submit a job for one-time execution.
• crontab files are used to execute jobs periodically - hourly, daily, weekly.
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly as a
daemon. If killed, it is automatically restarted.
Changing how cron event types are handled
The /var/adm/cron/queuedefs file defines how the system handles different cron daemon event
types. The file specifies the maximum number of processes per event type to schedule at one time,
the nice value of the event type, and how long to wait before retrying to execute a process. This file
is empty as shipped, but can be modified to change how the cron daemon handles each event type.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
For example, by default, crontab events are inspected every 60 seconds, run at a nice value of 2
higher than the default, and there can be up to 100 executing simultaneously.
This can be changed by modifying the /var/adm/cron/queuedefs file.
For example, if crontab jobs were to run at a nice value of 10 higher than the default, with files
inspected every 2 minutes, and with up to 200 jobs allowed, then the following entry should be
made to the file:
c.200j10n120w
| | | |
| | | wait period (in seconds)
| | |
| | nice value
| |
| jobs
|
cron
14-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
crontab files
IBM Power Systems
Notes:
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly scheduled jobs
by using files in the /var/spool/cron/crontabs directory, or it can be used to schedule a
command for one-time-only execution by using the at command.
The /var/adm/cron/cron.deny file
All users by default have the privilege to set up scheduled jobs to be monitored by cron. This is
because the file /var/adm/cron/cron.deny, which denies privileges to users, exists and is
empty. As the administrator, you can restrict access to cron by adding user names to this text file.
The /var/adm/cron/cron.allow file
Another file that also restricts users’ privileges, is /var/adm/cron/cron.allow. To use this file,
you should remove the cron.deny file and create the cron.allow file to list the users that are
allowed to use cron. If cron.allow exists and is empty, no user is able to use cron, that includes
root. If both cron.allow and cron.deny exist, then cron.allow is the file that is used. If neither
cron.allow nor cron.deny exists, then only root can use cron.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Format of entries:
– minute hour date-of-month month day-of-week command
• To view current crontab:
– # crontab -l
...
#0 3 * * * /usr/sbin/skulker
#45 2 * * 0 /usr/lib/spell/compress
#45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null
0 11 * * * /usr/bin/errclear -d S,O 30
0 12 * * * /usr/bin/errclear -d H 90
0 15 * * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
...
Notes:
Viewing a crontab file
Each user can view their crontab file by using the command crontab -l.
The user’s crontab file contains the schedule of jobs to be run on behalf of that user. There is a
separate crontab file for each user of the crontab facility. This file is in
/var/spool/cron/crontab/$USER.
Format of crontab file entries
The format for the lines in this file is as follows:
minute (0-59)
hour (0-23)
date of the month (1-31)
month of the year (1-12)
day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)
command
14-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Fields are separated by spaces or tabs. To indicate that a field is always true, use an asterisk (*). To
indicate multiple values in a field, use a comma (,). A range can also be specified by using a hyphen
(-).
Examples of crontab entries
Here are some examples of crontab entries:
• To start the backup command at midnight, Monday through Friday:
0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0
• To execute a command that is called script1 every 15 minutes between 8 a.m. and 5 p.m.,
Monday through Friday:
0,15,30,45 8-17 * * 1-5 /home/team01/script1
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• A safer method:
# crontab -l > /tmp/crontmp
# vi /tmp/crontmp
# crontab /tmp/crontmp
Notes:
Creating or updating a crontab file
To schedule a job, you must create a crontab file. The cron daemon keeps the crontab files in
memory, so you cannot update the crontab entries by just modifying the file on disk.
Using crontab -e to edit the crontab file
To edit the crontab file, one method is to use crontab -e. This opens your crontab file with the
editor set with the EDITOR variable. Edit the file as you normally would any file. When the file is
saved, the cron daemon is automatically refreshed.
Another method of updating your crontab file
The crontab -l command always shows the crontab file that cron is using on your behalf.
Another method to update the file is to use the command crontab -l > mycronfile. This
command creates a copy of the current crontab file and enables you to safely edit the
mycronfile file without affecting the current crontab file. To submit your changes, use the
command: crontab mycronfile. The content of the mycronfile file replaces the content of
your file in the crontab directory, and refreshes the cron daemon, all at once. Now, you also have
a backup of the crontab file in mycronfile.
14-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Use of the at command
The at command submits a job for cron to run once, rather than on a recurring basis, at a
specified time. It reads the commands to execute from standard input. The at command mails you
all output from standard output and standard error for the scheduled commands, unless you
redirect that output.
Examples of keywords or parameters that can be used with at are: noon, midnight, am, pm, A for
am, P for pm, N for noon, M for midnight, today, tomorrow.
The time can be specified as an absolute time or date (for example, 5 pm Friday), or relative to
now (for example, now + 1 minute).
The Bourne shell is used by default to process the commands. If -c is specified the C shell is run,
and if -k is specified the Korn shell is run. If you specify the -m option, at sends you mail to say
that the job is complete.
Controlling use of at
The at command can be used by root only unless one of the following files exists:
14-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty /var/adm/cron/at.deny
If this file exists, anybody can use at, except those listed in it. An empty at.deny file exists by
default. Therefore, all users can use at by default.
/var/adm/cron/at.allow
If this file exists, only users who are listed in it can use at (root included).
Use of the batch command
The batch command submits a job to be run when the processor load is sufficiently low.
Like the at command, the batch command reads the commands to be run from standard input
and mails you all output from standard output and standard error for the scheduled commands,
unless you redirect that output.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Controlling at jobs
IBM Power Systems
• To list at jobs:
at -l [user]
atq [user]
# at –l
root.1411142496.a Fri Sep 19 18:01:36 2014
root.1413129711.a Sun Oct 12 18:01:51 2014
user01.1417644000.a Wed Dec 3 23:00:00 2014
• To cancel an at job:
at -r job
atrm [job | user]
# at -r user01.1417644000.a
The user01.1417644000.a at file is deleted.
Notes:
Listing at jobs
To list at jobs, use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command atrm
- and place nothing after the hyphen (-) to cancel all of your jobs. The root user can cancel all
jobs for another user, by using atrm <user>.
14-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Documenting scheduling
IBM Power Systems
Scheduling Records
Notes:
Overview
It is important to have correct, up-to-date information regarding your system, in case of an
unexpected system failure.
Maintain as much documentation as possible about all aspects of the system by following the
recommendations that we have given throughout the course.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
System clock
IBM Power Systems
Notes:
Introduction
Computer systems tell time differently than people do. So it is helpful to understand how time works
within computers as well as in the real world in order to get a handle on the things that can go
wrong.
Although, top scientific theory of our space and time estimated that the universe began 13.7 billion
years ago UNIX simply counts seconds since New Year’s Day 1970. All changes in denoting the
time are done by library functions that are linked into the system or applications that convert
between UTC and local time at run time.
On AIX systems, the hardware clock is set to keep Universal Time (UTC), also called Greenwich
Mean Time (GMT), instead of the time of day in the system’s actual time zone. The system can be
configured to keep track of UTC time and to adjust for the offset between UTC and the local time,
including Daylight Saving Time.
14-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit chtz_date
Notes:
The date command writes the current date and time to standard output if called with no flags or
with a flag list that begins with a + (plus sign). Otherwise, it sets the current date. Only a root user
can change the date and time.
Attention: Do not change the date when the system is running with more than one user or any
critical application.
Using the date command:
The date command needs the proper arguments in the format of mmddHHMM[YYyy], where
mmdd is the two-digit month and two-digit day (1203); HHMM is the two-digit hour in 24-hour
notation (14), two-digit minute (54), and YYyy is the four-digit year (2014):
# date 120314542014
For slowly adjusts the time by sss.fff seconds (fff represents fractions of a second) use date -a [
+ | - ]sss[.fff ]. This adjustment can be positive or negative. The system's clock is sped up
or slowed down until it has drifted by the number of seconds specified by date -a.
Note that you must be logged as root user.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The functions for accessing the time zone are declared in time.h. You should not normally need to
set TZ. If the system is configured properly, the default time zone is correct. You might set TZ if you
are using a computer over a network from a different time zone, and would like times reported to
you in the time zone local to you, rather than what is local to the computer.
Environment variables are examined when a command starts running. The environment of a
process is not changed by altering the /etc/environment file. Any processes that were started
before the change to the /etc/environment file must be restarted if the change is to take effect
for those processes. If the TZ variable is changed, the cron daemon must be restarted because this
variable is used to determine the current local time.
Daylight Saving Time (DST)
The Daylight Saving Time also summer time in British English: Is the practice of advancing clocks
during the lighter months so that evenings have more daylight and mornings have less.
If the Daylight Saving Time option is enabled, the default in AIX is for the system time to move
forward 1 hour (to DST) at 2:00am the second Sunday in March, and move back 1 hour (to
Standard Time) at 2:00 a.m. on the first Sunday in November. The default is hard-coded and is not
14-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty stored in any user accessible file. However, the date and time at which the switch to DST and ST
occurs can be customized by root (global environment) or by users (user environment) by setting
the $TZ environment variable. To see whether DST is enabled, echo $TZ; if the time zone variable
ends in DT, DST is enabled.
Crontab consideration:
When the TZ environment variable is changed, the cron daemon must be restarted. This enables
the cron daemon to use the correct Time Zone and summer time change information for the new TZ
environment variable.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
AIX checks the TZ environment variable to determine whether the environment variable follows the
POSIX specification rules. If the TZ environment variable does not match the POSIX convention,
AIX calls the ICU library to get the Olson time zone translation.
14-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit chtz_user
[Entry Fields]
* Standard Time ID(only alphabets) [CET]
* Standard Time Offset from CUT([+|-]HH:MM:SS) [-1]
Day Light Savings Time ID(only alphabets) [CEDT]
Day Light Savings Time Offset from CUT([+|-]HH:MM: [-2]
SS)
Start Daylight Savings Day([Mmm.ww.dd|Jn]) [M3.5.0]
Start Daylight Savings Time(HH:MM:SS) []
Stop Daylight Savings Day([Mmm.ww.dd|Jn]) [M10.5.0]
Stop Daylight Savings Time(HH:MM:SS) []
Notes:
This format is compliant with POSIX 1003.1 standards for Extensions to Time Functions.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# echo $TZ
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
CST6CDT
is the time
zone that you
are in
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
Date/time when
time shifts Date/time when
further time shifts back
Notes:
If you want to change the date or time at which the system switches to DST and back to Standard
Time from the defaults for your zone, edit the TZ line in /etc/environment. Change the line to read
something like the following:
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
The above example would effect a change to Daylight Saving Time at 2:00 AM on the second
Sunday in March and change back at 2:00 AM on the first Sunday in November, and keep the US
Central Time Zone time offset from GMT. The breakdown of the string is:
CST6CDT is the time zone that you are in;
M3 is the third month;
.2 is the second occurrence of the day in the month;
.0 is Sunday;
/2:00:00 is the time.
In more detail, the format is TZ = local_Time Zone,date/time,date/time. Here date is in the form of
Mm.n.d, day d(0-6) of week n (1-5, where week 5 means “the last d day in month m” and which
14-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty might occur in either the fourth or the fifth week) of month m of the year. Week 1 is the first week in
which the day d occurs. Day zero is Sunday.
Time Zones Defined on the System are listed in Files reference.
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit chtz_olson
[Entry Fields]
TIME ZONE name Europe/Prague
OFFSET from Greenwich Mean Time GMT+01:00 / GMT+02:00
Notes:
The Olson TZ database, also known as zoneinfo database /usr/share/lib/zoneinfo, is
updated with the latest time zone binaries.
You can list zoneinfo database by the /usr/lib/nls/lstz command.
The time zone compiler zic command and the command to dump the time zone information,
zdump, are modified to work with the updated time zone data files.
14-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Edit /etc/ntp.conf
server fr.pool.ntp.org Your ntp time
driftfile /etc/ntp.drift server’s IP address
goes here
• Run ntpdate
• Start the xntpd daemon
# startsrc -s xntpd
Notes:
The Network Time Protocol (NTP) is an Internet standard protocol, which synchronizes time
between systems on a TCP/IP network. Depending on circumstances, the precision is in the
microsecond range (one millionth of a second). If your network already has an established time
server, you can set up your system get the accurate time information from it. Various public NTP
servers on the Internet exist which can be used. As a last resort, if no other means are available,
you can connect your NTP server to the local clock of your system. This is useful if you are on an
isolated network and you need synchronized time across your systems.
The NTP protocol in AIX implements an xntpd daemon that slaves itself to another time source,
continuously monitoring the other source and adjusting the local time.
The /etc/ntp.conf file configures the xntpd daemon.
• server options specify which servers are to be used. Multiple server statements can be used. If
one of the statements has the prefer keyword, then this server has preference over other
servers.
• driftfile is the name of the file where the drift of the local clock is stored. This drift is
automatically determined by measuring the adjustments that are needed to the local clock over
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
a period of time. In case the NTP server cannot be contacted, the ntpd daemon nevertheless
keeps applying the same adjustments (taken from the driftfile) to reach a high degree of
precision.
Important to note is that ntpd does not start if the time difference between itself and the time server
to be used is large. Therefore, it is common to run ntpdate before starting ntpd, ntpdate connects
to a time server, retrieves the correct time, sets the local clock to the correct time, and exits.
It takes up to 6 minutes for the xntp client to sync up to the server. Therefore, the time difference
between the NTP client and the server should not be any greater than 1000 seconds.
Detailed explanation of NTP protocol and configuration of NTP server is an advanced topic, which
is covered in course AN21 TCP/IP for AIX Administrators.
14-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
Scheduling
Notes:
This lab gives you the opportunity to schedule jobs by using both at and crontab.
The exercise can be found in your Student Exercises Guide.
14-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 14. Scheduling and time 14-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
14-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 15. TCP/IP networking
References
Online AIX Version 7.1 Operating system and device management
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
15-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
What is TCP/IP?
IBM Power Systems
Notes:
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name is
Internet Protocol Suite or IP Stack.
TCP/IP is a set of protocols or rules, which define various aspects of how two computers in a
network can communicate with each other. A protocol is a set of rules, which describes the
mechanisms and data structures involved. Using these definitions, vendors can write software to
implement the protocols for particular systems.
There are many different protocols, which cover the aspects of addressing hosts in the network,
data representation and encoding, message passing, interprocess communications, and
application features, such as how to send mail or transfer files across the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface software
must be written to allow the protocols to use the available communications hardware.
This means that heterogeneous environments can be created where machines from different
manufacturers can be connected together, and different types of networks can be interconnected.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation
- Firewall
Session TCP UDP
Transport Reliable delivery to
correct program
Unreliable delivery to
correct program
Transport
- Router
IP IPsec ICMP - Layer 3 switch
Network Internet
- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC
Notes:
The TCP/IP protocol suite consists of lots of different protocols, which are described in many
thousands of RFCs. Most of these protocols and RFCs are either application specific (such as RFC
959, which describes the FTP protocol), or describe how data should be transferred over a specific
architecture (such as RFC 894, which describes IP over Ethernet). For now, it is important to
understand the working and interdependency of only a few core protocols. Since these protocols
are built on top of each other, where one protocol uses another protocol to get things done, the
interdependency is almost as important as understanding each protocol independently.
From top to bottom we find the following protocols:
• Applications use either the User Datagram Protocol (UDP) or the Transmission Control
Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to the right process,
and make use of IP to arrange delivery to the right host. The difference between UDP and TCP
is that TCP implements a mechanism of acknowledgments, whereby reliability can be
guaranteed. UDP does not have such a mechanism, making UDP less reliable.
• The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol (ICMP)
messages are typically generated in response to errors in IP datagrams or for diagnostic or
15-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty routing purposes. The IPsec protocol is responsible for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a data stream.
• The Network interface is the protocol layer, which transfers data between hosts. In order to do
this, a physical medium is required such as copper or fiber and hence the network interface and
physical layers are closely related.
Common network devices
• Repeater. A repeater is an electronic device that receives a signal and retransmits them at a
higher level, higher power or both, so that the signal can cover longer distances without
degradation. Because repeaters work with the actual physical signal, and do not attempt to
interpret the data being transmitted, they operate on the Physical layer, the first layer of the OSI
model.
• Network Interface Card (NIC). A NIC is a LAN adapter, which is designed to allow computers
to communicate over a computer network. It is both a layer 1 (physical layer) and layer 2 (data
link layer) device, as it provides physical access to a networking medium and provides a
low-level addressing system by using MAC addresses.
• Bridge. A bridge is a hardware device for linking two networks that work with the same protocol.
Unlike a repeater, which works at the physical level, a bridge works at the logical level (on layer
2), which means that it can filter frames so that it only lets past data whose destination address
corresponds to a machine located on the other side of the bridge.
• Switch. A network switch is a device that connects network segments. The term commonly
refers to a network bridge that processes and routes data at the Data link layer (layer 2) of the
OSI model.
- Layer 3. Switches that additionally process data at the network layer (layer 3 and above),
are often referred to as Layer 3 switches or multi-layer switches. A layer 3 switch can
perform some or all of the functions that are normally performed by a router.
- Layer 4. Layer 4 switches process data at the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall, which performs transport
layer function such as: Network Address Translation (NAT), IP filtering, and packet
encryption/decryption.
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced application data
contained in the data packets, for example, awareness of the type of the file being sent by
FTP. For this reason, a layer 7 switch can be used for load balancing, by routing the
incoming data flow to the most appropriate servers, which have a lower load or are
responding more quickly.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
repeater
host host
Notes:
Generally, your server connects to a local area network or LAN. A LAN is almost always a collection
of stations, which are in relatively close physical proximity (such as in the same building or even a
single floor of a building). To extend the distance, digital repeaters are sometimes inserted in the
topology.
The stations connect to the LAN using a network interface card (NIC), commonly an Ethernet
adapter. As long as the NICs use the same signaling mechanism and link protocols, they can talk to
each other. Frames of data are addressed to the hardware address of the adapter. The hardware
address is also called the Media Access Control (MAC) address. Broadcast mechanisms are used
to discover the MAC address of the other stations. The collection of stations, which can receive a
link level broadcast is referred to as a Broadcast Domain.
Originally, the stations shared cabling that allowed any station in the LAN to see all the traffic on the
LAN (even if not addressed to itself). Most current LANs have a central hub that only repeats the
signal to a station if it is either a broadcast frame or the frame is addressed to the MAC address of
that station.
15-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Brief history of Ethernet
The original Ethernet is called Experimental Ethernet today. It was developed by Robert Metcalfe in
1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The first Ethernet that
was generally used was DIX Ethernet (known as Ethernet II) and was derived from Experimental
Ethernet. Today, there are many different standards, under the umbrella of IEEE 802.3, and the
technical community has accepted the term Ethernet for all of them. Currently, under development
is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet). For further information, see
http://www.ieee802.org/3.
Ethernet adapter support on AIX
• TX 10/100/1000Mb up to 100m using traditional copper
• SX 1000Mb up to 550m using multi-mode fiber
• LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)
• SR (short range) 10Gb up to 300m using multi-mode fiber
• LR (long range) 10Gb up to 25km using single-mode fiber
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
In virtually all cases, on AIX you configures the en (DIX) interface, et interfaces are rarely (if at all)
used.
Note: Fiber versus Fibre. When talking about networks and Fiber it is important to know when to
use the correct spelling. Fiber refers to the medium (wire), whereas Fibre refers to the protocol, as
in, Fibre Channel.
15-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Virtual LAN
IBM Power Systems
Ethernet switch
Notes:
Virtual LAN (VLAN)
VLANs are used to support multiple networks even though the stations are connected to the same
central switching hubs. This helps to reduce the size of the broadcast domain and helps with
security through isolation. The switch administrator is responsible for maintaining the isolation and
controls access to each VLAN on a port by port basis.
When a station plugs into a network it is automatically on the LAN to which the port is assigned.
Originally, the LAN membership was maintained by switching physical circuits in the hub. Today, the
frame headers are modified or tagged to identify the VLAN membership.
A host that is attached to a typical switch access port is unaware of this tagging. It simple sends and
receives frames that have no VLAN ID identification. The switching hub tags frames coming in from
the host with the port VLAN ID and removes that tagging when any frame leaves the port that is
destined for that host. Frames that do not match the port’s assigned VLAN ID are not sent out that
port.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Trunk ports -
VID allowed list: 2, 3
Notes:
802.1Q VLAN
IEEE 802.1Q is the standard for VLANs. It aims to:
• Define an architecture to logically partition bridged LANs and provide services to defined user
groups, independent of physical location.
• Allow interoperability between multivendor equipment.
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet carries a
VLAN ID, called a Tag. This allows VLANs to be configured across multiple switches. The ports that
are used to connect two switches is defined as a trunk port. These inter-switch trunk ports typically
move tagged frames without striping those tags; the packet travel on the trunk cable still tagged.
The switch administrator can configure the trunk port to restrict which VLAN it carries by coding
VLAN ID allow or deny lists.
15-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Trunk port -
VID allowed list: 2, 3
Notes:
The main reason for a server being configured to identify its VLAN membership is to save on
hardware costs. Normally, the host would need to use a separate NIC (and a separate switch port)
for each LAN on which it needed to talk. A host that does its own VLAN tagging can use a single
NIC instead.
To support this, the switch usually defines the port as a trunk port, as if it were connecting to
another switch. Due to security concerns, the switch administrator typically codes an allow list of
VLAN IDs for that port. The switch discards any frames that are sent by the host that are tagged
with a VLAN ID that are not in the allowed list. Arriving packets, both inbound and outbound, with
tags that match the allowed list are passed along without stripping the tag. It is common for a trunk
connection to a host to also have a port VLAN ID, just like a normal access port; when a frame from
the host has no VLAN tagging, the switch tags it with the port VLAN ID and when it sends a frame to
the host, it strips the VLAN ID when it matches the port VLAN ID.
The VLAN aware host in this situation is responsible for tagging frames being sent on different
VLANs and for separating the frames when they are received.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Add A VLAN
[Entry Fields]
VLAN Base Adapter ent1
* VLAN Tag ID [33] +#
VLAN Priority [] +#
Notes:
AIX can be configured to be VLAN aware. This is done by creating special VLAN adapters, which
appear to be regular Ethernet adapters but, which are based on the actual physical NIC. Each
VLAN adapter has an associated VLAN ID, which it will handle.
Use smit addvlan fast path to configure VLAN adapters. Start by selecting a base adapter, which
is used to send the packets, and assign a VLAN tag. Optionally, you can also specify a priority. This
is used by the VLAN driver to prioritize packets if multiple VLANs are created using the same base
adapter. You can specify a value from 0-7, where 0 is the default priority, 1 is the highest, and then
in increasing numerical order from 2 through 7.
The VLAN adapter (in this case creating ent2) configuration automatically creates two Ethernet
interfaces in a defined state. Just as with the interfaces created when configuring a physical
adapter, you need to configure an interface to use IP protocols. The example in the visual, you
would configure en2 for standard Ethernet.
15-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
In order to be able to deliver the IP packet to the correct destination host, every host needs an IP
address. These IP addresses are 32-bit values and must be unique. In most cases, the IP address
is not written in its binary form, but in the so-called “decimal dot” notation, where the 32 bits are
grouped into four groups of 8 bits each, and those 8 bits are written in decimal form, which is
separated with dots. The subnet mask allows us to identify the two key pieces of information in the
IP address. The address of the network and the host identification (host ID).
Several addresses and address ranges are reserved for special purposes. The most important
ones are listed here:
• The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for the loopback
address. Hosts use the loopback address to send messages to themselves.
• Any IP address with the host name part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.
• Any IP address with the host name part all ones, such as 129.33.255.255, is reserved as the
local broadcast address. Data sent to this address is delivered to all systems on the local
network.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
IP addresses need to be assigned in such a way that they are unique across the whole Internet.
That is why there is a special organization that does this. This is the Internet Assigned Number
Authority, or IANA. They are responsible for assigning groups of addresses, called classes, to
organizations. They do not do this directly, but have contracted out that responsibility to the
InterNIC (http://www.internic.net), who in turn delegates this to local ISPs.
In additional to classes A to C, there are also classes D and E. Class D addresses are reserved for
multicasting. Multicasting is a limited area type of broadcasting. There is no network or host portion
in a multicast address. It is an integer number that is registered with the InterNIC that identifies a
group of machines. Class E, is for experimental use only.
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into smaller
more manageable chunks. This is achieved through a process that is known as subnetting. On the
other hand, class C addresses contain very few hosts, which can also be subnetted into smaller
chunks, but very often need to be aggregated together to form larger networks. This is achieved
through a process that is known as supernetting.
15-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Subnetting example
IBM Power Systems
Notes:
The default subnet mask for a class B network is 255.255.0.0. This translates to one network with
((2^16)-2) with 65534 hosts. Organizations with a class A and B address often have hundreds, if not
thousands of physical networks that are split across both local and geographically dispersed
locations. The only way to do this is to split the network address into more manageable chunks.
This is achieved by borrowing bits from the host ID and using them for the network. Using 7 bits
from the host ID, allows for (2^7) 128 physical networks. On each of the 128 networks, there can be
((2^9)-2) 510 hosts. We must subtract two from the number of hosts because all zeros are reserved
for the network and all ones are reserved for the broadcast address.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Supernetting example
IBM Power Systems
Notes:
Having four class C addresses is four physical networks each with up to 254 hosts. Each network
would require a router to route packets between them. Supernetting is the opposite to subnetting
and borrows bits from the network portion of the IP address. In the example, we have borrowed 2
bits, changing the subnet mask from 255.255.255.0 to 255.255.252.0. The result is that networks
222.180.109, 110 and 111 have become part of the 222.180.108 network. The 222.180.108 network
can have up to ((2^10)-2) 1022 hosts.
15-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• There are many ways. However, in most cases you start with
smit mktcpip.
A one stop shop
Minimum Configuration & Startup
for TCP/IP config
on AIX.
To Delete existing configuration data, please use Further Configuration
menus
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* HOSTNAME [waldorf]
* Internet ADDRESS (dotted decimal) [10.47.1.18]
Network MASK (dotted decimal) [255.255.0.0]
* Network INTERFACE en0
NAMESERVER
Internet ADDRESS (dotted decimal) [10.47.1.33]
DOMAIN Name [lpar.co.uk]
Default Gateway
Address (dotted decimal or symbolic name) [10.47.0.1]
Cost [0] #
Do Active Dead Gateway Detection? no +
Your CABLE Type N/A +
START Now no +
Notes:
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the system.
The essential items that you will require are:
• Host name of the machine
• IP address and network mask
• Interface to be configured
Desirable items are:
• Default Gateway for the environment
• DNS parameters (nameserver and domain name)
This information populates the /etc/resolv.conf file, as follows:
nameserver 10.47.1.33
domain lpar.co.uk
Cable type is generally not required and can be left as N/A. Start now refreshes or starts, the
TCP/IP subsystems. Note: they should already be running!
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• smit mktcpip should be used only for the first adapter. In a multi-
homed host, subsequent adapters should be configured with smit
chinet.
Change / Show a Standard Ethernet Interface
[Entry Fields]
Network Interface Name en1
INTERNET ADDRESS (dotted decimal) [192.168.0.1]
Network MASK (hexadecimal or dotted decimal) [255.255.255.0]
Current STATE up +
Use Address Resolution Protocol (ARP)? yes +
BROADCAST ADDRESS (dotted decimal) []
Interface Specific Network Options
('NULL' will unset the option)
rfc1323 []
tcp_mssdflt []
tcp_nodelay []
tcp_recvspace []
tcp_sendspace []
Apply change to DATABASE only no +
Notes:
If SMIT is being used to configure further interfaces, then the fast path smit chinet should be
used. All fields are optional, but essential items are:
• IP address and network mask
• Interface to be configured
• State of the interface, default is DOWN – so do not forget to switch this to UP – this is a very
common configuration error.
The network-specific options are beyond the scope of this class.
15-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two ways to
handle this:
• The AIX way, in which configuration is stored in the AIX internal database (ODM). This way, the
configuration remains after shutdown/restart.
• The traditional BSD UNIX way. This way configuration does not survive restarts unless the
commands are entered into the /etc/rc.net file.
The /etc/rc.net file is run by cfgmgr during system boot. The /etc/rc.net file configures
AIX style configuration and optionally traditional BSD UNIX configuration. If only traditional BSD
style networking is required, then the following command can be run: # chdev -l inet0 -a
bootup_option=yes. Doing this, causes AIX to process the /etc/rc.bsdnet instead of
rc.net file at boot time. Commands such as hostname, ifconfig, route and so on, should be
appended to /etc/rc.bsdnet as appropriate.
Even if using the ODM method, the hostname and ifconfig commands are still of great use in
displaying the current kernel network configuration.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• netstat
# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
en0 1500 link#2 ea.48.f0.0.b0.3 3359653 0 238778 0 0
en0 1500 10.47 10.47.1.23 3359653 0 238778 0 0
lo0 16896 link#1 476994 0 476994 0 0
lo0 16896 127 127.0.0.1 476994 0 476994 0 0
lo0 16896 ::1%1 476994 0 476994 0 0
• ifconfig
# ifconfig -a
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet 10.47.1.23 netmask 0xffff0000 broadcast 10.47.255.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
lo0:
flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGES
END,CHAIN>
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1%1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
Notes:
The netstat –i command shows the state of all configured interfaces. The –n flag shows
network addresses as numbers. When this flag is not specified, the netstat command interprets
addresses, where possible, and displays them symbolically.
The ifconfig –a command is used to display information about all interfaces in the system. The
key flags are UP and RUNNING, which shows the interface is available and active.
15-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Name resolution
IBM Power Systems
• DNS - /etc/resolv.conf
domain lpar.co.uk
nameserver 10.47.1.33
Notes:
Systems use different methods for mapping host names to IP addresses. The method depends
upon the environment in which a system is going to participate.
• Flat Network: This method provides name resolution through the file /etc/hosts and works
well in small, stable environments.
• DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in a tree like
database structure. It was created due to the growth of the Internet and designed for large
networks.
• NIS Server (Network Information System): This method provides a centralized server for
administration of configuration, and other files, within a LAN environment.
• LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol for
querying and modifying directory services running over TCP/IP. Tivoli Directory Server (TDS) is
IBM's version of an LDAP server
Default Name resolution
The existence of /etc/resolv.conf determines how a system resolves host names and IP
addresses within a domain or flat network.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
15-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Routing implementation (1 of 2)
IBM Power Systems
Notes:
A route does not define the complete path. It defines only the path segment from one host to a
gateway that can forward packets to a destination, or from one gateway to another. Routes are
defined in the kernel routing table. Each routing table entry has two components:
• Destination address, where you want to end up
• Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
• A host route defines a route to a specific host. The routing IP algorithm still sees a host
address as a network; it is simply a perfect match.
• A network route defines a route to any of the hosts on a specific network through a gateway.
• A default route defines a route to use when the destination did not match any host route or
network-specific route. In most hosts, the only type of route the administrator needs to define is
a default route, also known as the default gateway.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable that is called ipforwarding, which
is used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).
15-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Routing implementation (2 of 2)
IBM Power Systems
Notes:
See the route man page for further details about route options and parameters.
Note that route command above is the traditional BSD UNIX so changes made by route are not
persistent after system restart unless the commands are entered into the /etc/rc.net file
(already discussed in „Command line TCP/IP configuration“). Routes can also be manipulated
through SMIT (smit route) or by commands that change ODM, which is chinet route =
type, [args,], destination, gateway, [metric]. See the chinet man page for
further details.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Multipath routing
IBM Power Systems
2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
Host 10.47.1.18
10.47.1.18
Default Router2
Default Router2 10.47.0.254
10.47.0.254 Primary
Backup
Notes:
Since AIX5L, multiple routes can be configured to the same destination. This configuration is known
as multipath routing (MPR). MPR allows us to load balance between gateways or prioritize paths
using the weight option. MPR also allows us to do Dead Gateway Detection (DGD). This enables
the system to dynamically change the weight on a route if a router has failed. There are two
methods of DGD, active and passive. The passive mode has less overhead on the network, but can
be slow to respond to an outage. Active has more overhead on the network but is more responsive
to an outage because icmp (ping) packets are used to periodically poll/detect if a router is up or
down. Active DGD is deployed by using the –active_dgd option on the route command.
By default, AIX does round-robin load balance between the available routes evenly. It is possible to
customize the load balancing but that is not covered here. If a route is a less desirable route to be
used only for backup, then you can avoid the use of that route by defining a high cost for that route.
The route command option, which identifies cost is the hopcount option with a large value making
that route less desirable. AIX always uses a route that is lower cost.
15-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
IP aliasing
IBM Power Systems
Notes:
IP aliasing is used widely in clustering technologies (such as PowerHA), and in WPARs. It is very
useful if the network is being converted to another IP subnet or network range.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# ping sys1
PING sys1: (192.108.14.2): 56 data bytes
64 bytes from 192.108.14.2: icmp_seq=0 ttl=255 time=0 ms
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms
^C
----seraph PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
# traceroute sys1
trying to get source for sys1
source should be 10.47.1.31
traceroute to sys1 (192.108.14.2) from 10.47.1.31 (10.47.1.31), 30 hops max
outgoing MTU = 1500
1 merovingian.lpar.co.uk (10.47.1.30) 1 ms 0 ms 0 ms
2 7.7.7.1 (7.7.7.1) 0 ms 0 ms 0 ms
3 sys1 (192.108.14.2) 0 ms 0 ms 0 ms
Notes:
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP ECHO_RESPONSE
from a host or router. If the host is operational and on the network, it responds to the echo.
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>, but
there is an option (-c) to specify the number of packets sent. The ping command sends one
datagram per second and prints one line of output for every response received. It calculates round
trip times and packet loss statistics, and displays a brief summary upon completion.
Be very careful of some options like –f. This will cause ICMP packets to flood the network. Ping is
most useful to test basic connectivity between hosts, but that it cannot tell us any thing about where
the break is in the path. On the other hand, if ping cannot get a response, traceroute can
sometimes still give us information that helps to identify the outage.
traceroute is useful for displaying all the routers between end to end host connectively. It might
turn out that the remote host is OK but a router has failed along the path. traceroute works by
increasing the “time-to-live” value of each successive batch of packets sent. The first three packets
sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router
and make only a single hop). The next three packets have a TTL value of 2, and so on. When a
packet passes through a host, normally the host decrements the TTL value by one, and forwards
15-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the
packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility
uses these returning packets to produce a list of hosts that the packets have traversed the route to
the destination. The three time stamp values returned for each host along the path are the delay
(known as latency) values typically in milliseconds (ms) for each packet in the batch. If a packet
does not return within the expected timeout window, a star (asterisk) is traditionally printed.
traceroute might not list the real hosts. It indicates that the first host is at one hop, the second
host at two hops, and so on. IP does not guarantee that all the packets take the same route. Also,
note that if the host at hop number N does not reply, the hop will be skipped in the output.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Each process that wants to communicate with another process needs to identify itself in some way.
The logical construct used by TCP/IP to accomplish this task is called a port.
A port uniquely identifies an application (also called network services). The source port number and
the destination port number are contained in the header of each TCP segment or UDP packet.
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number that tells
the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which uniquely
identifies a single network process. A socket is also referred to as a communication end point. A
pair of sockets uniquely identifies the end to end connection. Socket communication can be viewed
with the netstat –a command.
15-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
inetd daemon
IBM Power Systems
# refresh –s inetd
0513-095 The request for subsystem refresh was completed successfully.
Notes:
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads its
configuration from the /etc/inetd.conf file. This file contains the names of the services that inetd
listens for requests and starts as needed to handle these requests. The file is used to enable and
disable network services, such as ftp. To disable ftp on the host, edit the inetd.conf file, locate
and comment out the ftp program, then refresh the inetd daemon.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Partition Activation
Notes:
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which in turn initialize the network interfaces and set up routing by
processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip script. This
script can be edited directly to comment or uncomment subsystem startup. The inetd daemon is
responsible for loading network programs upon request, such as ftp, telnet and so on. Once the
core TCP/IP subsystems have been initialized, further TCP/IP based applications such as NFS,
NIM, PowerHA, can be started.
15-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The commands, telnet, rsh, rexec, and rlogin are all part of the bos.net.tcp.client file set
which is installed by default. Any passwords entered using these commands are transferred over
the network in clear text and can be easily captured using packet sniffing tools. rsh, rexec, and
rlogin commands can be configured so that the client user does not have to supply a password.
This introduces further vulnerabilities in the system. Ideally all r* commands, including telnet,
should be disabled. They can be replaced by SSH. OpenSSH, including secure copy and file
transfer commands, can be installed using the AIX expansion pack media.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# ftp waldorf
Connected to waldorf.lpar.co.uk.
220 waldorf.lpar.co.uk FTP server (Version 4.2 Tue Feb 19 19:37:47 CST 2013)
ready.
Name (waldorf:root):
331 Password required for root.
Password:
ftp> prompt
Interactive mode off.
ftp> mput file*
200 PORT command successful.
150 Opening data connection for file1.
226 Transfer complete.
200 PORT command successful.
ftp> bye
221 Goodbye.
Notes:
The ftp command is a commonly used program for transferring files across a network. The remote
user name specified at the login prompt, must exist, and have a valid password defined at the
remote host. To gain a list of all ftp subcommands, type help in an interactive session or see the
man page.
The rcp command is used to copy one or more files between the local host and a remote host. The
scp command is part of OpenSSH and is designed to replace rcp.
ftp and rcp use unsecured protocols, as all data including passwords are transferred across the
network unencrypted. These passwords are very easy to sniff and capture.
AIX (starting with AIX6.1) also has an ftp secure feature (-s) which uses Transport Layer Security
(TSL) to encrypt data. To use the secure (–s) option, OpenSSL must be installed, minimum level
0.9.7.
In each case, the facilities support wild-carding for file names. In the example, they only matched to
a single file, but this can be powerful when transferring a collection of files.
15-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Network file system (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
operating system so it is transparent to applications and users. NFS is based on a client/server
model, where the server stores files and provides clients with access.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• Server configuration
– Starting NFS (now and at system restart)
• /usr/sbin/mknfs –B
# lssrc –g nfs
biod nfs 352444 active
nfsd nfs 221328 active
rpc.mountd nfs 315524 active
rpc.statd nfs 364738 active
rpc.lockd nfs 258262 active
Notes:
The mknfs command configures the system to run the NFS daemons. The mknfs command
accepts the following flags:
• -BAdds an entry to the inittab file to run the /etc/rc.nfs file on system restart and runs
the /etc/rc.nfs file immediately to start the NFS daemons.
• -IAdds an entry to the inittab file to run the /etc/rc.nfs file on system restart.
• -NStarts the /etc/rc.nfs file to start the NFS daemons immediately, when started this way,
the daemons run until the next system restart.
When NFS is started the follow daemons are started:
• The biod daemon runs on all NFS client systems. When a user on a client wants to read or write
to a file on a server, the biod daemon sends this request to the server. The biod daemon is
activated during system startup and runs continuously.
• The nfsd daemon runs on the server and handles client requests for file system operations.
• The rpc.mountd daemon answers client requests to mount file systems. The mountd daemon
finds out which file systems are available by reading the /etc/xtab file. The /etc/xtab file is
15-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty created when file systems are exported on the server. This process is covered in the next
visual.
• The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS implements
an advisory locking mechanism, meaning if a program, and does not pay any attention to the
locking messages it receives, it can go ahead and access the file. In the event of a server crash,
the locking information will be recovered. The status monitor maintains information on the
location of connections as well as the status in the /etc/sm directory, the /etc/sm.bak file,
and the /etc/state file. When restarted, the statd daemon queries these files and tries to
reestablish the connection it had before termination.
The rmnfs command changes the configuration of the system to stop running NFS daemons. It
accepts the same flags as mknfs.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
/etc/exports
/home
/usr/man -ro mknfsexp
/data -root=sys1:sys2
chnfsexp OR smit nfs
rmnfsexp
exportfs -a
exportfs /home
/etc/xtab /usr/man -ro
/data -root=sys1:sys2
rpc.mountd
Notes:
In order to configure an NFS server, you must first decide:
• What directories you want to export
• Which clients you want to have access the directories and files
• The permissions (for example, read-write, read-only) clients will have when accessing the files
In the example shown in the visual:
• /home is exported to the world with read-write permissions. For security reasons, the clients
root user does not have root privileges when accessing the files remotely. The root user is
mapped to the nobody user (UID = -2).
• /usr/man directory is exported to the world with read-only permissions.
• /data directory is exported to systems: sys1, sys2, and these systems have read-write access
with their root users having root privileges when accessing the files remotely. Normally the
client’s root user is mapped to user nobody on the server.
Only when the NFS subsystem is activated, using the mknfs command, can directories be made
available. When the /etc/export file has been configured, the exportfs command is used to
15-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty make the directories available for client mounting. The exportfs -a command exports all items
listed in the /etc/exports file and automatically copies the entries to the /etc/xtab file.
/etc/xtab file entries are used by the system and always reflect what is currently exported. This
leaves the /etc/exports file available for updating at any time. The /etc/xtab file must never
the edited directly.
An easy way to maintain the NFS export list is to use SMIT or the AIX commands that are issued by
SMIT. These commands are mknfsexp, chnfsexp, and rmnfsexp. The SMT panels will simplify
the creation of otherwise complicated entries in the /etc/exports files. The panel (and the
underlying AIX command) provides an option to specify whether you want to only update
/etc/exports or also export the change to /etc/xtab.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• The showmount command can be used to query the directories that are
exported by the NFS server.
kenny:/ # showmount -e nfs_server
export list for nfs_server:
/usr/man (everyone)
/data kenny,kyle,eric
/home (everyone)
# df /data
Filesystem 512-blocks Free %Used Iused %Iused Mounted on
nfs_server:/data 278528 212920 24% 1317 6% /data_client_mnt
Notes:
The showmount command is useful for viewing which directories are available for mounting on a
particular NFS server. To mount an NFS directory, first create a directory point and then issue the
mount command, as shown in the visual.
Syntax: mount <NFS_server_name>:<server mount point> <client directory mount point>
15-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
– smit mknfsmnt
Add a File System for Mounting
* Pathname of mount point [/data_client_mnt] /
* Pathname of remote directory [/data]
* Host where remote directory resides [nfs_server]
* Security method [sys] +
* Mount now, add entry to /etc/filesystems or both? Both +
* /etc/filesystems entry will mount the directory no +
on system restart.
* Mode for this NFS file system read-write +
* Attempt mount in foreground or background background +
* Mount file system soft or hard hard
Note: Many options removed for clarity.
– /etc/filesystems
/data_client_mnt:
dev = "/data"
vfs = nfs
nodename = nfs_server
mount = false
options = bg,hard,intr,sec=sys
Notes:
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use when
manual mounting or to enable remote file systems to be mounted during system start time.
Key options are:
• Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to UNIX,
DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The default NFS
security used in most implementations is standard UNIX (sys). The other methods are used in
special situations where authentication and encryption are required. These methods are
supported by a new version of NFS, NFS version 4. NFS v4 is not the default version used in
AIX and is a large complex topic which is outside the scope of this class but might want to refer
to the following IBM Redbooks Implementing NFSv4 in the Enterprise: Planning and Migration
Strategies, available at: http://www.redbooks.ibm.com/abstracts/sg246657.html.
• Mode: Read-write or read-only.
• Attempt mount in: Values: background (default) or foreground
If the attempt to mount the directory fails, the mount will be retried in the background. If foreground
is selected, the mount request stays in the foreground even, if the mount request fails.
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
15-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Exercise
IBM Power Systems
TCP/IP
implementation
Notes:
15-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit summary
IBM Power Systems
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 15. TCP/IP networking 15-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
15-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Unit 16. Introduction to Workload Partitions
References
Online AIX Version 7.1 IBM Workload Partitions for AIX
SG24-7559 AIX Version 6.1 Differences Guide (Redbooks)
SG24-7656 Workload Partition Management in IBM AIX Version 6.1
(Redbooks)
Note: References listed as online are available through the IBM Knowledge
Center at the following address:
http://www-01.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.b
ase/kc_welcome_71.htm
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
16-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Workload
• WPARs appear as AIX instances Partition
Workload Test
– Have own daemons and services Partition Workload
Web Partition
– Have own IP addresses Server BI
Notes:
Introduction
Workload Partition (WPAR) is a software-based virtualization feature that is introduced in AIX 6 that
provides new capabilities to reduce the number of AIX operating system images that need to be
maintained when consolidating multiple workloads on a single server. WPARs provide a way for
clients to run multiple applications inside the same instance of an AIX operating system, while
providing security and administrative isolation between applications. WPARs complement logical
partitions and can be used in conjunction with logical partitions if desired. WPAR can improve
administrative efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating multiple
workloads on a single system, and is designed to improve cost of ownership.
Global environment
Workload partitions are created within standard AIX system. The global environment the hosting
part of the AIX system and it does not belong to any workload partition. The global environment is
what you are working with when you log in to the IP address of the AIX system, as opposed to the
IP address of one of the contained WPARs.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
This global environment runs within a dedicated LPAR or physical system. The global environment
owns all physical resources of the LPAR: network adapters, disks adapters, disks, processors,
memory. It allocates CPU and memory resources to the workload partitions. It provides them
access to the network and storage devices.
16-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Rapid provisioning
Notes:
WPARs provide unique partitioning values.
• Smaller number of OS images to maintain
• Performance efficient partitioning through sharing of application text and kernel data and text
• Fine-grain partition resource controls
• Simple, lightweight, centralized partition administration
WPARs enable multiple instances of the same application to be deployed across partitions.
• Many WPARs running DB2, WebSphere, or Apache in the same AIX image
• Greatly increases the ability to consolidate workloads because often the same application is
used to provide different business services
• Enables the consolidation of separate discrete workloads that require separate instances of
databases or applications onto a single system or LPAR
• Reduced costs through optimized placement of work loads between systems to yield the best
performance and resource utilization
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
WPAR technology enables the consolidation of diverse workloads on a single server increasing
server utilization rates.
• Hundreds of WPARs can be created. Far exceeding the capability of other partitioning
technologies.
• WPARs support fast provisioning and fast resource adjustments in response to
normal/unexpected demands. WPARs can be created, and resource controls modified, in
seconds.
• WPAR resource controls enable the over-provisioning of resources. If a WPAR is below
allocated levels, the unused allocation is automatically available to other WPARs.
• WPARs can be migrated to another partition in response to normal shift in or unexpected
change in demand.
WPARs enable development, test, and production cycles of one workload to be placed on a single
system.
• Different levels of applications (production1, production2, test1, test2) can be deployed in
separate WPARs.
• Quick and easy roll out or roll back to production environments
• Reduced costs through the sharing of hardware resources
• Reduced costs through the sharing of software resources such as the operating system,
databases, and tools
16-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• WPAR name that is used as host name and its name resolution as the IP
address.
• IP address that is defined as alias on en0 in global environment.
• Can customize network configuration for WPAR.
• WPARs see only their own IP address in configuration.
• Packets with destination address of WPAR are routed to that WPAR by global
environment.
glob_env
10.47.110.1/16
glob_env: # ifconfig en0 | egrep “en0|inet0”
en0: Workload
inet 10.47.110.1 netmask 0xffff0000 broadcast 10.47.255.255 Partition: wpar1
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255 10.47.33.1/16
en0 (net)
wpar1: # ifconfig en0 | egrep “en0|inet0”
en0:
inet 10.47.33.1 netmask 0xffff0000 broadcast 10.47.255.255
10.47.0.0
Notes:
The network connection for a WPAR is implemented by using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a standard
feature that is used to implement an IP address for each WPAR. By using an IP address that is
different from the hosting global environment, the applications can move from system to system
while keeping the same IP address.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
W1 W2 W3
20 shares 30 shares 50 shares
20% 30% 50%
Notes:
Resource allocation control for each WPAR is performed by the global administrator to prevent a
resource hungry WPAR from negatively impacting the performance of other WPARs.
There are two approaches of specifying CPU and memory allocation:
Share-based target percentage.
Each workload partition receives its part of the specified resource, according to the ratio of its own
share to the sum of shares of all currently active workload partitions.
Limit percentages.
There are three parameters that should be specified:
• Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed to have
available at all times.
• Soft maximum percentage is the maximum amount of a resource that a WPAR can have when
multiple WPARs contend for that type of resource. If there is a sufficient amount of that type of
resource available, and resource contention does not occur, the WPAR can exceed this limit.
16-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • Hard maximum percentage is the maximum amount of a resource that a WPAR can ever have.
Even if there is a sufficient amount of that type of resource available, and resource contention
does not occur, the WPAR cannot exceed this limit.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
• System WPARs
– Self-contained, virtual AIX instance
– Own init process hierarchy including system service daemons
• Such as network services (for example: Telnet and ssh)
– Private copies of system file systems
• Has own configuration, users, and more
– Persistent and independent of the application processes
• Can be stopped and restarted
– Has restricted access to devices and storage
• Application WPARs
– Application launched using WPAR
– Shares global process, device, and system file systems environment
– WPAR stops when application process stops
• Both types
– Allow resource controls
– Can use Live Application Mobility (with WPAR Manager)
– Have own IP address for client access
Notes:
System WPAR
System workload partitions are autonomous virtual system environments with their own private root
file systems, users and groups, login, network space, and administrative domain.
The systems administrator accesses the WPAR through the administrator console or through
regular network tools such as telnet or ssh. Inter-process communication for a process in a
WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple services and
applications run. It takes longer to create a system WPAR compared to an application WPAR, as it
builds its own file systems. A system WPAR is removed only when requested. It has its own root
user, RBAC privileges, and system services like inetd, cron, syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the global
environment.
Application WPAR
An application file system is set up to host only a single application or process. It provides an AIX
runtime environment that is suitable for execution of one or more processes that can be started
16-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty from a single command. As soon as the command exits, the workload partition is also automatically
terminated (or shut down).
• An application WPAR shares the file system of the global environment. It does not own any
dedicated storage.
• An application WPAR can run daemons, but it does not run any of the system service daemons
such as inetd, cron, or srcmstr.
• It is not possible to remotely log in to an application partition or remotely execute an action into
an application WPAR.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
The visual shows an example of the processes structure in a system workload partition, and its
interaction with the global environment.
The global srcmstr daemon starts a process that acts as the WPARs init process, parenting all
other processes in the WPAR. Within the WPAR, the PID of this process is virtualized to appear as
PID 1, just like the init process in the global environment.
Each system workload partition has its own inittab file, so that it appears to be a stand-alone
operating system. The WPAR init parents a standard set of processes including its own srcmstr
and inetd. Having its own inetd daemon means that each system WPAR can have its own telnetd
or sshd to allow someone to log in to the WPAR environment and receive an interactive shell
prompt for that environment.
16-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
{sys02_p2} / # mount
• AIX global Node mounted mounted over vfs date options
environment -------- -------------- --------------- ------ ------------ ----------
/dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE
{wpar1} / # mount
• System WPAR Node mounted mounted over vfs date options
-------- ------------- --------------- ------ ------ ---------
Global / jfs2 Sep 03 14:55 rw,log=INLINE
Global /home jfs2 Sep 03 14:55 rw,log=INLINE
Global /opt namefs Sep 03 14:55 ro
Global /proc namefs Sep 03 14:55 rw
Global /tmp jfs2 Sep 03 14:55 rw,log=INLINE
Global /usr namefs Sep 03 14:55 ro
Global /var jfs2 Sep 03 14:55 rw,log=INLINE
Notes:
The visual shows an example of the default storage model of a system WPAR. The system WPAR
includes the creation of a base directory. This base directory is the root of the chroot system WPAR
environment. By default, the path to this base directory is /wpars/<name_of_wpar> in the global
environment.
From the global environment, the file systems and mount points that are associated with the system
WPAR, are seen as being located within a WPAR-specific subdirectory tree of the global
environment (for example, /wpars/wparname/).
From within the WPAR, the file systems are seen as being rooted at /.
By default the WPAR /usr and /opt file systems are shared with the global environment (read
only). Alternatively, if the application requires read/write access to these directories, the WPAR can
have its own non-shared copies. However, this significantly increases the time required to create,
backup, or restore the WPAR.
Other WPAR file systems such as /, /home, /tmp, and /var are real read-write file systems and
dedicated to the workload partition.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
The private read-write file systems can also be hosted through NFS. NFS provides one way that the
private file systems can be shared between departure system and an arrival system when
implementing Live Application Mobility to move WPARs from box to box (LPAR to LPAR).
16-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Storage access:
– Default: Accessed through mounts that are defined by global administrator
– Global admin can export virtual SCSI or Fibre Channel attached disks
– Global admin can export Fibre Channel adapters
– WPAR can directly administer LVM and file system on exported devices
• Device access:
– Can access only devices that are permitted by global environment
– Permits a limited set of safe pseudo devices, such as /dev/null,
/dev/zero, /dev/random, and /dev/tty
– Forbids devices that can bypass isolation, such as /dev/mem or /dev/kmem
– Default: Cannot load kernel extensions (cannot make devices available)
– Global admin can identify a list of kernel extensions, which the WPAR can
load
Notes:
Direct access to storage devices allows a WPAR more control over its storage. A WPAR with an
exported storage device can define its own volume groups, logical volumes, and file systems and
have more control over the management of that space.
Another advantage of WPAR storage device access is the ability to support Live Application
Mobility (LAM) without placing the private file systems on an NFS server. The private file systems
can be made sharable by using a SAN disk that is managed by the WPAR.
The ability to export FC attached devices to a WPAR was introduced in AIX 6.1 TL3. The ability to
exporting virtual SCSI disks and FC adapters was introduced in AIX 7 and AIX 6.1 TL6. (If updating
an AIX system to AIX6.1 TL6, you must explicitly install the new base file set wio.vscsi; a smit
update_all operation does not install it.)
Staring with AIX 7, the AIX global administrator can identify kernel extensions (KE) that might be
loaded by a WPAR. A process inside the WPAR would need to handle the KE loading. This solves a
problem that prevented some applications form running in a WPAR environment. WPARs that load
kernel extensions cannot be relocated by using Live Application Mobility.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
In the default system WPAR environment, the /usr file system is shared with the global
environment and is accessed through a read-only mount. This reduces the overhead of defining the
WPAR and reduces the time that is needed to build the WPAR. It also reduces the AIX software
maintenance effort, since we only need to update the global copy of the software and then
synchronize the WPARs to the new level.
A detached WPAR has its own private read-write copy of the /usr file system. This provides the
WPAR with the flexibility of installing and maintaining its own software that might not be needed in
the global environment or by other WPARs. The down side is that we lose the benefits that are
provided by the default configuration. Since the WPAR is still using a shared kernel, if the WPAR
maintenance is not matched to the level of the kernel, the WPAR might become unusable.
A rootvg WPAR stores the private file systems on a disk that has been exported to the WPAR. The
advantage of a rootvg WPAR is that the disk can be located on a SAN and shared between
departure and arrival system by using Live Application Mobility.
By default, the rootvg is not a detached WPAR; In other words, while most file systems are on the
exported disk, the /usr file system is still read-only and shared with the global environment.
16-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty The rootvg WPAR can be defined as a detached WPAR, in which case all of its file systems are
stored on the exported disk.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Versioned WPAR
IBM Power Systems
• Detached WPAR running old AIX release in a compatibility environment
• Requires separate LPPs:
– AIX5.2 WPARs for AIX7
– AIX5.3 WPARs for AIX7
Native VWPAR
Native
WPAR AIX52
VWPAR
Native VWPAR
WPAR Native
WPAR
WPAR
Notes:
AIX 5.2 LPARs cannot run on POWER7 hardware. To allow applications that are only certified for
this withdrawn AIX level, versioned WPARs provide a path to move off old equipment to the newer
POWER7 and higher hardware.
To allow this, AIX7 provides a Compatibility Runtime Environment for WPARs where the commands
and libraries that are used by the WPAR do not have to match the level of the common kernel. This
support is provided by a licensed program product that is called AIX 5.2 Workload Partitions for AIX
7 that only runs on a POWER7 and higher platform.
The AIX 5.2 environment has renewed limited software support (AIX 5.2 without this is no longer
serviced). The versioned WPAR also benefits from sharing the AIX7 kernel that provides benefits
of: SMT4, Micro-Partitioning, Virtual I/O Server support, Live Partition Mobility, Live Application
Mobility (with WPAR Manager), and more.
Most applications should run in this environment. But there are exceptions (see the production
documentation). A proof of concept study is recommended before committing to use a versioned
WPAR.
Note: The support for versioned WPARs has also been extended to AIX version 5.3 systems,
requiring a license for the AIX 5.3 WPARs for AIX 7 LPP.
16-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
The system WPAR creation takes the longest to complete because it not only defines new file
systems, it also clones the global file system contents into them. But this is still significantly less
time than installing AIX into an LPAR because (by default) the /usr file system is shared with the
global environment and does not need to have its content that is cloned into a WPAR private file
system.
The displayed commands are the bear essentials. Each of them has many additional options to
customize device access, file systems access, resource controls, network configuration, ability to
save and clone configuration details, and more. For more information, see the man pages for the
commands.
There are additional commands (not covered in this course) that provide additional abilities
including the ability to modify a WPAR, backup and restore a WPARs private file systems, and
more.
For a more complete training in using AIX workload partitions, attend AN17 AIX Workload Partitions
Installation and Management.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Application WPARs
IBM Power Systems
Notes:
Application workload partitions do not provide the highly virtualized system environment that is
offered by system workload partitions, rather they provide an environment for segregation of
applications and their resources to enable resource control, some isolation, and (with WPAR
Manager) application checkpoint, restart, and relocation.
The application WPAR represents an envelope around a specific application process or processes
that provides the manageability and some of the isolation that a system WPAR provides. Since it
uses the global environment system file system and device resources, it is lightweight, quick to
create and remove, and does not take many resources. On the other hand, this prevents separate
configuration and reduces the isolation.
Once the application process or processes are finished, the WPAR is stopped.
There are no login capabilities for the user. If you need to access the application, you must use an
application provided mechanism.
All file systems are shared with the global environment. If an application is using devices, it uses
global environment devices.
16-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
IBM Workload Partition (WPAR) Manager for AIX is a platform management solution that provides a
centralized point of control for managing workload partitions or WPARs, across a collection of
managed systems running AIX.
It is an optional product, part of the IBM Systems Director family, which is designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced features
such as policy-based mobility for the automation of WPAR relocation, based on current
performance state.
WPAR Manager is a separate chargeable licensed program product; it is not part of AIX.
Additional training on the installation, configuration, and use of the IBM Workload Partition (WPAR)
Manager for AIX product is available in the course AN74.
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint
IBM Power Systems
4. True or False: Live Application Mobility (LAM) requires that the WPAR
private file systems reside on an NFS server.
Notes:
16-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Exercise
IBM Power Systems
Introduction to
Workload Partitions
Notes:
© Copyright IBM Corp. 2009, 2015 Unit 16. Introduction to Workload Partitions 16-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
16-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Appendix A. Printers and queues
References
Online AIX 6.1 System Management Guide
Online AIX 5L Version 5.3 Guide to Printers and Printing
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit objectives
IBM Power Systems
Notes:
A-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Print subsystems:
– AIX print subsystem
– System V print subsystem
Notes:
Introduction
The visual gives an overview of the different approaches that can be taken to printing under AIX 5L
and later. In the next two visuals, System V printing is compared to the traditional AIX print
subsystem. The remainder of this unit will focus on using the AIX print subsystem.
Note
You can use either the AIX print subsystem or the System V print subsystem. They will not run
concurrently.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
In this approach, you lose the ability to serialize (spool) print requests. Only one user may print at a
time. On the other hand, if a printer is dedicated to one use, this may be a good solution. Examples
might be logging to a printer, or printing checks.
Print directly to a remote printer through a socket program
This is similar to printing to a device driver, except that in this case, you are sending the output to a
program which makes a connection to the printer over the network.
Print using the System V print subsystem
In this environment, files to be printed are sent to the System V print service daemon, lpsched,
using the lp or lpr commands. The print service daemon serializes the jobs, so they will be
printed in the order in which they were submitted. The print service may filter the file to format the
data so that it matches the types of data acceptable to the printer. The print service then sends files,
one at a time, to the interface program, which may do additional filtering before sending the file to
the local printer driver or network printing application.
Print using the AIX print subsystem
In this environment, files to be printed are sent to the AIX print spooler daemon, qdaemon, using
any of the AIX print commands (enq, qprt, lp, or lpr). The spooler daemon serializes the jobs.
The spooler sends jobs, one at a time, to programs that may filter the data, before sending it to the
local printer driver or network printing application.
Print using IBM’s Infoprint Manager (or similar advanced print management system)
Infoprint Manager provides serialization and filtering similar to the System V or AIX print
subsystems. In addition, it adds extra capabilities of security, customization, and control not
provided by either System V printing or AIX printing. For additional information, refer to the Infoprint
Manager website:
http://www.printers.ibm.com/internet/wwsites.nsf/vwwebpublished/ipmaix_ww
A-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Notes:
Powerful and flexible printer drivers
AIX printer drivers provide many printing options that can be easily controlled using command-line
options to the qprt command. Printer defaults can be easily managed using SMIT or the command
line.
System management tools
The AIX print subsystem includes mature and powerful system management using either the
web-based System Manager or SMIT, as well as the command line. Some specific system
management advantages using the AIX print subsystem are:
- Limits fields and options validation
- Gives the user or administrator a range of valid values for print options and prevents the
user from using an invalid value
- Easy printer customization
- Printers can be customized using menu selections or command line options. Under System
V printing, customizing printers often requires a knowledge of shell programming.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
A-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
• Compatibility
• Security
Notes:
Compatibility
System administrators with experience in other UNIX variants that use System V printing, will find it
easy to manage printing under AIX’s System V print subsystem.
Availability of interface programs
Many printer manufacturers provide interface shell scripts to support using their products under
System V printing. Usually, only minor modifications are required for individual UNIX variations.
Because the AIX print subsystem is proprietary, an interface program written for another operating
system cannot be used in the AIX print subsystem. It must be completely rewritten. This has led to
a limited number of printers supported under AIX. With the support of System V printing in AIX 6.1,
it is easier for manufacturers to include support for AIX printing.
Security
Controlling user access to printers can be an important issue. For example, you might need to limit
access to the printer used to print checks. System V printing includes built-in capabilities for
restricting user access to certain printers. Using the AIX print subsystem, the backend program
must be customized to restrict user access.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
A-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Concepts of queues
IBM Power Systems
file1
Queue1
file1
file2
.
file2 .
file3
/dev/lp0
Queue2
file3
file4
file4
/dev/lp1
© Copyright IBM Corporation 2009, 2015
Notes:
Purpose for queues
The purpose of the queuing system is to maintain a queue of jobs that are waiting for their turn to
run (that is, use some system resource, like a printer or the CPU). The AIX 6.1 queuing system
performs this function.
Benefits of queues
The queues also give control to the system administrator over the queuing mechanism. Therefore,
the system administrator can perform tasks like canceling jobs on queues, changing priorities of
jobs, and so forth.
A queue enables the sharing of resources in an ordered fashion.
The diagram above illustrates three important issues:
• One print queue can point to a number of printers (and it is the job of the qdaemon to determine
the next available printer to print on), for example, Queue1.
• Users may submit their jobs to a number of different queues.
• A printer can have a number of different queues pointing to it, for example, the printer
/dev/lp1 is accessed by both Queue1 and Queue2.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
lp lpr qprt
enq
copy of file (if requested)
Queue
Spool
monitors directory
qdaemon uses spool file
(if it exists)
starts
Backend Virtual Printer
(piobe) Definition
submits file to
printer
/dev/lp0
© Copyright IBM Corporation 2009, 2015
Notes:
Print request
Local printing is implemented through a queuing mechanism. The user can issue one of the printer
commands qprt, lp, lpr, or enq to submit a print job. Although a user can use any one of these
four commands, the true entry point to the spooler is the enq command which is responsible for
processing the job request, creating a job description file (JDF), and notifying the qdaemon of the
new job.
The qdaemon
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined queues
and monitors the queues for newly submitted jobs. qdaemon tries to process the job if the
destination device is available, otherwise the job remains in the queue and qdaemon tries again
later.
Queuing system process
The flow of the queuing system shown in the visual:
A-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty • The printing command calls enq. enq checks to see if the requested queue name is a valid
queue and all of the parameters are correct. If so, it continues, if not, an error message is
returned to the user.
• An entry is made in the /var/spool/lpd/qdir directory identifying the job to be run. If the
printer command uses an option to indicate that a copy of the file is to be made, the copy is
placed in the spool directory /var/spool/qdaemon.
• The qdaemon is notified of a new job in its qdir directory.
• When the queue is ready for the job, the qdaemon reads information from the /etc/qconfig
file describing the queue.
• The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that
the queue is now working on a new job.
• The qdaemon starts the back-end program, passing the file names and appropriate options on
the command line.
• The back-end determines the correct data stream characteristics, and merges these with the
actual file. The data stream characteristics are stored as virtual printer definitions in the
/var/spool/lpd/pio/@local directory.
• The back-end program sends its data stream to the device driver for the appropriate printer.
What happens when a file is spooled?
When a file is spooled, a copy of that file is sent to the print spool directory,
/var/spool/qdaemon. The copy remains in that directory until it is printed. This means that if you
spool a file to the printer, a user could continue to make revisions to the original since the copy in
the print spool directory will not be altered. This ensures that the file that is sent to the printer gets
printed in its original form, even if a user edits the original file that is on disk. Spooled files take up
disk space in /var until they are printed.
When a file is queued, one line of information is sent to the /var/spool/lpd/qdir directory
which points back to the original file on disk. If revisions are made to the file on disk before it is
pulled from the queue to print, the revised file is printed.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Print related files and directories
The system files and directories used for printing include:
• The /etc/qconfig file describes the queues and devices available for use by the printing
commands.
• The /var/spool directory contains files and directories used by the printing programs and
daemons.
• The /var/spool/lpd/qdir directory contains information about files queued to print.
• The /var/spool/qdaemon directory contains copies of the files that are spooled to print.
• The /var/spool/lpd/stat directory is where the information on the status of jobs is stored.
It is used by the qdaemon and backend programs.
• The /var/spool/lpd/pio/@local directory holds virtual printer definitions. This is where
the attributes of printers are paired with the attributes of corresponding data stream types.
It is recommended that SMIT be used to update these device-related files. In most cases, updating
standard system files is not recommended.
A-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
qdaemon
IBM Power Systems
• Manages queues
Notes:
qdaemon introduction
The qdaemon program schedules jobs that have been enqueued. It is a background process that is
usually started at system IPL through the startsrc command run from /etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each queue. The
stanza identifies any queue management options and points to a queue device stanza, which
identifies the destination printer, the formatting options, and the back-end program.
The back-end program
The back-end program is called by qdaemon to actually process each request. The back-end
program is determined by how the printer is connected to the AIX system. For local printing, the
back-end program is /usr/lib/lpd/piobe. For a remote printer, it is /usr/lib/lpd/rembak.
The back-end program uses printer attribute information to prepare the printer and format the data
for output. It also prints header and trailer pages, if they are enabled.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Notes:
Introduction
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and other
stanzas describe devices. Every queue stanza requires that one or more device stanzas
immediately follow it in the file.
This file is the key to customizing the queues. Although the file can be edited directly, it is
recommended that it be changed through high-level commands or through SMIT.
Queue stanza
This starts with the queue name, which can be up to 20 characters, followed by a colon. The queue
name is used by the person submitting a job to indicate the requested queue. The first queue in the
/etc/qconfig file is the default queue, which receives any job requests submitted without a
specific queue name.
A-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to the
device
device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print accounting
acctfile false filename
information
up Defines the state of the queue TRUE FALSE
Device stanza
The name of a device stanza is arbitrary and can be from one to 20 characters long. The name is
followed by a colon.
The attributes that can be found in the device stanza include:
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
FALSE indicates no redirection and that the file
name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and parameters
to be passed to it
both (used
Specifies the type of access the back-end has to for modems
access the file specified by the file field This field is write or backends
ignored if the file field has the value, FALSE. needing read
capability)
Specifies whether a header page prints before always
header never
each job or group of jobs group
Specifies whether a trailer page prints after each always
trailer never
job or group of jobs group
Specifies either the number of separator pages
to print when the device becomes idle or the
feed never integer
value never, which indicates that the back-end
is not to print separator pages
Specifies whether the back-end sends a
align form-feed control before starting the job, if the FALSE TRUE
printer was idle
The device stanza must contain an attribute that designates the back-end program. The function of
the back-end is to manage the printing of the actual job. It also produces the final data stream that
goes to the printer. The most common back-end program for local printing is piobe.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
If different users prefer different default printers, then the PRINTER variable can be set up, on a per
user basis. The PRINTER variable should be set to the queue that the user wants to be their default
queue, for example:
# PRINTER=ps ; export PRINTER
A-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Printer menu
IBM Power Systems
# smit spooler_choice
Print Spooling
Notes:
Interface to manage spooling
AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. The web-based
System Manager supports both print spooling systems.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit spooler
Notes:
SMIT AIX printer menu
The SMIT fast path to this menu is smit spooler. Printers and print queues can also be managed
using the web-based System Manager.
The options on this menu are:
- Start a Print Job
This option starts a print job by submitting the job to a print queue.
- Manage Print Jobs
This option opens a submenu which enables you to cancel jobs, show the status of jobs,
prioritize jobs, hold and release jobs, and move jobs between print queues.
- List All Prinul3t Queues
This option displays a list of all the print queues and their associated printers.
• Manage Print Queues
You can start and stop print queues, show the status of print queues and change the system's
default print queue.
A-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
Adding a local print queue
In our example, assume that the printer is directly attached to our AIX system. To configure a printer
attached in this way, choose local.
Some applications contain their own print control mechanisms and thus require that a printer be
configured without a queue. Use the SMIT fast path smit pdp to define a printer without a queue.
A-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Printer Type
Move cursor to desired item and press Enter.
Bull
Canon
Dataproducts
Hewlett-Packard
IBM
Lexmark
OKI
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)
Notes:
Specify the printer manufacturer
The next selection that has to be made is the printer type. Notice that IBM is only one of the choices
and many other manufacturers are supported as well. Note also that there is an Other option which
will be selected if the printer type is not supported; that is, not part of the list.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Printer Type
[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
ibm3116 IBM 3116 Page Printer
ibm3130 IBM 3130 LaserPrinter
ibm3812-2 IBM 3812 Model 2 Page Printer
ibm3816 IBM 3816 Page Printer
ibm4019 IBM 4019 LaserPrinter
ibm4029 IBM 4029 LaserPrinter
ibm4037 IBM 4037 LP printer
ibm4039 IBM 4039 LaserPrinter
[MORE...49]
Notes:
Select the manufacturer’s supported printer
If you do not have the software installed for your printer, you are prompted to insert the media to
install the software first, before configuring the device and the queue.
The choice of printer determines the queue, or the virtual printer, setup. For example, an IBM 4029
Laser Printer is capable of handling PostScript, ASCII, GL Emulation, and PCL Emulation. The
SMIT print spooling menus guide you through the creation of up to four separate queues which
submit to the same printer.
A-22 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Printer attachment
IBM Power Systems
Printer Interface
Move cursor to desired item and press Enter.
parallel
rs232
rs422
Parent Adapter
Move cursor to desired item and press Enter.
Notes:
Selecting the printer attachment
After selecting a printer type, a pop-up window is displayed where the printer interface must be
chosen. Possible values are parallel, RS232, and RS422. Some printers support multiple
attachment methods.
Then, a list of installed adapters that support that method of attachment are presented.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
[Entry Fields]
Notes:
Create the print queues
This menu varies depending on the characteristics of the physical printer. If the printer is capable of
two or three different modes or emulations, the system prompts you for a separate queue name for
each emulation. Once these queues are created, they are sometimes referred to as virtual print
devices.
Additional queues can be added to this printer after the initial queues are created.
A-24 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Remote printing
IBM Power Systems
host1 client1
lp1
Notes:
Overview of print server setup
Once your system has the local queue set up, any user on that system can print. If the machine is
networked, it can also provide printing for client machines by becoming a print server.
To set up a print server, you need to define the client machine names, or IP addresses, in the
/etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be done through
SMIT. To use SMIT, the fast path to identify the client system is smit mkhostslpd.
The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT also adds
entries to /etc/inittab to ensure that it is started on reboot. The fast path for this screen is smit
mkitab_lpd.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Client authorization
IBM Power Systems
# smit mkhostslpd
[Entry Fields]
* Name of REMOTE CLIENT [client1]
(Hostname or dotted decimal address)
Notes:
Set up client authorization
This step is done on the print server. On this screen, enter the client machine's name or IP address.
A plus sign ( + ) is also valid. It indicates that this AIX system is a print server to all machines.
A-26 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Start lpd
IBM Power Systems
# smit mkitab_lpd
[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
EXPORT directory containing print attributes? [no] +
Note:
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running
Notes:
Starting the lpd daemon
This step is done on the print server. The lpd daemon is controlled by the system resource
controller (SRC). The commands startsrc and stopsrc can be used to control lpd. By using
SMIT, an entry is placed in the /etc/inittab file to ensure that lpd is started each time the
machine is booted.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend
Notes:
Adding a remote queue on the client
This step is done on the client machine. The procedure to add a remote queue starts the same way
as a local queue: smit spooler > Add a Print Queue. This time, select remote as the attachment
type.
You are prompted to determine if you want to perform any type of filtering or pre-processing to the
print job before it is sent. Normally, Standard Processing is selected. This just sends the job to the
printer server and the print server is responsible for processing the job.
A-28 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
*Name of QUEUE on remote server [lp1]
Type of print spooler on remote server AIX Version 3 or 4 +
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
file pathname
DESCRIPTION of printer on remote server []
Notes:
Required input
Only three lines are required to complete the queue set up. You must name your local (to the client)
queue name. Then, provide the name of the printer server. Lastly, name the queue on the print
server.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Let’s review
IBM Power Systems
Notes:
A-30 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
$ lp -d queuename filename
- OR-
Notes:
Introduction
There are three sets of commands for submitting, listing and canceling print jobs. They come from
either System V, BSD, or IBM versions of UNIX and are all available in AIX. The commands have
slightly different options.
Submitting a print job
To submit a print job to a queue, use either lp, lpr, or qprt. All jobs go to the system default
queue, unless the PRINTER or LPDEST variables are set. You can also specify, on the command
line, which queue to use. Use -d with lp or use -P with qprt and lpr.
Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c option if
spooling is desired. The command lpr spools and queues by default. The -c option will turn off
spooling with lpr.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Multiple copies
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and with lpr use
just a hyphen followed by the number of copies ( - # ).
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the /var/spool/qdaemon
directory.
The enq command
All the print commands, lp, lpr, and qprt, actually call the enq command which places the print
request in a queue. enq can be used instead of the other commands to submit jobs, view job
status, and so forth. To submit a job using enq:
$ enq -Pqueuename filename
Requesting a specific printer
Ordinarily your request is serviced by the first device on the queue that becomes available.
However, if more than one printer services a queue, you can request a specific printer by using the
name of the queue followed by a colon (:) and then the name of the printer. For example, if a system
with one queue (ps) is serviced by two printers (lp0 and lp1), and a print job needs to be printed on
the lp1 printer, use the command:
$ qprt -Pps:lp1 /home/team01/myfile
A-32 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
For example:
$ qchk
Queue Dev Status Job Files User PP % Blks Cp Rnk
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1
1
Notes:
Checking status with the qchk command
Many of the print job control tasks require the user to supply a job number. The job number, along
with other queue status information is available by checking the status of print jobs.
The fields from the qchk command are as follows:
Queue Queue name
Dev Logical device name for the queue
Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)
Job The job number assigned by the qdaemon
Files Files sent to the queue
User User who sent the print request
PP Number of pages printed
% Percent completed
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Blks The number of 512-byte blocks the print job has been split into
Cp Copies of each job to be printed
Rnk Order on that queue
Other viewing commands
Other commands that can be used to view printer status include:
lpstat Shows status of all queues
lpq Shows status of the default queue
qchk -A Shows status of all queues
enq -A Shows status of all queues
qchk -W Shows status in wide-form mode
This is helpful if using long queue and device names, and 6-digit job numbers. This option is
available with AIX V4.2.1 and later.
A-34 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit chpq
[Entry Fields]
1.Printer Setup
2.Default Print Job Attributes
3.Accounting File
4.Queuing Discipline
Notes:
Attributes for Printer Setup option
After selecting 1. Printer Setup, the following attributes can be changed or shown:
- Automatic mode switching to PostScript
- Paper size in trays and the manual feeder
- Envelope size
- ID of the font cards
- Paper trays for header and trailer pages
- Formatting flags for the header and trailer pages
- Users to get the intervention messages
- Flags prohibited for all print files
- Mode in which to leave the printer at the end of the job
- Width of printable area on header page
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
A-36 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Removing a queue
IBM Power Systems
# smit rmpq
[Entry Fields]
Print queue to remove ps:lp0
Local printer device /dev/lp0
Notes:
Removing a queue with SMIT
It is not possible to remove a queue containing jobs. The jobs would have to be removed first.
The last option on the screen asks whether the printer device definition should be kept. This option
will only appear if the queue being removed is the only queue defined for a printer. Note that by
default, it will be removed.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Managing queues
IBM Power Systems
# smit pqmanage
Notes:
SMIT Managing Queues options
The following actions can be performed:
• Show Status of Print Queue gives output similar to qchk and lpstat.
• Stop a Print Queue runs the disable command.
• Start a Print Queue runs the enable command.
• Set the System's Default Print Queue reorders the /etc/qconfig file to ensure the default
queue is the first queue in the file.
A-38 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
State Description
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
DOWN Queue is down and no jobs will be serviced
from this queue until it is brought up
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
© Copyright IBM Corporation 2009, 2015
Notes:
Introduction
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There are a number
of different status states that may be seen.
DEV_BUSY
This status can occur when more than one queue is defined to a print device and another queue is
currently using the print device. It could result when the qdaemon attempts to use the printer port
device and another application is currently using that print device. Normal recovery: You have to
wait until the queue or application has released the print device, or kill the job or process that is
using the printer port.
DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline, out of
paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery: Check to see if the
printer is offline, out of paper, jammed, or loosely cabled. Sometimes the jobs have to be removed
from the queue before the problem can be corrected.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
DOWN
This status is set when the device driver cannot communicate with the printer after TIME OUT
seconds (which can be set through SMIT). This variable indicates the amount of time, in seconds,
that the queuing system waits for a printer operation. If the printer is off, the queue will go down.
Also, the operator can bring down the queue intentionally, which might be necessary for system
maintenance. Normal recovery: Correct the problem that has brought the queue down and then
bring the queue up again.
OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the paper,
change forms, and so on. This is usually software related. Normal recovery: Respond appropriately
to the request that is made by the queuing system.
QUEUED
This status is set when a print file is queued and is waiting in line to be printed.
READY
This is the status of a queue when everything involved with the queue is ready to queue and print a
job.
RUNNING
This status occurs when a print file is printing.
UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is using, and its
status is DEV_WAIT. The queue cannot get a status from the printer device when it is on hold.
Normal recovery: Bring down the other queue or fix the problem with the printer (paper out,
jammed, offline and so on). Bring the new queue down and then back up so that the queue will
register as READY.
A-40 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# lpstat
Queue Dev Status Job Files User PP % Bks Cp
Rnk
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
Quality lp0 READY
Notes:
Enabling a queue
Occasionally, problems with printers can bring a queue down. Once the problem has been fixed it
can be brought back up with:
# enable <queuename>
Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any maintenance is
going to be performed on the printer. You can do this with either of the commands:
• # disable <queuename>
• # enq -D -P <queuename>
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# smit jobs
Notes:
Who can manage print jobs?
The root user or a member of the print group can work with any print request. Normal users can
only work with their own print jobs.
A-42 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# smit qcan
[Entry Fields]
PRINT QUEUE containing job [ ] +
(required for remote jobs)
* Print JOB NUMBER [ ] +#
Notes:
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue. Normal
users can only cancel their own jobs, whereas root can cancel any job.
Commands to cancel print jobs
To cancel a job you can either use the smit qcan fast path, or use one of the following commands:
- cancel (System V)
- lprm (BSD)
- qcan (AIX)
Examples
To cancel job number 127 on whatever queue the job is on, you can use either of the following two
commands:
- # qccel 127
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
To cancel all jobs queued on printer lp0, you can use either of these two commands:
- # qcan -X -Plp0
- # cancel lp0
A-44 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# qchk -L
Queue Dev Status Job Name From To
______ ___ _______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25
1 15 2 1
/etc/qconfig
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 2 15 1 1
/etc/motd
# qpri -#570 -a 25
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
Notes:
Processing order
The discipline line in the /etc/qconfig file determines the order in which the printer serves the
requests in the queue. In the queue stanza, the discipline field can either be set to fcfs
(first-come-first-serve) or sjn (shortest-job-next). If there is no discipline in the queue stanza,
requests are serviced in fcfs order.
Changing print job priority
Each print job also has a priority that can be changed through SMIT (smit qpri) or with the qpri
command. Print jobs with higher-priority numbers are handled before requests with lower-priority
numbers. Only a user who has root authority or who belongs to the printq group can change the
priority of a local print request.
Note
You can only set priorities on local print jobs. Remote print jobs are not supported.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
A-46 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
# qhld -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1
# qhld -r -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
Notes:
Holding and releasing a print job
The qhld command is used to put a temporary hold on a job that is waiting in the queue. The qhld
command is also the command that is used to release job back in the queue.
The visual provides an example of using the qhld command to hold and then release job # 1493.
This task can also be accomplished through smit (smit qhld).
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
# qchk -A
Notes:
Moving print jobs
You can move jobs between queues in AIX. The command qmov is used. The -m option specifies
what queue to move the job to and the -# option specifies the job number.
This can be done through smit using smit qmov.
A-48 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
var
spool
lpd
qdaemon
qdir
Notes:
Why directories may fill up
The directories shown in the visual fill up very quickly if the spooling mechanism encounters a
problem. For example, if the queue goes down, or if there are many users submitting jobs, there
may not be enough room to handle the requests.
Remember, when print jobs are submitted to spooling rather than just queuing, a copy of that file is
created and stored in the /var/spool/qdaemon directory until that job has printed. At that time,
the temporary file is removed. If the queue or multiple queues quit working, jobs don't get through
the system. This could cause a full condition in this directory structure.
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
NO YES
Check hardware Check software
Notes:
First step
If you experience problems trying to print, start by checking the simple things first.
The easiest test to perform is to cat a file and redirect standard output to the printer device file. This
by-passes the queuing system and helps to narrow the problem.
Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually hardware-related.
Check to make sure the cables are attached securely. Make sure the printer is ready to print
(online). Make sure there is paper in the printer and there are no paper jams.
Potential software problems
If something does print out using cat but not print out when using lp, qprt, or lpr, the problem is
most likely software-related.
Check to make sure the qdaemon is running. If not, start it.
# lssrc -s qdaemon
# startsrc -s qdaemon
A-50 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Checkpoint (1 of 2)
IBM Power Systems
1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.
Notes:
A-52 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Uempty
Checkpoint (2 of 2)
IBM Power Systems
5. What three methods can be used to find out what the system default
queue is?
8. Can users hold all their print jobs in a specific queue? If so, how?
Notes:
© Copyright IBM Corp. 2009, 2015 Appendix A. Printers and queues A-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook
Unit summary
IBM Power Systems
Notes:
• Queues can be added for local or remote printing.
• Queue characteristics can be changed either through SMIT or through high-level commands.
• Queues can be brought up and down by the system administrator.
• The following tasks were considered:
- Submit and cancel print jobs
- List the jobs in a queue
- Hold and release jobs in a queue
- Move a job from one queue to another
- Change priorities of a print job
A-54 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
AP
Appendix B. Checkpoint solutions
Checkpoint solutions
IBM Power Systems
1. What is the name of the device, which creates and controls LPARs?
The answer is the HMC.
4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.
The answer is true. You must also know the root password.
Checkpoint solutions
IBM Power Systems
1. List the two main system management tools available on AIX.
The answers are SMIT and IBM Systems Director console for AIX.
3. What information can one get from looking at the system configuration details
in IBM Systems Director Console?
The answers are firmware/model information, file system information, paging
space information, a list of top CPU logging processes, and network
configuration, IP address, and so on.
B-2 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions
IBM Power Systems
1. What is the first process that is created on the system and which file
does it reference to initiate all the other processes that must be
started?
The answer is the initial process is init. The file init references
/etc/inittab for information regarding other processes that must
be started.
2. Which AIX feature can be used to stop and start subsystems and
groups of daemons?
The answer is the System Resource Controller (SRC).
3. True or False: You can run the shutdown command only from the
console.
The answer is false.
Checkpoint solutions
IBM Power Systems
1. AIX 7 can be installed from which of the following? (Select all that are
correct.)
a. 8 mm tape
b. CD-ROM
c. NIM server
The answers are CD-ROM and NIM server.
B-4 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
c. Install state
d. Commit state
The answers are Applied state and Commit state.
2. What command is used to list all installed software on your system?
The answer is lslpp –l or –L.
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
The answer is they all apply.
4. True or False: If a problem is found with the inetd subsystem, it is possible
to download and apply a fix to the bos.net.tcp.server fileset in AIX to
correct the problem.
The answer is false.
© Copyright IBM Corporation 2009, 2015
Checkpoint solutions
IBM Power Systems
2. What is the purpose of a device major number? How would you locate the
major number of a disk, hdisk18?
The answers are the AIX kernel can determine the actual driver and device to
be accessed for a user-level request. Perform a long directory list of the /dev
directory.
4. What commands can you run on AIX to document the system configuration?
The answers are prtconf, lsdev, lscfg, lsslot, and lsattr.
B-6 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions (1 of 2)
IBM Power Systems
1. How many different physical partition (PP) sizes can be set within a single VG?
The answer is one.
3. How many volume groups (VGs) can a physical volume (PV) belong to?
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system
The answer is only one.
4. True or False: All VGDA information on your system is identical, regardless of how
many VGs exist.
The answer is false. All VGDAs within a VG are the same.
Checkpoint solutions (2 of 2)
IBM Power Systems
7. What is the mount point for the file system located on the /dev/hd4 logical volume?
The answer is /.
8. Which file system is used primarily to hold user data and home directories?
The answer is /home.
© Copyright IBM Corporation 2009, 2015
B-8 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions
IBM Power Systems
1. True or False: A logical volume can span more than one physical
volume.
The answer is true.
2. True or False: A logical volume can span more than one volume group.
The answer is false.
Checkpoint solutions (1 of 2)
IBM Power Systems
1. Does the size of the file system change when the size of the logical volume it
is on is increased?
The answer is no.
2. If you remove a file system, is the logical volume on which it sits removed as
well?
The answer is yes.
5. True or False: SMIT can be used to easily increase or decrease the size of an
enhanced JFS filesystem.
The answer is true.
B-10 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions (2 of 2)
IBM Power Systems
7. What command can you use to determine whether a file system is full?
The answer is df.
8. What command can produce a report listing the size (in MB) of all the
files and directories that are contained in a specific location?
The answer is du.
Checkpoint solutions
IBM Power Systems
1. What conclusions regarding potential paging space problems can you reach
based on the following listing?
Page Physical Volume Size %Used Active Auto Type chksum
Space Volume Group
The answer is the information that is provided is not enough to fully analyze
the situation; however, at first glance, here are the potential problems:
a. paging00 is underutilized.
b. paging01 is over utilized, and the size seems to be too small.
c. Both user-defined paging spaces are on the same disk.
d. paging01 should be deleted. The administrator should investigate why there is a
high level of paging and possibly increase the size of hd6 and paging00.
2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
The answer is true.
© Copyright IBM Corporation 2009, 2015
B-12 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions
IBM Power Systems
2. On a mksysb tape, what command would you use to restore individual files
from a mksysb tape?
The answer is either # restorevgfiles –f /dev/rmt0 <path to
file> or # restore –s 4 –f /dev/rmt0.1 <path to file>.
3. True or False: smit mksysb backs up all file systems, provided they are
mounted.
The answer is false. mksysb backs up only rootvg file systems. To back up
other volume groups, you must use the savevg command.
Checkpoint solutions (1 of 2)
IBM Power Systems
B-14 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions (2 of 2)
IBM Power Systems
7. True or False: When you delete a user from the system, all the user’s
files and directories are also deleted.
The answer is false.
Checkpoint solutions (1 of 2)
IBM Power Systems
1. If an ordinary user forgets their password, can the system administrator find
out by querying the system as to what the user’s password was set to? Why
or why not?
The answer is no. The passwords are held in encrypted format; therefore
even the system administrator cannot tell what the password was set to.
B-16 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions (2 of 2)
IBM Power Systems
Checkpoint solutions
IBM Power Systems
2. Give a crontab entry that would specify that a job should run every
Thursday at 10 past and 30 minutes past every hour.
The answer is 10,30 * * * 4 <job>.
B-18 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
Student Notebook
Checkpoint solutions
IBM Power Systems
Checkpoint solutions
IBM Power Systems
1. True or False: Workload Partitions require POWER7 Systems.
The answer is false. Requires POWER4 or later.
4. True or False: Live Application Mobility (LAM) requires that the WPAR private
file systems reside on an NFS server.
The answer is false. LAM requires that the private file systems be accessible
to both systems. They can either be on an NFS server or, if using a rootvg
WPAR, be placed on a shared fiber-attached SAN disk.
B-20 AIX Implementation and Administration © Copyright IBM Corp. 2009, 2015
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V9.0
backpg
Back page