Scribd
Upload
460 views650 pages

AN123 Stud

AN123stud

Uploaded by

ovidiu0702
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
460 views650 pages

AN123 Stud

AN123stud

Uploaded by

ovidiu0702
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 650

V8.

cover

IBM Training Front cover


Student Notebook

Power Systems for AIX II: AIX Implementation and


Administration
Course code AN12 ERC 3.1
Student Notebook

Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX 5L AIX 6 AIX
AS/400 DB2 Electronic Service Agent
Everyplace Express HACMP
Informix Language Environment Notes
Power Architecture POWER Hypervisor Power Systems
Power PowerHA PowerVM
POWER6 POWER7 PureFlex
System p System Storage Tivoli
WebSphere
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
jurisdictions.
Other product and service names might be trademarks of IBM or other companies.

October 2013 edition


The information contained in this document has not been submitted to any formal IBM test and is distributed on an as is basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customers ability to evaluate and integrate them into the customers operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

Copyright International Business Machines Corporation 2009, 2013.


This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
V8.2
Student Notebook

TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Course description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Unit 1. Introduction to IBM Power Systems, AIX, and system administration . . . . 1-1
Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
AIX overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3
Logical partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Dynamic logical partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
Live Partition Mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
POWER7 offerings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Typical Power system layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
The HMC (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11
The HMC (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12
LPAR virtualization overview (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13
LPAR virtualization overview (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15
Virtual I/O Server overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Virtualization example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-18
Role of the system administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20
Who can perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
How can we perform administration tasks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-26

Unit 2. AIX system management tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
UNIX system administration challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
System management objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
AIX administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
SMIT main menu (text based) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Dialog screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Output screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
SMIT log and script files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12
IBM Systems Director Console for AIX (pconsole) . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Console interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Console applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Console management view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
System health (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
System health (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-22

Copyright IBM Corp. 2009, 2013 Contents iii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System health (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-24


Classical SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-26
DCEM portlet (1 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-27
DCEM portlet (2 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-28
DCEM portlet (3 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-29
DCEM portlet (4 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-30
DCEM portlet (5 of 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-31
Console logging and tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-32
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-36

Unit 3. System startup and shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2
System startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3
Managed system activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5
Startup modes for AIX (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6
Startup modes for AIX (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7
AIX startup process overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8
AIX partition activation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-9
AIX partition activation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10
The alog command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11
/etc/inittab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13
Run levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-15
Directory and script control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17
System Resource Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-18
Listing subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-19
SRC control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20
AIX partition shutdown (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21
AIX partition shutdown (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-23
Managed system shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-25
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-27
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-28

Unit 4. AIX installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2
Installation methods for AIX 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3
AIX installation in a partition (DVD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-4
Installing AIX from DVD (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-5
Installing AIX from DVD (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6
Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-7
Installation and Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8
Method of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-9
Installation disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11
Set Primary Language Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12
Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13
Software install options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-15

iv AIX Implementation and Administration Copyright IBM Corp. 2009, 2013


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

TOC Install summary and installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16


Accept License Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17
AIX installation: Post steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
Installation Assistant and login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
AIX installation in a partition using NIM: NIM overview . . . . . . . . . . . . . . . . . . . . . 4-20
AIX installation in a partition using NIM: Configuration steps . . . . . . . . . . . . . . . . 4-22
Network boot (1 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
Network boot (2 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
Network boot (3 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
Network boot (4 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
Network boot (5 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
Network boot (6 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
Network boot (7 of 7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32

Unit 5. AIX software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
AIX media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Software packaging definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Software bundles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
AIX software levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
What is my AIX version? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10
Software installation and maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-11
Software repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
Software states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Software listing and versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
lslpp, filesets, and files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Installing new software using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Installing software using command line: Examples . . . . . . . . . . . . . . . . . . . . . . . . 5-17
Red Hat Package Manager filesets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Applying patches to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
Applying patches, apply, commit, reject . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22
Listing fixes (APARs) installed on the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-23
Interim fix management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24
Removing installed software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-25
Recovering from broken or inconsistent states . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-26
Service update management assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27
SUMA base configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-28
SUMA task configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29
SUMA command line execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30
Fix Central website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-32
Fix Level Recommendation Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-33
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-36

Copyright IBM Corp. 2009, 2013 Contents v


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 6. System configuration and devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-2
Device terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-3
System components locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-5
Device addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-7
Physical location code examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-8
Virtual location codes example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-9
System configuration and device overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-11
Device commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-12
prtconf (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13
prtconf (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-14
lscfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-15
lsdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-16
lsslot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-18
lsattr and chdev commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-19
Device states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-20
/dev directory, device configuration, and control . . . . . . . . . . . . . . . . . . . . . . . . . .6-21
rendev command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-23
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25

Unit 7. System storage overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2
Components of AIX storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-3
Traditional UNIX disk storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-4
Benefits of the LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Logical Volume Manager components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Physical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-8
Volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-10
Volume group descriptor area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-12
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-13
Uses of logical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-15
What is a file system? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-17
Why have multiple file systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-19
Standard file systems in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-21
/etc/filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-23
Mount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-25
Mounting over an empty directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-26
Mounting over files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27
Listing file systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-28
Listing logical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-29
Checkpoint (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30
Checkpoint (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-31
Checkpoint (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-32
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-33
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-34

vi AIX Implementation and Administration Copyright IBM Corp. 2009, 2013


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

TOC Unit 8. Working with the Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
SMIT Volume Groups menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
Adding a volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
Adding a scalable volume group to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-6
Listing volume groups and VG attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7
Listing PVs in a VG and VG contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-8
Change a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-10
Extend and reduce a VG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Remove a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Activate and Deactivate a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Import and Export a Volume Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
Logical storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16
LVM and RAID support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-17
LVM options which affect performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-18
Mirroring (RAID1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-19
Mirroring, allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-20
Striping (RAID 0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-21
Striping and mirroring (RAID 10 or 1+0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23
Mirror pools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-24
Logical volume placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-26
Mirroring scheduling policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-28
Mirror write consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-30
SMIT Logical Volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-32
Add a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-33
Show LV characteristics (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-34
Show LV characteristics (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-35
Reorganize logical volumes in a volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-36
Add Copies to a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-37
Increase the Size of a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-38
Remove a Logical Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39
List all logical volumes by volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-40
Mirroring volume groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-41
Physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42
SMIT Physical Volumes menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-43
List physical volume information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-44
List logical volumes on a physical volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-45
List a physical volume partition map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-46
Add or move contents of physical volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-47
Documenting the disk storage setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-49
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-50
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-51

Unit 9. File systems administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2
Journaled file system support in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

Copyright IBM Corp. 2009, 2013 Contents vii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Advantages of enhanced JFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4


JFS2 structural components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-5
Listing i-node and block size information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-7
Creating a JFS2 file system (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-8
Creating a JFS2 file system (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9
Mounting a file system and the /etc/filesystems file . . . . . . . . . . . . . . . . . . . . . . . .9-10
JFS2 logging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-11
Creating a file system on a previously defined logical volume . . . . . . . . . . . . . . . .9-12
Changing the size of a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-13
Removing a JFS2 file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-14
File system space management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-15
Listing file system utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-16
Monitoring file system growth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-17
Listing disk usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-18
Control growing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-20
The skulker command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-22
Block size considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-23
Fragmentation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-25
Verify and repair a file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-26
Documenting file system setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-27
System storage review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-28
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-29
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-31
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-32

Unit 10. Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2
What is paging space? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-3
Paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-5
Sizing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-7
Paging space thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-8
Checking paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-11
Paging space placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-12
Adding paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-14
Change paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-15
Removing paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-17
Problems with paging space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-18
Documenting paging space setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-19
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-20
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-21
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-22

Unit 11. Backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-2
Backup introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-3
System image backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-5
Creating a mksysb image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-7

viii AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

TOC image.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-9


bosinst.data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-11
mksysb tape image format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-13
Restoring a mksysb: From tape device (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15
Restoring a mksysb: From tape device (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Restoring a mksysb: From a NIM server (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Restoring a mksysb: From NIM server (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19
Creating a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20
Restoring a backup of a data volume group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-21
Traditional UNIX and AIX backup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-23
Backup by filename and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24
Backup and restore by inode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-25
tar command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-26
cpio command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-27
pax command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-28
dd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-29
Compression commands (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30
Compression commands (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-31
Good practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-32
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-36

Unit 12. Security and user administration: Part one . . . . . . . . . . . . . . . . . . . . . . . . 12-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
12.1. Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-3
Security and user concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Controlling access to the root account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-7
System defined groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-9
Role based access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-11
File/directory permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-13
Reading permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-15
Changing permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-16
umask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-18
Changing ownerships and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-20
Security policy and setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-21
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-22
12.2. User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-23
User and group administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-24
Security files and security commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-25
Validating the user environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-26
chsec, lssec, and stanza format security files . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-28
User and group administration hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-30
Security & Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-31
SMIT users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-33
Listing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-34

Copyright IBM Corp. 2009, 2013 Contents ix


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Add or change a user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-35


Assign a password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-36
Regaining roots password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-38
/etc/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-39
/etc/security/passwd file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-41
SMIT groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-43
Listing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-44
Add or change a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-45
Group files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-47
Remove a user or group from the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-48
Files owned by removed user or group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-49
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-50
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-51
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-52
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-53
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-54

Unit 13. Security and user administration: Part two. . . . . . . . . . . . . . . . . . . . . . . . .13-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
13.1. Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-3
Additional user administration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-4
Console login sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Login related attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Security logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-9
User environment setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-11
Customizing default user setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-12
Message of the day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-14
Blocked user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-15
Prevent vulnerable passwords (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-16
Prevent vulnerable passwords (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-18
Prevent vulnerable passwords (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-19
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-21
13.2. Basics of enhanced RBAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-23
Basics of enhanced RBAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-24
RBAC overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-25
RBAC defined roles and authorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-26
RBAC (basic) implementation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-29
RBAC example (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-30
RBAC example (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-31
Topic summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-32
Checkpoint (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-33
Checkpoint (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-34
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-35
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-36

Unit 14. Scheduling and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-2
The cron daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-3

x AIX Implementation and Administration Copyright IBM Corp. 2009, 2013


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

TOC crontab files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-5


Format of a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-6
Editing a crontab file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-8
The at and batch commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10
Controlling at jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-12
Documenting scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-13
System clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-14
Setting date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-15
Time zone variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
Time zone formats in AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-18
Setting POSIX time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-19
POSIX time zone variable breakdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-20
Setting Olson time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-22
Configuring NTP client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-23
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-25
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-26
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-27

Unit 15. TCP/IP networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2
What is TCP/IP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-3
TCP/IP layering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-5
LAN and broadcast domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7
Ethernet adapters and interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-8
Virtual LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-10
Trunk ports and 802.1Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11
VLAN aware hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-12
AIX VLAN tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-13
IP and subnet addressing (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-14
IP and subnet addressing (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15
Subnetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16
Supernetting example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17
How is TCP/IP configured on AIX? (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-18
How is TCP/IP configured on AIX? (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19
Command line TCP/IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-20
Verifying network interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21
Name resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-22
Routing implementation (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-24
Routing implementation (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-26
Multipath routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-27
IP aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-28
Testing for remote connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-29
Ports and sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-31
inetd daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-32
TCP/IP start-up flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-33
Remote UNIX commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-34
Transferring files over a network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-35
Network file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-36

Copyright IBM Corp. 2009, 2013 Contents xi


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

NFS server configuration (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-37


NFS server configuration (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-39
Manual NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-41
Predefined NFS client mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-42
Virtual Network Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-44
VNC configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-45
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-46
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-47
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-48

Unit 16. Introduction to workload partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1


Unit objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-2
Workload partition overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3
Comparing WPARs to LPARs for consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . .16-5
Default WPAR network configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-7
WPAR resource control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-8
System versus application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-10
System WPAR process space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-12
System WPAR file systems space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-13
System WPAR storage and device access . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-15
Types of system WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-16
Versioned WPAR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-18
Basic system WPAR commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-19
Application WPARs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-20
Workload Partition Manager overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-21
Checkpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-22
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-23
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-24

Appendix A. Printers and queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Appendix B. Checkpoint solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

xii AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in
many jurisdictions worldwide:
AIX 5L AIX 6 AIX
AS/400 DB2 Electronic Service Agent
Everyplace Express HACMP
Informix Language Environment Notes
Power Architecture POWER Hypervisor Power Systems
Power PowerHA PowerVM
POWER6 POWER7 PureFlex
System p System Storage Tivoli
WebSphere
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the
United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or
both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks
of Oracle and/or its affiliates.
VMware and the VMware "boxes" logo and design, Virtual SMP and VMotion are registered
trademarks or trademarks (the "Marks") of VMware, Inc. in the United States and/or other
jurisdictions.
Other product and service names might be trademarks of IBM or other companies.

Copyright IBM Corp. 2009, 2013 Trademarks xiii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

xiv AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

pref Course description


Power Systems for AIX II: AIX Implementation and Administration

Duration: 5 days

Purpose
Students will learn to install, customize, and administer the AIX
operating system in a multiuser POWER (System p) partitioned
environment. The course is based on AIX 7.1 running on a POWER7
system managed by Hardware Management Console version 7 and
provides practical discussions that are appropriate to earlier AIX
releases.

Audience
This intermediate course is intended for system administrators or
anyone implementing and managing an AIX operating system in a
multiuser POWER (System p) partitioned environment.

Prerequisites
The students attending this course should already be able to:
Log in to an AIX system and set a user password
Execute basic AIX commands
Manage files and directories
Use the vi editor
Use redirection, pipes, and tees
Use the utilities find and grep
Use the command and variable substitution
Set and change Korn shell variables
Write simple shell scripts
Use a graphic Common Desktop Environment (CDE) interface
These skills can be acquired by attending AIX Basics (AN10) or
through equivalent AIX or UNIX knowledge. Also, it would be helpful
(but not mandatory) if students were familiar with partitioning concepts
and technology taught in Power Systems for AIX I: LPAR
Configuration and Planning (AN11).

Copyright IBM Corp. 2009, 2013 Course description xv


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Objectives
On completion of this course, students should be able to:
Install the AIX operating system, filesets, and RedHat Package
Manager (RPM) packages
Perform system startup and shutdown
Discuss and use system management tools such as System
Management Interface Tool (SMIT) and IBM systems director
console for AIX
Manage physical and logical devices
Discuss the purpose of the logical volume manager
Perform logical volume and file system management
Create and manage user and group accounts
Perform and restore system backups
Utilize administrative subsystems, including cron to schedule
system tasks, and security to implement customized access of files
and directories
Configure TCP/IP networking
Define and run basic Workload Partitions (WPAR)

Contents
Introduction to IBM POWER p systems, AIX, and system
administration
AIX System Management Tools
System startup and shutdown
AIX installation
AIX software installation and maintenance
System configuration and devices
System storage overview
Working with the Logical Volume Manager
File system administration
Paging space
Backup and restore
Security and user administration
Time and scheduling
TCP/IP networking
Workload Partitions

Curriculum relationship
This course should follow the AIX Basics course. A basic
understanding of hardware, the AIX environment, and simple
commands is recommended before taking this course.

xvi AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

pref Agenda
Day 1
Welcome
Unit 1: Introduction to IBM Power Systems, AIX, and system
administration
Exercise 1
Unit 2: AIX system management tools
Exercise 2
Unit 3: System startup and shutdown
Exercise 3
Unit 4: AIX installation
Exercise 4

Day 2
Unit 5: AIX software installation and maintenance
Exercise 5
Unit 6: System configuration and devices
Exercise 6
Unit 7: System storage overview
Exercise 7
Unit 8: Working with the Logical Volume Manager
Exercise 8

Day 3
Unit 9: File systems administration
Exercise 9
Unit 10: Paging space
Exercise 10
Unit 11: Backup and restore
Exercise 11

Day 4
Unit 12: Security and user administration: Part one
Exercise 12
Unit 13: Security and user administration: Part two
Exercise 13
Unit 14: Scheduling and time
Exercise 14
Unit 15: TCP/IP networking

Copyright IBM Corp. 2009, 2013 Agenda xvii


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Day 5
Unit 15: TCP/IP networking (continued)
Exercise 15
Unit 16: Introduction to workload partitions
Exercise 16

xviii AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 1. Introduction to IBM Power Systems, AIX,


and system administration

What this unit is about


This unit provides an introduction to IBM Power Systems, AIX and
system administration.

What you should be able to do


After completing this unit, you should be able to:
Define terminology and concepts of IBM Power System servers,
virtualization, HMC, and AIX
Describe the roles of the system administrator
Obtain root access with the su command

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX 7.1 Information
PSO03004-USEN-05
AIX From Strength to Strength
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Define terminology and concepts of IBM Power System
servers, virtualization, HMC, and AIX
Describe the roles of the system administrator
Obtain root access with the su command

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-1. Unit objectives AN123.1

Notes:

1-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX overview
IBM Power Systems

IBMs proprietary operating system based on UNIX System V.


Also has BSD compatible commands and programming interface extensions
Advanced Interactive Executive (AIX) runs on proprietary hardware
(H/W) called IBM Power Systems.
Seventh generation of Power, based on Reduced Instruction Set Computer
(RISC) technology
Most Power Systems today run many instances of AIX in partitions
known as logical partitions (LPAR).
This is H/W partitioning managed by the system firmware, Power Hypervisor
LPAR:
AIX1

LPAR:
AIX2

LPAR:
AIX3

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-2. AIX overview AN123.1

Notes:
Advanced Interactive Executive (AIX) is IBM's proprietary UNIX OS based on UNIX
System V with 4.3BSD-compatible command and programming interface extensions.
Announcement Letter Number 286-004 dated January 21, 1986:
The AIX Operating System is based on INTERACTIVE Systems Corporation's IN/ix,
which, in turn, is based on UNIX System V, as licensed by AT&T Bell Laboratories.
Some portions of the modifications and enhancements were developed by IBM; others
were developed by INTERACTIVE under contract to IBM.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Logical partition overview


IBM Power Systems

An LPAR is the allocation of system resources to create logically


separate systems within the same physical footprint.
The resource allocation and isolation for a logical partition is
implemented in firmware called Power Hypervisor.
Provides configuration flexibility
Each partition has its own:
Operating system
Resources: Processors, memory, devices (defined in a profile)
Partitions can consist of physical (real) or virtual devices
Or a combination of both

sys1 sys2 sys3 sys4


04:42 14:42 11:42 19:42

LPAR 1 LPAR 2 LPAR 3 LPAR 4

Power Hypervisor
System Hardware (memory, processors, devices)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-3. Logical partition overview AN123.1

Notes:
Logical partition (LPAR)
Logical partitioning is the ability to make a single system run as if it were two or more
systems. Each partition represents a division of resources in the Power System. The
partitions are logical because the division of resources is logical and not along physical
boundaries.
Hypervisor Partitions are isolated from each other by firmware (underlying software)
called the POWER Hypervisor. The names POWER Hypervisor and Hypervisor will be
used interchangeably in this course.
Each partition has its own environment, for example IP address or time of day, just as
any AIX instance.

1-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Dynamic logical partitioning


IBM Power Systems

DLPAR is the ability to add, remove, and move resources


without reactivation of a partition.
Processor, memory, and I/O allocation changes
Processors and memory quantities are bound by the
minimum and maximum profile settings.
Applications can be DLPAR-aware.

Before After

LPAR 1 LPAR 1
DLPAR operation: (running) (running)
- Add 2.0 CPU
-Remove 4 Gb Mem 2.0 CPU 4.0 CPU
-Move the DVD slot to LPAR 2 16 Gb Mem 12 Gb Mem

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-4. Dynamic logical partitioning AN123.1

Notes:
Dynamic Logical partitioning (DLPAR)
The term Dynamic in DLPAR means we can add, move, or remove resources without
having to reactivate the partition. If there are partitions that need more or can do with
fewer resources, you can dynamically move the resources between partitions within the
managed system without shutting down the partitions. Both the source and the
destination partitions must support the dynamic partitioning operation.
Processors and memory
Each running LPAR has an active profile which contains the resources that LPAR is
entitled to. For processor and memory settings, there is a maximum and a minimum
range. These boundaries cannot be exceeded when performing dynamic reallocation
operations.
Applications
Some applications and utilities may not be DLPAR-aware. If they bind to a processor or
pin memory, then you may need to stop these processes before you are able to perform
the DLPAR operation. IBM provides an Application Programming Interface (API) for
third party program DLPAR support on AIX 5L, AIX 6 and AIX 7.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Workload partitions
IBM Power Systems

Software (S/W) partitioning is managed by AIX.


This has been available since AIX 6.1.
Many AIX OS images can reside within a master global AIX image.
Live Application Mobility allows WPAR relocation to another box or
LPAR.
WPARs provide automatic workload balancing.
WPAR technology is not H/W dependent.
Support is available on servers from POWER4 through POWER7.

AIX1

AIX2 1.
WPAR2 2.
AIX3
WPAR1
WPAR4
WPAR5
WPAR3
WPAR6 WPAR mgr

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-5. Workload partitions AN123.1

Notes:
Workload partitions (WPAR) are virtualized, secure operating system environments, within
a single instance of the AIX operating system. Live Application Mobility is a capability of
WPAR technology which allows partitions to move between systems with limited
application downtime (for example, 20 seconds).

1-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Live Partition Mobility


IBM Power Systems

Live Partition Mobility allows running AIX partitions to be migrated from


one physical server to another without downtime.
For POWER6 and later, LPARs must not contain any physical devices

No

LPAR:

LPAR:
Downtime

AIX1

AIX1
Partition mobility provides systems management flexibility and is
designed to improve system availability.
Can help avoid planned outages for hardware or firmware maintenance
Can help avoid unplanned downtime
If a server indicates a potential failure, you can move its partitions to another server
before the failure occurs.
Enables optimized resource use by moving workloads from server to server

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-6. Live Partition Mobility AN123.1

Notes:
Live Partition Mobility is a new capability that enables users to move partitions between
systems with no application downtime. Live Partition Mobility enables organizations to
move LPARs from CPU intensive servers to improve overall throughput based on
requirements at a particular time. This also allows us to use a maintenance window on a
physical machine without the need for any application downtime. The only interruption of
service would be due to network latency. If sufficient bandwidth was available, a delay of at
most, a few seconds, could typically be expected.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

POWER7 offerings
IBM Power Systems

p460
p260+ Power 795
Power 780
Flex System Power 770
PureFlex System

Power 760
Power 750

PS Blades
Power 740
Power 730

Power 720
POWER7+
Power 710 32 nm

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-7. POWER7 offerings AN123.1

Notes:
IBM often introduces new models and updates the current range of servers on a frequent
basis. Here is a summary of the model differences.
IBM PureFlex System with POWER7:
Flex System 260 16 cores, 512 GB, 2 drives
Flex System 460 double-wide, 32 cores, 1TB, 2 drives
Blades:
PS700 - 4 cores, 64 GB, 2 drives
PS701 - 8 cores, 128 GB, 1 drive
PS702 - double-wide, 16 cores, 256 GB, 2 drives
PS703 - 16 cores, 256 GB, no drives
PS704 - double-wide, 32 cores, up to 512 GB, 2 drives
In the following models, unless stated otherwise, there are 4, 6, or 8 cores per socket.

1-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Models without ability to connect to I/O expansion drawers:


Power 710 Express - 1 socket, 8 to 256 GB, 6 drives
Power 730 Express- 2 sockets, 8 to 512 GB, 6 drives
Models with I/O expansion abilities:
Power 720 - 1 socket, 8 to 512 GB, 6 or 8 drives
Power 740 - 2 sockets, 8 to 1024 GB, 6 or 8 drives
Power 750 - 6 or 8 cores per socket, 4 sockets, 1 TB, 8 drives
High Performance Computing:
Power 760 - similar to Power 750, 2 TB
Multi-enclosure models (1 though 4 enclosures)
Power 770 - 6 or 8 cores per socket, 2 sockets per enclosure, up to 4 TB
Power 780 - similar to 770, faster cores, up to 4 TB, 24x7 maintenance, PowerCare
support
Large enterprise server:
Power 795 - up to 256 cores, up to 16 TB, supports up to 32 I/O drawers
For further details see the Power Systems facts and features guide:
http://www-03.ibm.com/systems/power/hardware/reports/factsfeatures.html

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Typical Power system layout


IBM Power Systems

LPAR configuration and control is completed through the Hardware


Management Console (HMC).
The HMC connects to the service processors and the LPARs.
A private network usually connects HMC and service processors.

Private Service
Processors Managed
network system
Secondary HMC
Backup LPAR 1

LPAR 2
Primary HMC Public/open SAN
network LPAR 3

LPAR 4

NIM Server Images

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-8. Typical Power system layout AN123.1

Notes:
The diagram above shows a typical example of a Power server set-up configuration. The
server is split into a number of Logical Partitions (LPARs) running AIX. A Network
Installation Manager (NIM) server is highly preferable to install and update the AIX LPARs
over the network. There can be a maximum of 2 HMCs connected to each system and
each system has two dedicated Ethernet ports reserved for this. It is recommended that the
HMC to Service Processor communication occurs through a private network reserved for
that purpose. The HMC also must have open network connectively to the LPARs if such
features as Connection Monitoring and Dynamic LPAR operations are to be achieved.
It is also preferable to have a second HMC connected for availability purposes.
Note: A failure of the HMC does not interfere in any way with the running managed system.
The service processor is a separate, independent processor that provides hardware
initialization during system load, monitoring of environmental and error events, and
maintenance support.

1-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

The HMC (1 of 2)
IBM Power Systems

An appliance for the management of POWER-processor


based servers
IBM provided Intel based server (desktop or rack mount) running a
web-based application on a customized version of Linux
Access through https (GUI) and SSH (command line)

Acts as a focal point for collecting and servicing managed


system serviceable events
Can be configured to call home to IBM for parts and service
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-9. The HMC (1 of 2) AN123.1

Notes:
The HMC is an Intel based server which runs a customized version of Linux (SuSE). Its
main purpose is to configure and control up to 48 managed systems.
The HMC also collects diagnostic and error information from the LPARs and Managed
System and logs them as Serviceable events. If configured, the HMC can send these
reports to IBM through the Electronic Service Agent (ESA).
Note: On entry level machines such as the Power 520 or the Power 720, if the system is to
be used as a non-partitioned system an HMC is not required. An HMC is mandatory for
Power 570 and above (for POWER6) or in Power 770 and above (for POWER7).
Power 550s and below (for POWER6) or Power 740s and below (for POWER7) can use
Integrated Virtualization Manager (IVM) to create and control the managed system. IVM is
available through the VIOS code.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The HMC (2 of 2)
IBM Power Systems

Managed
Systems

LPARs Proc &


running MEM
AIX resources
Navigation
area
Task
Pad

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-10. The HMC (2 of 2) AN123.1

Notes:
The diagram above shows the main view of a managed system sys034. Operations such
as create, stop, shutdown LPAR can be performed from the Tasks pad or bar, or by
selecting the LPAR itself. The view is highly customizable.
The navigation area offers the main features of the HMC, such as:
Systems plans for producing or deploying system configuration plans done during
design
HMC Management for configuring the HMC, users, roles, network setting, and other
HMC characteristics
Updates, for updating the HMC and Managed System firmware
This view was taken from an HMC running v7.3.3.1. Pre v7 HMCs ran WSM which was a
much different interface based on Java.

1-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

LPAR virtualization overview (1 of 2)


IBM Power Systems

An AIX client partition can:


Be virtual, have no real devices
Use fractions of CPUs (micro-partitioning)
Virtualizing LPARs has many advantages:
Flexibility in allocating resources
More efficient use of system resources through sharing
Consolidation (hardware, floor space, merge production, and test
environments)
Relocating partitions using Live Partition Mobility
A key component of virtualization is the Virtual I/O Server
(VIOS).
Implemented as special customized version of AIX
It is not AIX. It is PowerVM software!
Requires, at minimum, a PowerVM standard license
Included on some high-end systems
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-11. LPAR virtualization overview (1 of 2) AN123.1

Notes:
Virtualizing LPARs
The main benefits of virtualized I/O are as follows:
Partitions can be created without requiring additional physical I/O resources. The new
partitions can be configured to use virtualized I/O resources, which allows them to be
configured in a timely manner, since no physical reconfiguration of the system, that is,
moving adapter cards and cables, is required.
Virtualized I/O allows an economical I/O model, since it allows multiple partitions to
share common resources. For example, multiple partitions can share a single physical
adapter. Without virtualized I/O, each partition would require its own adapter, even if the
full capacity of the adapter was not being utilized.
The use of virtualized I/O facilitates server consolidation. It permits multiple client
partitions to reside on a single machine, and make efficient use of shared resources.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Virtual I/O Server (VIOS)


The IBM Virtual I/O Server software enables the creation of partitions that use the I/O
resources of another partition. In this way, it helps to maximize the utilization of physical
resources on POWER5 and POWER6 systems. Partitions can have dedicated I/O,
virtual I/O, or both. Physical resources are assigned to the Virtual I/O Server partition in
the same way physical resources are assigned to other partitions. The virtual I/O server
then provides access to these physical resources from the virtual client LPARs.
Virtual I/O Server is a separate software product, and is included as part of the standard
PowerVM feature. It supports AIX Versions 5.3, 6.1, 7.1,and Linux partitions as virtual
I/O clients.

1-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

LPAR virtualization overview (2 of 2)


IBM Power Systems

The two key functions of virtualization are:


Virtual Ethernet is a standard feature of POWER5 and later.
AIX can have up to 256 virtual adapters per LPAR.
Does not require a VIOS, unless a bridged connection to the outside
world is required.
Virtual SCSI is way of providing virtual disks to clients.
The backend storage can be internal disk (SCSI or SAS) or SAN
storage.
This is a feature of the VIOS.

Note: There are many other virtualization features which are covered in more
depth in the LPAR and virtualization curriculum and roadmap.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-12. LPAR virtualization overview (2 of 2) AN123.1

Notes:
Virtual Ethernet Introduction
Virtual Ethernet adapters enable inter-partition communication without the need for
physical network adapters assigned to each partition. It can be used in both shared and
dedicated POWER5 or later processor partitions provided the partition is running AIX
V5.3, AIX V6.1, AIX V7.1, or Linux. This technology enables IP-based communication
between logical partitions on the same system using a VLAN Ethernet switch (POWER
Hypervisor) in POWER5 and later processor-based managed systems.
The number of partitions possible on many systems is greater than the number of I/O
slots. Therefore, virtual Ethernet is a convenient and cost saving option to enable
partitions within a single system to communicate with one another through a virtual
Ethernet LAN. The virtual Ethernet interfaces may be configured with both IPv4 and
IPv6 protocols.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Virtual SCSI Introduction


The Virtual I/O server supports exporting disks as virtual devices. The Virtual I/O server
supports the exporting of three types of virtual SCSI disks: virtual SCSI disk backed by
a whole physical volume, virtual SCSI disk backed by a logical volume, and virtual SCSI
disk backed by a file. Regardless of whether the virtual SCSI disk is backed by a whole
physical disk, a logical volume, or a file, all standard SCSI conventional rules apply to
the device. The device will behave as a standard SCSI compliant device. The logical
volumes and files appear as real devices, hdisks, in the client partitions and can be
used as a boot device. Once a virtual disk is assigned to a client partition, the Virtual I/O
Server must be available before the client partitions are able to access it.

1-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Virtual I/O Server overview


IBM Power Systems

The VIOS partition is allocated physical I/O slots containing real


adapters.
These are used for the virtual adapters (SCSI or Ethernet) to share amongst
the client partitions.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-13. Virtual I/O Server overview AN123.1

Notes:
Virtual I/O Server (VIOS) description
VIOS provides virtual storage and shared Ethernet capability to client logical partitions
on the system. It allows physical adapters with attached disks and optical devices on
the VIOS to be shared by one or more client partitions.
VIOS partitions are not intended to run applications or to have general user logins.
VIOS is installed in its own partition. Using VIOS facilitates the following functions:
Sharing of physical resources between partitions on the system
Creation of partitions without requiring additional physical I/O resources
Creation of more partitions than I/O slots or physical devices, by allowing partitions to
have dedicated I/O, virtual I/O, or both
Maximization of physical resource utilization on the system

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Virtualization example
IBM Power Systems

AIX Virtual I/O Server


LPAR LPAR
Physical
Virtual Virtual Physical network
Ethernet Virtual Ethernet SEA Ethernet
ent0 Ethernet ent1 Layer 2 ent0
Switch Bridge
Virtual ent2
Ethernet
ent1
Hypervisor
Virtual
Virtual Physical
Client Device
vSCSI Server Storage
Adapter Adapter Mapping
vtscsi0 Adapter
vhost0 fcs0

SCSI, SAS, FC physical disks


or logical volumes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-14. Virtualization example AN123.1

Notes:
VLAN
A Virtual Local Area Network (VLAN) enables an Ethernet switch to create sub-groups
within a single physical network where the members of different subgroups are isolated
from each other.
Virtual Ethernet
There are two main features of virtual Ethernet. One is the inter-partition virtual switch
to provide support for connecting up to 4096 LANs. LAN IDs are used to configure
virtual Ethernet LANs and all partitions using a particular LAN ID can communicate with
each other. The other feature is a function called Shared Ethernet Adapter that bridges
networks together without using TCP/IP routing. This function enables the partition to
appear to be connected directly to an external network. The main benefit of using this
feature is that each partition need not have its own physical network adapter.

1-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Virtual SCSI adapters


Virtual SCSI adapters provide the ability for a client partitions to see SCSI disks which
are actually SCSI, SAS, SAN disks, or logical volumes inside the VIOS.
Virtual FC adapters
While not shown in the visual, it is also possible to define virtual Fibre Channel (FC)
adapters. These allow the client LPAR to access the SAN through a physical FC in the
Virtual I/O Server. The Client LPAR virtual FC has its own unique port number (WWPN)
to which the SAN can zone LUNs.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Role of the system administrator


IBM Power Systems

Pre-installation planning of:


Partitions
User accounts/groups
Storage allocation/paging space
Subsystems (printing, networks, and so forth)
Standard naming conventions
Determine system policies
Install and configure hardware Maintain application /
Network configuration system uptime!
System backups and disaster recovery
Create/manage user accounts
Define and manage subsystems
Manage system resources (for example, disk space)
Performance monitoring
Capacity planning
Application license management
Documentation - system configuration, and keep it current!
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-15. Role of the system administrator AN123.1

Notes:
Overview
There are a number of distinct tasks which the system administrator on a UNIX or AIX
system must perform. Often there is more than one system administrator in a large
organization and the tasks can be divided between the different administrators.

1-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Who can perform administration tasks?


IBM Power Systems

The root user


Exercise caution when logging in directly as root, especially
remotely.
Keep the root password secure.
Members of special groups or RBAC roles
The su command enables you to obtain access to root user

$ id; pwd $ id; pwd


uid=251(alex) gid=1(staff) uid=251(alex) gid=1(staff)
/home/alex /home/alex
$ su root $ su - root
root's Password: or root's Password:
# id; pwd
# id; pwd
uid=0(root) gid=0(system) uid=0(root) gid=0(system)
/home/alex /
# set |grep USER # set |grep USER
USER=alex USER=root

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-16. Who can perform administration tasks? AN123.1

Notes:
Limiting access to administrative tasks
AIX security permissions restrict the performance of administrative tasks to the root
user, and sometimes to other users in special groups. For example, system for general
tasks, security for user administration, printq for AIX Print Subsystem printer
management, and lp for System V Print Subsystem printer management. This means
that the root user's password must be kept secure and only divulged to the few users
who are responsible for the system. AIX6 has a new feature called Role Based Access
Control (RBAC). This allows OS management tasks to be assigned to roles and then
assigned to users. RBAC is a large security topic and hence will be covered in detail in
the AIX Security course (AN57).
A certain amount of discipline is also required when using the root ID, because typing
errors made as root could do catastrophic system damage. For normal use of the
system, a non-administrative user ID should be used. The superuser (root) privilege
should only be used when that authority is necessary to complete a system
administration task.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Obtaining root privileges


To obtain superuser or root privileges while logged in as a normal user, you can use the
su command. This prompts you for root's password and then gives you a subshell with
root privileges so that you can perform commands. When you have performed the
required tasks, you should exit from the su subshell. For example, use <ctrl-d> or the
exit command. This prevents accidents which could damage the system.
The su command allows you to assume the permissions of any user whose password
you know.
Every time the su command is used, an entry is placed in the file /vary/adm/sulog,
this is an ASCII text file. This makes it easy to record access as the superuser. Normal
logins are recorded in the file /vary/adm/wtmp. To read the contents of this file use
the command: who /vary/adm/wtmp.
The su command can also be specified with the - (dash) option. The dash (-) specifies
that the process environment is to be set as if the user had logged into the system using
the login command. Nothing in the current environment is propagated to the new shell.
For example, using the su command without the dash (-) option, allows you to have all
of the accompanying permission of root while keeping your own working environment.

1-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

How can we perform administration tasks?


IBM Power Systems

Command line
UNIX system administration tasks often done from the command
line, by executing scripts, or both
Writing and executing scripts
Typically using Korn shell scripts (ksh is the default shell on AIX)
Perl for more advanced users
SMIT (smit or smitty)
Text based tool (graphical version also available)
IBM Systems Director Console for AIX (pconsole)
New web-based GUI in AIX6 and later
IBM Systems Director
A cross platform product for managing Power systems and AIX
across a large enterprise environment
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-17. How can we perform administration tasks? AN123.1

Notes:
There are many ways to perform administration tasks within AIX. In reality, a combination
of tools or techniques are deployed.
While there is a graphic mode for SMIT, most SMIT users prefer using smit in text mode via
an interactive command prompt connection, such as ssh.
IBM Systems Director is more flexible than the others in the list. It supports multiple
operating systems and virtualization technologies across IBM and non-IBM platforms. It is
not to be confused with Systems Director Console for AIX which is based upon IBM
Systems Director but runs from within AIX to managed the OS as a single instance.

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. What is the name of the device which creates and controls LPARs?

2. True or False: An AIX operating system can have no real devices.

3. True or False: Virtualization features provided by the VIO Server can


be used by default on any Power system.

4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-18. Checkpoint AN123.1

Notes:

1-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Introduction to
IBM Power Systems and
AIX

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-19. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 1. Introduction to IBM Power Systems, AIX, and system 1-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Define terminology and concepts of IBM Power System
servers, virtualization, HMC, and AIX
Describe the roles of the system administrator
Obtain root access with the su command

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 1-20. Unit summary AN123.1

Notes:

1-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 2. AIX system management tools

What this unit is about


This unit describes the system management tools available in AIX,
with a particular focus on SMIT and the IBM systems director console.

What you should be able to do


After completing this unit, you should be able to:
Describe the benefits of the system management tools available in
AIX
Discuss the functionality of SMIT and the IBM Systems Director
Console for AIX
Explain how system management activity is logged
Log in to IBM Systems Director Console and use graphic interface
to manage the system

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Systems Director Console for AIX
AIX Version 7.1 Operating System and Device
Management
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Describe the benefits of the system management tools
available in AIX
Discuss the functionality of SMIT and the IBM Systems
Director Console for AIX
Explain how system management activity is logged
Log in to IBM Systems Director Console and use graphic
interface to manage the system

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-1. Unit objectives AN123.1

Notes:

2-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

UNIX system administration challenges


IBM Power Systems

Lots of commands to remember


Complex syntax
Prone to error!
Flat file configuration
Most UNIX flat files have different layouts, syntax, and options.
Again prone to error, sometimes causing bad things to happen.

How do I create
# crfs -v jfs -g rootvg -m /test -a size=42M efs=yes
an encrypted
Usage: crfs -v Vfs {-g Volumegroup | -d Device} -m
file system?
Mountpoint [-u Mountgroup] [-A {yes|no}] [-t {yes|no}]
[-p {ro|rw}] [-l Logpartitions] [-n nodename] [-a
Attribute=Value]

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-2. UNIX system administration challenges AN123.1

Notes:
UNIX challenges
Unfortunately, the same thing that's special about UNIX is also the source of most of what's
wrong. UNIX is an operating system burdened with 30+ years worth of useful add-ons and
different flavors. As a consequence, the OS has an awful lot of inconsistencies and
overlapping functions. At times, this can be confusing and challenging even for
experienced users.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System management objectives


IBM Power Systems

Minimize time and resources spent managing systems

Maximize reliability, performance, and productivity

Provide remote system management solutions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-3. System management objectives AN123.1

Notes:
Minimize time and resources spent managing systems
Organizations seek to minimize the time and resources spent managing systems, that
is, to manage computer systems efficiently. AIX helps with tools such as SMIT, the
Web-based System Manager, and IBM Systems Director Console for AIX.
Maximize reliability, performance, and productivity
Organizations also wish to maximize system reliability and performance in order to
maximize the productivity of the users of computer systems. AIX helps with features,
such as the logical volume manager, that help avoid the need for the system to be
brought down for maintenance.
Provide remote system management solutions
Today's information technology environment also creates a need for remote system
management solutions. AIX supports Web-based technology with the IBM Systems
Director Console for AIX. As a result, multiple systems can be managed from one single
point over the network. This can also be done with command-based programs such as
telnet, ssh, and SMIT.

2-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX administration
IBM Power Systems

Designed to make administration on AIX simple

System IBM
Management Systems Director
Interface Tool Console for AIX
(smit) (pconsole)

Text based Web Interface

High-level commands

Low-level Intermediate-level
commands commands

System
System Kernel Resource Object Data ASCII
calls services Controller Manager files

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-4. AIX administration AN123.1

Notes:
IIBM provides users on AIX with a great deal of flexibility and choice when it comes to
administering an AIX system. SMIT is a simple, but highly effective ASCII-based
management tool that has been in AIX since version 3. IBM Systems Director console is a
new attractive Web-based offering in AIX6.1.
Types of commands
Commands are classified high-, medium-, or low-level:
High-level commands: These are standard AIX commands, either shell/perl scripts, or
C programs, which can also be executed by a user. They execute multiple low-level or
intermediate-level commands to perform the system administrative functions.
Intermediate-level commands: These commands interface with special AIX
components such as the System Resource Controller and the Object Data Manager.
These commands are rarely executed directly by a user.
Low-level commands: These are AIX commands that correspond to AIX system calls
or kernel services. They are not normally executed directly by a user.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SMIT
IBM Power Systems

An interactive application that simplifies virtually every aspect


of AIX system administration.
Part of AIX, SMIT is available by default.
SMIT does not use any special hooks. Everything is based on
standard AIX commands and Korn shell functions.
You can see exactly what commands it performs either before or after
execution.
This is especially useful when you need to automate a repetitive task.
You can then use these commands in your own scripts.
Text / ASCII based by default.
If on a graphical display, such as the Virtual Network Computing (VNC)
viewer, and the DISPLAY variable is set, a Motif GUI version is
displayed.
Most users prefer the text based version called smitty.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-5. SMIT AN123.1

Notes:
Overview of SMIT
The System Management Interface Tool (SMIT) provides a menu-driven interface that
provides access to most of the common system management functions, within one
consistent environment.
SMIT is an interactive application that simplifies virtually every aspect of AIX system
administration. It is a user interface that constructs high-level commands from the user's
selections, and then executes these commands on-demand. Those commands could be
entered directly by the user to perform the same tasks, or put into scripts to run over, and
over again.
Occasionally, a system administrator will run AIX commands or edit ASCII files directly to
complete a particular system administration task. However, SMIT does make the most
frequent or complex/tedious tasks much easier with a greater degree of reliability.

2-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

SMIT main menu (text based)


IBM Power Systems

# smit
System
System Management
Management

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Software
Software Installation
Installation and
and Maintenance
Maintenance
Software
Software License
License Management
Management
Devices
Devices
System
System Storage
Storage Management
Management (Physical
(Physical && Logical
Logical Storage)
Storage)
Security
Security && Users
Users
Communications
Communications Applications
Applications and
and Services
Services
Workload
Workload Partition
Partition Administration
Administration
Print
Print Spooling
Spooling
Advanced
Advanced Accounting
Accounting
Problem
Problem Determination
Determination
Performance
Performance && Resource
Resource Scheduling
Scheduling
System
System Environments
Environments
Processes
Processes && Subsystems
Subsystems
Applications
Applications
Installation
Installation Assistant
Assistant
Cluster
Cluster Systems
Systems Management
Management
Using
Using SMIT
SMIT (information
(information only)
only)

F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-6. SMIT main menu (text based) AN123.1

Notes:
Main menu selections
The SMIT main menu enables you to select the administrative functions to be performed.
You can also select online help on how to use SMIT.
Use of keys
In the ASCII mode, in order to select from the menus, you have to use the up and down
arrow keys. This moves a highlighted bar over the menu items. Press Enter to select the
highlighted item. You can also use some of the keyboard function keys to perform other
functions, such as exiting SMIT or starting a shell.
Importance of TERM environment variable
When using SMIT in the ASCII mode, the menus and dialog panels sometimes come up
distorted. That is the result of not having an appropriate TERM variable value. Setting and
exporting this variable can solve the problem. For example, executing the command
export TERM=vt320 might solve the problem.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

General syntax:
smit [-options] [ FastPath ]
Invoke ASCII version:
# smitty
or
# smit C
Log, but do not actually run, commands:
# smit -x
Redirect the log file and script file:
# smit -s /u/team1/smit.script l /u/team1/smit.log
# smit -s /dev/pts/1 -l /dev/pts/2

2-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Dialog screen
IBM Power Systems

# smit date
Change
Change // Show
Show Day
Day and
and Time
Time

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
YEAR
YEAR (00-99)
(00-99) [08]
[08] ##
MONTH
MONTH (01-12)
(01-12) [10]
[10] ##
DAY
DAY (1-31)
(1-31) [08]
[08] ##
HOUR
HOUR (00-23)
(00-23) [11]
[11] ##
MINUTES
MINUTES (00-59)
(00-59) [23]
[23] ##
SECONDS
SECONDS (00-59)
(00-59) [06]
[06] ##

Shell exit, very


useful to check
Command Current fast path:
something prior to
preview "date"
execution

F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F4=List
F4=List
F5=Reset
F5=Reset F6=Command
F6=Command F7=Edit
F7=Edit F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-7. Dialog screen AN123.1

Notes:
Dialog screens and selector screens
A dialog screen allows you to enter values that are used in the operation performed. Some
fields are already completed from information held in the system. Usually, you can change
this data from the default values.
A selector screen is a dialog screen on which there is only one value to change. The value
usually indicates the object which is acted upon by the subsequent dialog and AIX
command.
Entering data
To enter data, move the highlighted bar to the value you want to change. Then, either enter
a value or select one from a list. Fields that you can type in have square brackets [ ]. Fields
that have data that is larger than the field width, have angle brackets < >, to indicate that
there is data further to the left, right, or both sides of the display area.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Special symbols
Special symbols on the screen are used to indicate how data is to be entered:
Asterisk (*): This is a required field.
Number sign (#): A numeric value is required for this field.
Forward slash (/): A pathname is required for this field.
X: A hexadecimal value is required for this field.
Question mark (?): The value entered is not displayed.
Plus sign (+): A pop-up list or ring is available.
An asterisk (*) in the leftmost column of a line indicates that the field is required. A value
must be entered here before you can commit the dialog and execute the command. In the
ASCII version, a plus sign (+) is used to indicate that a pop-up list or ring is available. To
access a pop-up list, use the F4 key. A ring is a special type of list. If a fixed number of
options are available, use the Tab key to cycle through the options.
In the Motif version, a List button is displayed. Either click the button or press <Ctrl-l> to
display a pop-up window.
Use of particular keys
The following keys can be used while in the menus and dialog screens. Some keys are
only valid in particular screens. The keys that are only valid for the ASCII interface are
marked (A). The keys that are only valid for the Motif interface are marked (M).
F1 (or ESC-1) Help: Show contextual help information.
F2 (or ESC-2) Refresh: Redraw the display. (A)
F3 (or ESC-3) Cancel: Return to the previous screen. (A)
F4 (or ESC-4) List: Display a pop-up list of possible values. (A)
F5 (or ESC-5) Reset: Restore the original value of an entry field.
F6 (or ESC-6) Command: Show the AIX command that is executed.
F7 (or ESC-7) Edit: Edit a field in a pop-up box or select from a multi-selection pop-up
list.
F8 (or ESC-8) Image: Save the current screen to a file (A) and show the current
fastpath.
F9 (or ESC-9) Shell: Start a sub-shell. (A)
F9 Reset: all fields. (M)
F10 (or ESC-0): Exit: Exit SMIT immediately. (A)
F10: Go to the command bar. (M)
F12 Exit: Exit SMIT immediately. (M)
Ctrl-l List: Give a pop-up list of possible values. (M)
PgDn (or Ctrl-v): Scroll down one page.
PgUp (or ESC-v): Scroll up one page.
Home (or ESC-<): Go to the top of the scrolling region.
End (or ESC->): Go to the bottom of the scrolling region.
Enter: Do the current command or select from a single-selection pop-up list.
/text: Finds the text in the output.
n: Finds the next occurrence of the text.

2-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Output screen
IBM Power Systems

Command
completed No standard
successfully COMMAND
COMMAND STATUS
STATUS error

Command:
Command: OK
OK stdout:
stdout: yes
yes stderr:
stderr: no
no

Before
Before command
command completion,
completion, additional
additional instructions
instructions may
may appear
appear below.
below.

Wed
Wed 88 Oct
Oct 11:23:06
11:23:06 2008
2008
Standard output
following command
execution
(stdout)

F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F6=Command
F6=Command
F8=Image
F8=Image F9=Shell
F9=Shell F10=Exit
F10=Exit /=Find
/=Find
n=Find
n=Find Next
Next

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-8. Output screen AN123.1

Notes:
Fields on first line of output
The Command field can have the following values: OK, RUNNING, and FAILED.
The value of the stdout field indicates whether there is standard output, that is, whether
there is output produced as a result of running the command. The output is displayed in the
body section of this screen.
The value of the stderr field indicates whether there are error messages. In this case, there
are no error messages.
Note that, in the Motif version of SMIT, a representation of a person in the top right-hand
corner of the screen is used to indicate the values of the Command field.
Body of the screen
The body of the screen holds the output or error messages from the command. In this
example, there is output, but there are no error messages.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SMIT log and script files


IBM Power Systems

smit.log
smit
command smit.script
execution
smit.transaction
$HOME/smit.log
Records a log of all menu and dialog screens visited, all commands
executed, and their output
Records any errors during the SMIT session
$HOME/smit.script
Shell script containing all AIX commands executed by SMIT
$HOME/smit.transaction
SMIT transactions log
Records date, description, and command script output of the commands
executed
SMIT output will be redirected
to file: /tmp/new-script. No
# smitty xs /tmp/new-script commands will be run.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-9. SMIT log and script files AN123.1

Notes:
Overview
SMIT creates three files in the $HOME directory of the user running SMIT. If these files
already exist, then SMIT appends to them. These files can grow quite large over time,
especially during installations. The user must maintain and truncate these files, when
appropriate.
The smit.log file
The smit.log file contains a record of every SMIT screen, menu, selector, and dialog
visited, the AIX commands executed, and the output from these commands. When the
image key is pressed, the screen image is placed in the smit.log file. If there are error
or warning messages, or diagnostic or debugging messages from SMIT, then these are
also appended to the smit.log file.
The smit.script file
The smit.script file contains the AIX commands executed by SMIT, preceded by the
date and time of execution. This file can be used directly as a shell script to perform
tasks multiple times, or it can be used as the basis for more complex operations.

2-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty The smit.transaction file


SMIT since AIX 5.2 has a relatively new file, smit.transaction. This file logs all the
executed commands similar to smit.script. The difference being smit.script logs all
commands, while smit.transaction only logs command_to_executes, see smit.log file.
For example, the user backs up the system using smit.
smit.script file
#
# [Oct 13 2008, 20:00:19]
#
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08
smit.transaction file
#=--------------------------------------------
# DATE: Oct 13 2008, 20:00:19
# DESCRIPTION: Back Up the System
#=--------------------------------------------
/usr/bin/mksysb '-i' '-A' /mnt/nm_sysb_13Oct08

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IBM Systems Director Console for AIX (pconsole)


IBM Power Systems

Web-based management interface (starting with AIX 6.1)


Enables converged consoles consistent with IBM Systems
Director:
Integrated solutions console
Lightweight infrastructure
Includes links to SMIT tasks
How to check
Requires Java v5 that it is
running
Installed by default

## lssrc
lssrc -s
-s pconsole
pconsole
Subsystem
Subsystem Group
Group PID
PID Status
Status
pconsole
pconsole pconsole
pconsole 737388
737388 active
active

## netstat
netstat -a
-a |grep
|grep 5336
5336
tcp
tcp 00 00 *.5336
*.5336 *.*
*.* LISTEN
LISTEN

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-10. IBM Systems Director Console for AIX (pconsole) AN123.1

Notes:
IBM Systems Director Console for AIX
The IBM Systems Director Console for AIX, also known as the Console, is a new
management interface that allows administrators to manage AIX remotely through a
browser. It provides web access to common systems management tasks. The Console was
introduced as part of AIX 6.1. The only additional component required is a web browser.
The Console is named after the IBM Systems Director because it is built on the same
graphical user interface as the IBM Systems Director. Although the Console is named after
the IBM Systems Director, it is not a prerequisite. All components necessary to run the
Console are included in AIX 6.1 and later.
The Console also includes menu links to the Systems Management Interface Tool (SMIT),
Web-based System Manager, and Distributed Command Execution Manager (DCEM).
DCEM is a new facility to securely execute SMIT operations or other commands on
multiple machines at one time. This can improve administrator efficiency by reducing the
need to log in to multiple systems to run the same systems management task.

2-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Lightweight Infrastructure (lwi.runtime)


The Lightweight Infrastructure (LWI) is a small footprint, simple to configure, a secure
infrastructure for hosting web applications, web services, and other application related
components. The LWI is based on Open Services Gateway Initiative (OSGi) architecture
and is derived from WebSphere Everyplace Deployment 6.0 (WED). The LWI is comprised
of the base OSGi/Eclipse service platform plus additional custom components and bundles
which support web applications, web services, and the building of components.
File sets installed to support pconsole
- sysmgt.pconsole.rte
- sysmgt.pconsole.apps.wdcem
- sysmgt.pconsole.apps.wrbac
- sysmgt.pconsole.apps.wsmit
- lwi.runtime

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Console interface
IBM Power Systems

Web browser-based access


https://<hostname (or IP)>:5336/ibm/console (Defaults to SSL. Use 5335 for non-SSL.)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-11. Console interface AN123.1

Notes:
Logging into the console
IBM Systems Director Console for AIX relies on your AIX user account for user-logon
security. If the user ID that you provide is already logged into the console, the console
prompts you to choose between logging out from the other session or returning to the login
page. If you choose to log out from the other session, the console will not recover any
unsaved changes that were made by that user.
Use the Logout link in the console toolbar when you are finished using the console to
prevent unauthorized access. If there is no activity during the login session for an extended
period of time, the session expires and you must log in again to access the console. The
default session timeout period is 30 minutes.
If you encountered the login problem, please check the following items:
No user account on the target server?
Have the administrator create an account.
Password expired or not set (new user account)?

2-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Log in through local terminal or telnet, and set the password.
Already logged into console?
Look for a warning message which gives you the option to terminate the previous
session.
You can log into the console as root, which gives you the authority to perform all tasks, or
you can delegate certain tasks to non-root users. If the only user that you want to authorize
as a console user is root, no further set up is required.
The root id has console administrator authorization, which authorizes them to launch any
console task. By default, console tasks are visible only to root. If you want to authorize
non-root users to perform console tasks, additional setup is required. You must authorize
each user to access one or more tasks that appear in the console navigation area and you
must assign each user the AIX authorizations (RBAC) for the actions performed by these
tasks.
Changing port values
IBM Systems Director Console for AIX uses the http: 5335 and https: 5336 ports. If you
need to change the port numbers, modify the following properties in the
/pconsole/lwi/conf/overrides/port.properties file and then restart pconsole to change
these ports:
com.ibm.pvc.webcontainer.port=5335
com.ibm.pvc.webcontainer.port.secure=5336
In addition, modify /pconsole/lwi/conf/webcontainer.properties. Change all occurrences
of 5336 to the secure port you wish to use.
Console security
By default, the IBM Systems Director Console for AIX provides a Secure Sockets Layer
(SSL) certificate that enables HTTPS connections between the IBM Systems Director
Console for AIX and the Web browser client.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Console applications
IBM Power Systems

OS Management (new SMIT-based tasks)


Portlets/modules
For example, system health
Classical SMIT
Classic-style smit menus for those who prefer a more traditional look
and feel
Distributed Command Execution Manager (DCEM)
Used to execute commands on multiple systems in parallel
Based on the standard UNIX dsh function
On AIX, this is part of the Cluster Systems Management (CSM) product,
csm.dsh, which is installed as part of a base AIX install.
Supports groups of systems
Supports rsh and ssh authentication

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-12. Console applications AN123.1

Notes:
Within pconsole exists a number of applications:
OS management
This is the core of the application. Menu options are similar to SMIT but in a redesigned
new layout.
Portlets/Modules
Are facilities within pconsole which provide system information and health details
Classical SMIT
Very useful for those who still prefer the look and feel of traditional SMIT.
Distributed Command Execution Manager (DCEM)
This is a graphical wrapper around an existing UNIX dsh' utility. It allows commands
and scripts to be executed on multiple hosts.
For further information on dsh, see the AIX man page or the CSM documentation:
http://publib.boulder.ibm.com/infocenter/clresctr/vxrx/index.jsp?topic=/com.ibm.cluster.csm
.doc/csm141/am7cm11052.html

2-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Console management view


IBM Power Systems

New look and feel Define


Toolbar start-up
Navigation pages
area

Work area

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-13. Console management view AN123.1

Notes:
Toolbar
The toolbar and banner area displays a common image across IBM System Director
Console for AIX installations. The Console toolbar provides the following functions:
Displays user name, for example, Welcome root
Help
Logout
Help is available for the entire console or for a specific module in the console. To access
console help, perform the following steps:
Select Help on the console toolbar. The help is displayed in a separate browser
window.
In the help navigation tree, select the help set you want to view. For example, select
Console help to view topics that provide information for new console users. Use the
console controls as needed. To access help for a module on a page, on the title bar for

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

the module, click the ? icon. This icon is displayed only if help is available for the
module. The help is displayed in a separate browser window.
Navigation area
The navigation area provides a tree to the tasks that are available in the console. Tasks are
grouped into organizational nodes that represent categories of tasks. For example, OS
Management or Settings, are organizational nodes. The organizational nodes can be
nested in multiple levels.
The navigation tree only displays tasks to which you have access. This is controlled by the
Console Roles and RBAC authorizations.
In this area, the following task categories can be accessed:
Welcome
My Startup Pages
OS Management (AIX settings
Health
Settings (Console settings)
When you select a task in the navigation tree, a page containing one or more modules for
completing the task is displayed in the work area.
Work area
When you initially log in to the console, the work area displays a welcome page. After you
launch a task from the navigation tree, the contents of the task are displayed in a page in
the work area. A page contains one or more console modules that are used to perform
operations. Each console module has its own navigation controls. Some pages include a
control to close the page and return to the welcome page.
Startup pages
Regular pconsole users will want to set up startup pages at login, rather than seeing the
welcome page every time. To do this, simply select the page you are interested in from the
box in the top right hand area of the screen. Select add to my start-up pages. The next
time you log in, the page will be displayed in a tab.

2-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System health (1 of 3)
IBM Power Systems

Portlets: System summary and metric details


Time to
refresh

Section-
specific
help

Refresh
immediately

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-14. System health (1 of 3) AN123.1

Notes:
IBM Systems Director Console for AIX contains several portals. Each portlet refreshes after
a certain time interval to ensure the information is always consistent and up-to-date. The
example above is the system health portal. This shows detailed system and performance
information for the host running pconsole.
Metrics
The metrics feature of IBM Systems Director Console for AIX, provides the overall health of
the monitored metrics for the managed server. The window provides common status
information about the memory and CPUs. The main page provides a description of the
monitored metrics with separate rows for summary information on each metric. These
include the following:
Select: Click to determine the metric displayed in the Metric Detail feature
Metric: Displays the name of the metric being monitored
Trend: Displays a graphic to indicate the recent changes to the metric
Previous: Displays the prior value for the metric
Latest: Displays the last monitored value for the metric

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System health (2 of 3)
IBM Power Systems

Configuration information

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-15. System health (2 of 3) AN123.1

Notes:
Summary Information
The summary feature provides the overall health status of the managed server. The
window provides common status information about the overall system, network, and
paging space configuration.
System Configuration
This expanded section displays information regarding the System p hardware and AIX
settings including such information as the model and serial number, processor type,
number and speed, memory size and status, and system recovery settings, like the
auto restart setting. All these values are related to the overall health and status of the
server. Some of these values may be changed in the System Environment area of the
console.
Network Configuration
This expanded section displays information regarding the network settings including
such information as IP address, hostname, subnet mask, domain name, gateway, and

2-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty name server. All these values are related to the overall health and status of the network
connections for the server. Some of these values may be changed in the
Communications area of the console.
Paging Space Configuration
This expanded section displays information regarding the operating system paging
space setting which indicates the total paging space available. This value is related to
the overall health and status of the server. The value may be changed in the System
Storage Management area of the console.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System health (3 of 3)
IBM Power Systems

Portlets: Top Processes and File Systems

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-16. System health (3 of 3) AN123.1

Notes:
Top Processes
The process feature provides a list of the running processes in a table view. The window
provides common status information about each individual process. A table describes each
process with separate columns to view detailed information. The table is initially sorted by
the parent ID. These columns include the following:
Process Name displays the command that initiated the process.
Process ID displays the ID number for the process.
Parent ID displays the process ID number for the parent process that started the
process.
CPU % displays the percent of the total CPU available used by the process in the cycle
before the last refresh.
Time displays the total CPU time the process has been running before the last refresh.
User displays the user ID under which the process is running.

2-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty File System


The file system feature provides a list of the defined file systems in a table view. The
window provides common status information about each individual file system. The table
describes each individual file system with separate columns to view detailed information.
The table is sorted by the file system name. These columns include the file system name,
mount point, size, and free area.
File System displays the file system name.
Mount Point displays the current mount location for the file system.
Size displays the size of the file system in M bytes.
Free Space displays the size of the free space available in the file system in M bytes.
Free % displays the percentage of the total space not in use.
Page indicates the current page and total number of pages of file system information.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Classical SMIT
IBM Power Systems

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-17. Classical SMIT AN123.1

Notes:
IBM Systems Director Console for AIX provides a web interface for classical SMIT. The
classical SMIT interface features the same menu structures and dialog panels as the ASCII
SMIT.

2-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

DCEM portlet (1 of 5)
IBM Power Systems

Graphical driven Commands


UNIX dsh
functionality dsh

LPAR:
LPAR:

LPAR:
LPAR:

AIX4
AIX2

AIX3
AIX1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-18. DCEM portlet (1 of 5) AN123.1

Notes:
DCEM allows commands and scripts to be executed on multiple hosts concurrently. It is
based on the standard UNIX dsh (distributed shell) command.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

DCEM portlet (2 of 5)
IBM Power Systems

Enter job
name and
description.

Defaults to
standard PATH
and user root.

Enter
commands to
run.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-19. DCEM portlet (2 of 5) AN123.1

Notes:
The first task is to enter a job name and description, then work along the tabs, filling in the
information as appropriate. Starting with the Command Specification tab, the following
fields may be used when creating a distributed command:
Name: Specify a name for the distributed task if you would like to save it for future use.
Path: Specify the path of the command.
Default User: Specify the user name under which the command will run. The user
currently logged in is the default value.
Command (required): The command definition.

2-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

DCEM portlet (3 of 5)
IBM Power Systems

Specify
target
machines.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-20. DCEM portlet (3 of 5) AN123.1

Notes:
Moving to the Target Specification tab, create a set of targets on which the command will
run, by selecting any combination of DSH hosts and groups, CSM hosts and groups, and
NIM hosts and groups.
CSM is cluster software for AIX. NIM is software on AIX which allows AIX to be installed
over a network. Both CSM and NIM hosts can be grouped together for ease of
management. For these fields to be used, the IBM Systems Director Console must be
running directly on either a CSM or NIM server respectively.
Groups, CSM, and NIM are concepts beyond the scope of this course.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

DCEM portlet (4 of 5)
IBM Power Systems

Defaults to
rsh, ssh is
optional

Confirmation
that job is
running

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-21. DCEM portlet (4 of 5) AN123.1

Notes:
Moving to the Options tab, specify:
Remote shell: The default value is /usr/bin/rsh. Optionally, you can specify ssh if you
want to make the remote execution secure. Either way, the pconsole server must be
able to execute commands on the remote hosts without entering a password.
Otherwise, dsh commands will fail.
Verify targets are responding: Select this check box to verify that targets are
responding before running the command.
The following options can be used when running the command:
Run: This option runs the command on the specified targets.
Run and Save: This option runs the command on the specified targets and saves the
current command specification as a script.
Save: This option saves the current command specification as a script. All information
specified in the command specification tab, targets tab, and options tab will be saved.
The Generate Script button will produce a perl command script in the /dcem/scripts
directory on the pconsole server.The submission report will only confirm that the job is
running. To see whether the job has completed successfully, click the View Status button.

2-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

DCEM portlet (5 of 5)
IBM Power Systems

Status:
Completed OK
or failure!

Report output.
Further host output
can be seen by
selecting the links
below.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-22. DCEM portlet (5 of 5) AN123.1

Notes:
After selecting view status, as shown on the previous visual, the Job Status window will
appear. In the example shown above, the DCEM job was completed successfully. To obtain
further information, click the View Report button.

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Console logging and tracing


IBM Power Systems

Console logs
Location: /var/log/pconsole/logs
Formatted using XML
Rotated using file names error-log-#.xml and trace-log-#.xml
## ls
ls /var/log/pconsole/logs
/var/log/pconsole/logs
error-log-0.xml
error-log-0.xml error-log-5.xml
error-log-5.xml trace-log-3.xml
trace-log-3.xml
error-log-0.xml.lck
error-log-0.xml.lck Log_Viewer.xml
Log_Viewer.xml trace-log-4.xml
trace-log-4.xml
error-log-1.xml
error-log-1.xml trace-log-0.xml
trace-log-0.xml trace-log-5.xml
trace-log-5.xml
error-log-2.xml
error-log-2.xml trace-log-0.xml.lck
trace-log-0.xml.lck
error-log-3.xml
error-log-3.xml trace-log-1.xml
trace-log-1.xml
error-log-4.xml
error-log-4.xml trace-log-2.xml
trace-log-2.xml

Classical SMIT logs


Location: $HOME/wsmit.log & wsmit.script
DCEM log
Location: $HOME/dcem/logs/dcem.log
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-23. Console logging and tracing AN123.1

Notes:
The Systems Director Console log file are stored in XML format in the
/var/log/pconsole/logs directory.
Console Logging and Tracing
Error log file
The system appends log messages to a single log file. A new log file is created each time
you start Integrated Solutions Console. Logging messages are written to the file
error-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write log messages.
Trace log file
The system appends traces messages to a single log file. A new trace file is created each
time you start Integrated Solutions Console. Trace messages are written to the file
trace-log-0.xml of the /logs subdirectory of the console installation. This file is always
locked by the console to write trace messages.

2-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Classical SMIT logs are similar in nature to regular AIX SMIT. The letter w is prefixed to the
standard SMIT log file names, to differentiate these pconsole logs from the standard AIX
SMIT logs. There is no equivalent smit.transaction log produced through pconsole.
An example DCEM.log:
------------------------------------------------------------
Command name: Unspecified
Default user: root
Command definition:
export PATH=\$PATH;uname -a
Started: Tue Oct 14 17:06:34 2008
Ended: Tue Oct 14 17:06:35 2008
Successful targets:
DSH nodes:
statler.lpar.co.uk
waldorf.lpar.co.uk
Failed targets:
none
Targets not run:
none
Status:
Command execution completed.
-----------------------------------------------------------

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. List the three main system management tools available on AIX.


a. ______________
b. ______________
c. ______________

2. What is the purpose of the smit.script file?

3. What information can one get from looking at the system configuration
details in IBM Systems Director Console?
a. ______________
b. ______________
c. ______________
d. ______________
e. ______________
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-24. Checkpoint AN123.1

Notes:

2-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

AIX system
management

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-25. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 2. AIX system management tools 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Describe the benefits of the system management tools
available in AIX
Discuss the functionality of SMIT and the IBM Systems
Director Console for AIX
Explain how system management activity is logged
Log in to IBM Systems Director Console and use graphic
interface to manage the system

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 2-26. Unit summary AN123.1

Notes:

2-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 3. System startup and shutdown

What this unit is about


This unit describes how to start up and shut down the managed
system and AIX partitions.

What you should be able to do


After completing this unit, you should be able to:
Describe the system and AIX startup process
Activate the system and AIX partitions
Explain the difference between SMS and normal startup modes
Describe the contents of the /etc/inittab file
Use System Resource Controller commands to start, stop, and
display AIX subsystems
Explain how to shut down the system and AIX partitions

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating System and Device
Management
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Describe the system and AIX startup process
Activate the system and AIX partitions
Explain the difference between SMS and normal startup
modes
Describe the contents of the /etc/inittab file
Use System Resource Controller commands to start, stop,
and display AIX subsystems
Explain how to shut down the system and AIX partitions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-1. Unit objectives AN123.1

Notes:

3-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System startup
IBM Power Systems

Plug in managed system


Level 1: Power off Service processor is active.

Issue Power On command


All devices are initialized and powered on.
Level 2: Standby
System is ready to support partitions.

SMS mode
Start AIX - OR -
partitions
Normal mode

Level 3: Operating System is running partitions.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-2. System startup AN123.1

Notes:
Level 1: Power Off state
The first power level is achieved by plugging in the power cord of the managed system
into a live power socket. The HMC will report that the managed system is in the Power
Off state. No additional buttons need to be pushed and no commands need to be
issued.
The service processor will be initialized and the service processor software will be
loaded and run. If your system has an Operator Panel, you'll see codes on the display
panel and after a few minutes, you will also see a steady blinking green light. The HMC
will also display the codes and status information for the managed system. At this point,
the service processor is an active host on the network. You may use the system
management (ASMI) application on the service processor. However, the rest of the
devices, such as disks, processors, and so forth, on the managed system are still
powered off.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Level 2: Standby state


To advance to the second power on level, a power on command must be issued to the
managed system. At this point, all devices are initialized and ready to use. However, no
partitions are running yet, so their devices are not yet in use. Do not attempt to remove
hardware from the system at this level. The HMC will report that the managed system is
in the Standby state.
Level 3: Operating state
Once you start the first partition on the system, your managed system will be at the third
and highest power on level. The HMC will report the state of the managed system as
Operating. This means it has been fully powered on, initialized, and is running at least
one partition. With the proper procedures and commands, hot-pluggable devices may
be physically removed from the partitions. Once your managed system is in the
Operating state, it remains there until you issue a power off command or a system error
changes the state. If you shut down all of the partitions, but do not power off the
managed system, the HMC will still report the Operating state. However, at this point,
the system is in a state functionally equivalent to the Standby state.

3-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Managed system activation


IBM Power Systems

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o on

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-3. Managed system activation AN123.1

Notes:
Introduction
The visual -shows a managed system in the Power Off state. The HMC menu is shown
where you can choose to power on the system. This is the selected menu when the
managed system is selected. The next visual shows you the screen that appears after
choosing Power On from the menu.
HMC command for managed system power on
The chsysstate HMC command can also be used in an SSH session to change the
state of the managed system or partitions. Specific examples of power on commands
will be shown on the following pages.
Scheduling the managed system power on
You can schedule an automatic managed system power on for a particular date and
time, and it can be scheduled to repeat. This application is found under HMC
Management > HMC Configuration > Schedule Operations.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Startup modes for AIX (1 of 2)


IBM Power Systems

The two most popular start-up modes are:


SMS mode (the firmware menu)
Normal mode

SMS mode is used for:


Selecting the boot device, for example, network and IPL parameters
Booting into Service (Maintenance) mode, for example:
To fix a machine that will not boot
Recover root password
SMS Top
Level
PowerPC Firmware
Version EL320_083 Firmware
SMS 1.7 (c) Copyright IBM Corp. 2000,2008 All rights reserved. Menu
----------------------------------------------------------------
Main Menu
1. Select Language
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
4. Select Console
5. Select Boot Options

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-4. Startup modes for AIX (1 of 2) AN123.1

Notes:
System Management Services
To boot into SMS, either press the 1 key shortly after partition activation, or set the
partition to specifically SMS boot. To do this, click the Advanced button on activation
and set the boot mode to SMS.
SMS is the Power System firmware menu. The code is shipped with the hardware. This
resource can be used to select the boot device, or change the order of the bootlist and
boot the system into Service mode, if maintenance is required.
Service mode enables the user to run diagnostics or access the system in single-user
mode.

3-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Startup modes for AIX (2 of 2)


IBM Power Systems

Normal mode
AIX boots into multi-user mode (run level 2).
Users can log in, the system can be configured, and applications can
start.
The bootlist command can change the start-up boot device list.

## bootlist Displays the current


bootlist -m
-m normal
normal -o
-o
hdisk0 boot device (hdisk0)
hdisk0 blv=hd5
blv=hd5

## bootlist
bootlist m
m normal
normal hdisk0
hdisk0 hdisk1
hdisk1

Other less common start-up modes:


Diagnostic with default boot list
Boot to service mode using default boot list (has optical drive first)
Diagnostic with stored boot list
Boot to service mode using a user customized bootlist
Open firmware
Open firmware prompt; used by service/support personnel to obtain low level
debug information
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-5. Startup modes for AIX (2 of 2) AN123.1

Notes:
Start-up modes:
Normal: The logical partition starts up as normal. This is the mode that you use to
perform most everyday tasks. When the machine does a normal boot, it completes the
full AIX boot sequence and start processes, enables terminals and generates a login
prompt, to make it available for multi-user access. It also activates the disks, sets up
access to the files and directories, starts networking, and completes other machine
specific configurations.
Diagnostic with default boot list: The logical partition boots to service mode using the
default boot list that is stored in the system firmware. This mode is normally used to
either boot to diagnostics from a hard drive, or to boot off bootable media (a diagnostics
CD or installation media).
Diagnostic with stored boot list: The logical partition performs a service mode boot
using the service mode boot list saved in NVRAM.
Open Firmware OK prompt: The logical partition boots to the open firmware prompt.
This option is used by service personnel to obtain additional debug information.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX startup process overview


IBM Power Systems

Partition activation

Locate AIX boot image


via firmware or bootlist

Load boot image


RAMFS created AIX Kernel is now in control.

Configure devices init process from RAMFS


Start rootvg executes rc.boot script.

Start real init process


Process /etc/inittab, default run-level 2.
From rootvg

LOGIN Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-6. AIX startup process overview AN123.1

Notes:
AIX start-up overview
After the partition is activated, a boot image is located from the boot device, specified
from SMS or the bootlist command, and is loaded into memory. During a normal boot,
the location of the boot image is usually a hard drive. Besides hard drives, the boot
image could be loaded from CD/DVD. This is the case when booting into maintenance
mode for service. If working with the Network Installation Manager (NIM), the boot
image is loaded through the network.
The kernel restores a RAM file system into memory by using information provided in the
boot image. At this stage, the rootvg is not available, so the kernel needs to work with
commands provided in the RAM file system. You can think of the RAM file system as a
small AIX operating system. The kernel starts the init process which was provided in the
RAM file system, not from the root file system. This init process executes a boot script
which is named rc.boot. rc.boot controls the boot process. The base devices are
configured, rootvg is activated or varied on, and the real init process starts from rootvg
which will in turn process the /etc/inittab at run level two.

3-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX partition activation (1 of 2)


IBM Power Systems

# ssh hscroot@<hmc> chsysstate -m <ms_name> -r lpar \


-o on -n <lpar> -f <profile name> -b sms

To activate
into SMS

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-7. AIX partition activation (1 of 2) AN123.1

Notes:
Activating a partition
To activate a partition from the HMC Server Management application, select the
partition name and choose Activate from the menu. An Activate Logical Partition
screen will appear from which the user can select the start-up profile.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX partition activation (2 of 2)


IBM Power Systems

AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2013
2013
Console login:
Console login:

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-8. AIX partition activation (2 of 2) AN123.1

Notes:
Activating a partition (continued)
Partitions can have one or many profiles assigned, one of which will be the default.
Profiles contain the attributes of the partition such as process and memory
requirements, and assigned devices. At the time of starting the profile a virtual console
session can be optionally started. The Advanced button enables users to set the
start-up mode. A default start-up mode will be contained within the profile.

3-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

The alog command


IBM Power Systems

User Boot Install


NIM
Applications Process Process

alog program

/var/adm/ras/bootlog
/var/adm/ras/BosMenus.log
Use the
/var/adm/ras/bosinst.log
alog
command
/var/adm/ras/nimlog
to view /var/adm/ras/conslog
logs /var/adm/ras/errlog

To view the boot log:


## alog
alog o
o t
t boot
boot

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-9. The alog command AN123.1

Notes:
Overview
The alog command is a BOS feature that provides a general-purpose logging facility
that can be used by any application or user to manage a log. The alog command reads
standard input, writes the output to standard out, and copies it to a fixed size file at the
same time.
The log file
The file is treated as a circular log. This means that when it is filled, new entries are
written over the oldest entries. Log files used by alog are specified on the command
line or defined in the alog configuration database maintained by the ODM. The
system-supported log types are boot, bosinst, nim, and console.
Use in boot process
Many system administrators start the boot process, and then go and get a cup of coffee.
Unfortunately, boot messages may appear on the screen, only to be scrolled and lost,
never to be seen by the user. In some instances, these messages may be important,

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

particularly if the system did not boot properly. Fortunately, alog is used by the rc.boot
script and the configuration manager during the boot process to log important events.
To view the boot information, the command alog o -t boot may be used. If the
machine does not boot, boot the machine into maintenance mode and view the boot
log contents.
Viewing logs with SMIT
You can also use SMIT to view the different system-supported logs. Use the following
command:
# smit alog

3-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

/etc/inittab
IBM Power Systems

Format of the line: id:runlevel:action:command


init:2:initdefault:
init:2:initdefault:
brc::sysinit:/sbin/rc.boot
brc::sysinit:/sbin/rc.boot 33 >/dev/console
>/dev/console 2>&1
2>&1 ## Phase
Phase 33 of
of system
system boot
boot
powerfail::powerfail:/etc/rc.powerfail
powerfail::powerfail:/etc/rc.powerfail 2>&12>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console
mkatmpvc:2:once:/usr/sbin/mkatmpvc
mkatmpvc:2:once:/usr/sbin/mkatmpvc >/dev/console
>/dev/console 2>&12>&1
atmsvcd:2:once:/usr/sbin/atmsvcd
atmsvcd:2:once:/usr/sbin/atmsvcd >/dev/console
>/dev/console 2>&1
2>&1
tunables:23456789:wait:/usr/sbin/tunrestore
tunables:23456789:wait:/usr/sbin/tunrestore -R -R >> /dev/console
/dev/console 2>&1
2>&1 ## Set
Set tunables
tunables
rc:23456789:wait:/etc/rc
rc:23456789:wait:/etc/rc 2>&1
2>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console ## Multi-User
Multi-User checks
checks
rcemgr:23456789:once:/usr/sbin/emgr
rcemgr:23456789:once:/usr/sbin/emgr -B -B >> /dev/null
/dev/null 2>&1
2>&1
fbcheck:23456789:wait:/usr/sbin/fbcheck
fbcheck:23456789:wait:/usr/sbin/fbcheck 2>&12>&1 || alog
alog -tboot
-tboot >> /dev/console
/dev/console
srcmstr:23456789:respawn:/usr/sbin/srcmstr
srcmstr:23456789:respawn:/usr/sbin/srcmstr ## System
System Resource
Resource Controller
Controller
rctcpip:23456789:wait:/etc/rc.tcpip
rctcpip:23456789:wait:/etc/rc.tcpip >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start TCP/IP
TCP/IP daemons
daemons
rcnfs:23456789:wait:/etc/rc.nfs
rcnfs:23456789:wait:/etc/rc.nfs >> /dev/console
/dev/console 2>&1
2>&1 ## Start
Start NFS
NFS Daemons
Daemons
sniinst:2:wait:/var/adm/sni/sniprei
sniinst:2:wait:/var/adm/sni/sniprei >> /dev/console
/dev/console 2>&1
2>&1
cron:23456789:respawn:/usr/sbin/cron
cron:23456789:respawn:/usr/sbin/cron
qdaemon:23456789:wait:/usr/bin/startsrc
qdaemon:23456789:wait:/usr/bin/startsrc -sqdaemon
-sqdaemon
writesrv:23456789:wait:/usr/bin/startsrc
writesrv:23456789:wait:/usr/bin/startsrc -swritesrv
-swritesrv
uprintfd:23456789:respawn:/usr/sbin/uprintfd
uprintfd:23456789:respawn:/usr/sbin/uprintfd
shdaemon:2:off:/usr/sbin/shdaemon
shdaemon:2:off:/usr/sbin/shdaemon >/dev/console
>/dev/console 2>&1
2>&1 ## High
High availability
availability daemon
daemon
l2:2:wait:/etc/rc.d/rc
l2:2:wait:/etc/rc.d/rc 22
l3:3:wait:/etc/rc.d/rc
l3:3:wait:/etc/rc.d/rc 33
l4:4:wait:/etc/rc.d/rc
l4:4:wait:/etc/rc.d/rc 44
l5:5:wait:/etc/rc.d/rc
l5:5:wait:/etc/rc.d/rc 55
l6:6:wait:/etc/rc.d/rc
l6:6:wait:/etc/rc.d/rc 66
l7:7:wait:/etc/rc.d/rc
l7:7:wait:/etc/rc.d/rc 77
l8:8:wait:/etc/rc.d/rc
l8:8:wait:/etc/rc.d/rc 88
l9:9:wait:/etc/rc.d/rc
l9:9:wait:/etc/rc.d/rc 99


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-10. /etc/inittab AN123.1

Notes:
Introduction
The /etc/inittab file lists the processes that init starts, and it also specifies when to
start them. If this file gets corrupted, the system cannot boot properly. Because of this, it
is a good idea to keep a backup of this file. This file should never be edited directly. Use
lsitab, chitab, and mkitab commands. After editing the /etc/inittab file, force the
system to reread the file by using the telinit q command.
To list the inittab type: lsitab a
To add an entry into the inittab type: mkitab [ -i Identifier ] { [ Identifier ] :
[ RunLevel ] : [ Action ] : [ Command ] }
Example: mkitab "tty002:2:respawn:/usr/sbin/getty /dev/tty2"
To chance an entry in the inittab type: chitab { [ Identifier ] : [ RunLevel ] :
[ Action ] : [ Command ] }
Example: chitab "tty002:4:respawn:/usr/sbin/getty /dev/tty"

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Format of entries
The individual line entries in /etc/inittab contain the following fields:
Id: Up to 14 characters that identify the process.
Runlevel: Defines the run levels for which the process is valid. AIX uses run levels of
0-9. If the telinit command is used to change the run level, a SIGTERM signal is sent to
all processes that are not defined for the new run level. If, after 20 seconds, a process
has not terminated, a SIGKILL signal is sent. The default run level for the system is 2,
which is AIX multiuser mode.
Action: How to treat the process. Valid actions are:
- respawn: If the process does not exist, start it. If the process dies then restart it.
- wait: Start the process and wait for it to finish before reading the next line.
- once: Start the process and immediately read the next line. Do not restart it if it
stops.
- sysinit: Commands to be run before trying to access the console
- off: Do not run the command.
- Command. Use the AIX command to run to start the process.
Run levels
AIX uses a default run level of 2. This is the normal multi-user mode. You may want to
perform maintenance on your system without having other users logged in. The
command shutdown -m places your machine into a single user mode terminating all
logins. Once the machine reaches the single user mode, you are prompted to enter the
root password. When you are ready to return to normal mode, type telinit 2.

3-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Run levels
IBM Power Systems

Run levels on AIX:


0 and 1: Reserved for future use
2 default (normal): Multi-user mode
3 through 9: Free to be defined by the administrator

The telinit or init command can be used to change run


levels.
a, b, c, and h can be initiated during any run level start-up, 2 through 9,
without killing any existing run level processes.
S, s, M, m, results in the system entering single user / maintenance
mode.
Q, q, re-examines and processes the /etc/inittab file on request.

Example: To go from single user to multi-user mode, execute:


# telinit 2

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-11. Run levels AN123.1

Notes:
Run levels define the behavior of init, and by extension, those processes which run on the
system when it is at any given level. A run level is a software configuration that allows only
a selected group of processes to exist. The system can be at one of the following run
levels:
0-9
Tells the init command to place the system in one run level 0-9
When the init command requests a change to run levels 0-9, it kills all processes at the
current run levels and then restarts any processes associated with the new run levels.
0-1
Reserved for the future use of the operating system
2
Contains all of the terminal processes and daemons that are run in the multiuser
environment

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

In the multiuser environment, the /etc/inittab file is set up so that the init command
creates a process for each terminal on the system. The console device driver is also set
to run at all run levels so the system can be operated with only the console active.
3-9
Can be defined according to the user's preferences
S,s,M,m
Tells the init command to enter the maintenance mode. When the system enters
maintenance mode from another run level, only the system console is used as the
terminal.
a,b,c,h
Tells the init command to process only those records in the /etc/inittab file with a, b,
c, or h in the run level field. These four arguments, a, b, c, and h, are not true run levels.
They differ from run levels in that the init command cannot request the entire system to
enter run levels a, b, c, or h. When the init command finds a record in the /etc/inittab
file with a value of a, b, c, or h in the run level field, it starts the process. However, it
does not kill any processes at the current run level. Processes with a value of a, b, c, or
h in the run level field, are started in addition to the processes already running at the
current system run level. Another difference between true run levels and a, b, c, or h, is
that processes started with a, b, c, or h are not stopped when the init command
changes run levels. There are three ways to stop a, b, c, or h processes:
- Type off in the Action field.
- Delete the objects entirely.
- Use the init command to enter maintenance state.

3-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Directory and script control


IBM Power Systems

Startup and stop scripts can be defined for each run level
which are automatically invoked at entry and exit.
/etc/rc.d
/etc/rc.d ## ls
ls R
R

init.d
init.d rc
rc rc2.d
rc2.d rc3.d
rc3.d rc4.d
rc4.d rc5.d
rc5.d rc6.d
rc6.d rc7.d
rc7.d rc8.d
rc8.d rc9.d
rc9.d
./init.d:
./init.d:

./rc2.d:
./rc2.d:
Ksshd
Ksshd Kwpars
Kwpars Ssshd
Ssshd Scripts starting
with S are invoked
./rc3.d:
./rc3.d: at boot time by
./rc4.d:
./rc4.d:
/etc/rc.d/rc.

./rc5.d:
./rc5.d:

./rc6.d:
./rc6.d:
Scripts starting with K are
./rc7.d:
./rc7.d:
invoked synchronously by
shutdown with one argument:
./rc8.d:
./rc8.d: 'stop'. They are also called on
startup prior to invoking the start
./rc9.d:
./rc9.d: scripts.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-12. Directory and script control AN123.1

Notes:
Run level control scripts
Run level scripts enable system administrators to start and stop selected applications
and services, or perform tasks during system start-up, shutdown or during run level
change. Run level scripts need to be created in the subdirectory of /etc/rc.d that is
specific to the run level. Scripts beginning with K are stop scripts, while scripts
beginning with S are start scripts.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System Resource Controller


IBM Power Systems

Provides a single interface to control subsystems


Controls individual subsystems or groups of subsystems
## ps
ps -ef
-ef |grep
|grep src
src SRC
UID
UID PID
PID PPID
PPID CC STIME
STIME TTY
TTY TIME
TIME CMD
CMD Master
root
root 172178
172178 11 00 18
18 Sep
Sep -- 0:00
0:00 /usr/sbin/srcmstr
/usr/sbin/srcmstr process
## ps
ps -T
-T 172178
172178
PID
PID TTY
TTY TIME
TIME CMD
CMD
Parent
172178
172178 -- 0:00
0:00 srcmstr
srcmstr PID = init
151672
151672 -- 0:01
0:01 |\--syslogd
|\--syslogd
163968
163968 -- 0:00
0:00 |\--inetd
|\--inetd
303160 -- 0:00 || \--rlogind
303160
512170
0:00 \--rlogind Subsystem
512170 pts/0
pts/0 0:00
0:00 || \--ksh
\--ksh
463024
463024 pts/0
pts/0 0:00
0:00 || \--ps
\--ps
168088
168088 -- 0:00
0:00 |\--portmap
|\--portmap
180418
180418 -- 0:00
0:00 |\--IBM.ServiceRMd
|\--IBM.ServiceRMd
188650 -- 1:24 |\--rmcd
188650
200856 --
1:24
3:47
|\--rmcd
|\--clstrmgr
Subserver
200856 3:47 |\--clstrmgr
204904
204904 -- 0:00
0:00 |\--tftpd
|\--tftpd
176288
176288 -- 0:00
0:00 || \--tftpd
\--tftpd
213102
213102 -- 0:00
0:00 |\--sshd
|\--sshd
221334
221334 -- 0:00
0:00 |\--snmpdv3ne
|\--snmpdv3ne
254124
254124 -- 0:00
0:00 |\--IBM.DRMd
|\--IBM.DRMd
262276
262276 -- 0:59
0:59 |\--IBM.CSMAgentRMd
|\--IBM.CSMAgentRMd
417800
417800 -- 0:00
0:00 \--ctcasd
\--ctcasd

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-13. System Resource Controller AN123.1

Notes:
Purpose of the System Resource Controller
The System Resource Controller (SRC) provides a set of commands to make it easier
for the administrator to control subsystems. A subsystem is a daemon, or server, that is
controlled by the SRC. A subserver is a daemon that is controlled by a subsystem.
Daemon commands and daemon names are usually denoted by a d at the end of the
name. For example, inetd is a subsystem and can be controlled through SRC
commands. rlogind is a subserver which is started by the inetd subsystem as shown in
the visual.

3-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing subsystems
IBM Power Systems

The lssrc command is used to list subsystems.


## lssrc
lssrc -a
-a
Subsystem
Subsystem Group
Group PID
PID Status
Status
syslogd
syslogd ras
ras 151672
151672 active
active
portmap
portmap portmap
portmap 168088
168088 active
active
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
sshd
sshd ssh
ssh 213102
213102 active
active
ctrmc
ctrmc rsct
rsct 188650
188650 active
active
snmpd
snmpd tcpip
tcpip 221334
221334 active
active
clcomdES
clcomdES clcomdES
clcomdES 225414
225414 active
active
clstrmgrES
clstrmgrES cluster
cluster 200856
200856 active
active
ctcas
ctcas rsct
rsct 417800
417800 active
active
qdaemon
qdaemon spooler
spooler inoperative
inoperative
writesrv
writesrv spooler
spooler inoperative
inoperative
lpd
lpd spooler
spooler inoperative
inoperative

.
. Removed
Removed for clarity ..
for clarity ..

lssrc g
## lssrc g tcpip
tcpip |grep
|grep active
active
Subsystem
Subsystem Group
Group PID
PID Status
Status
inetd
inetd tcpip
tcpip 163968
163968 active
active
tftpd
tftpd tcpip
tcpip 204904
204904 active
active
snmpd
snmpd tcpip
tcpip 221334
221334 active
active

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-14. Listing subsystems AN123.1

Notes:
Introduction
In this section, we discuss some examples of SRC commands.
Listing SRC status
The lssrc command is used to show the status of the SRC subsystems. In the example
shown on the visual, we are checking the status of all subsystems using the -a flag and
the TCP/IP group using the -g flag.
Specifying a subsystem or subsystem group
The -s and -g flags are used to specify subsystems or subsystem groups, respectively.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SRC control
IBM Power Systems

Controlling subsystems
## stopsrc
stopsrc -s
-s inetd
inetd
0513-044
0513-044 The
The /usr/sbin/inetd
/usr/sbin/inetd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.

## startsrc
startsrc -s
-s inetd
inetd
0513-059
0513-059 The inetd
The inetd Subsystem
Subsystem has
has been
been started.
started. Subsystem
Subsystem PID
PID is
is
311374.
311374.

## refresh
refresh -s
-s inetd
inetd
0513-095
0513-095 The
The request
request for
for subsystem
subsystem refresh
refresh was
was completed
completed
successfully.
successfully.
Not all
subsystems
support being
refreshed.

## refresh
refresh -s
-s sshd
sshd
0513-005
0513-005 The Subsystem,
The Subsystem, sshd,
sshd, only
only supports
supports signal
signal
communication.
communication.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-15. SRC control AN123.1

Notes:
If a change is made to a subsystem configuration, then the subsystem will need to be
refreshed. For example, if the entry for the ftp service is disabled in the inetd.conf file, then
the inetd subsystem will need to be refreshed by using refresh command. Not all
subsystems can be refreshed. If this is the case, simply use startsrc and stopsrc
commands.

3-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX partition shutdown (1 of 2)


IBM Power Systems

The shutdown command, by default:


Gracefully stops all activity on the system.
Warns users of an impending shutdown.
Do a fast shutdown,
bypassing the
## shutdown
shutdown -Fr
-Fr messages to users,
SHUTDOWN and reboot the
SHUTDOWN PROGRAM
PROGRAM
Thu system.
Thu 99 Oct
Oct 20:15:49
20:15:49 2008
2008
0513-044
0513-044 The
The sshd
sshd Subsystem
Subsystem was
was requested
requested to
to stop.
stop.
Wait for 'Rebooting...' before stopping.
Wait for 'Rebooting...' before stopping.
Oct
Oct 99 2008
2008 20:15:50
20:15:50 /usr/es/sbin/cluster/utilities/clstop:
/usr/es/sbin/cluster/utilities/clstop: called
called with
with
flags
flags -f
-f -y
-y -s
-s -N
-N -S
-S
0513-004
0513-004 The
The Subsystem
Subsystem or
or Group,
Group, clinfoES,
clinfoES, is
is currently
currently inoperative.
inoperative.
Error
Error logging
logging stopped...
stopped...
Advanced
Advanced Accounting
Accounting has
has stopped...
stopped...
Process
Process accounting
accounting stopped...
stopped...
Stopping
Stopping NFS/NIS
NFS/NIS Daemons
Daemons

Connection
Connection closed.
closed.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-16. AIX partition shutdown (1 of 2) AN123.1

Notes:
Introduction
The SMIT shutdown fastpath or the shutdown command is used to shut the system
down cleanly. If used with no options, shutdown displays a message on all enabled
terminals (using the wall command), then (after one minute) disables all terminals, kills
all processes on the system, syncs the disks, unmounts all file systems, and then halts
the system.
Some commonly used options
You can also use shutdown with the -F option for a fast immediate shutdown (no
warning), -r to reboot after the shutdown or -m to bring the system down into
maintenance mode. The -k flag specifies a pretend shutdown. It appears to all users
that the machine is about to shut down, but no shutdown actually occurs.
Shutting down to single-user mode
Use the following command to shut down the system to single-user mode:
# shutdown -m

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Creating a customized shutdown sequence


If you need a customized shutdown sequence, you can create a file called
/etc/rc.shutdown. If this file exists, it is called by the shutdown command and is
executed first, that is, before normal shutdown processing begins. This is useful if, for
example, you need to close a database prior to a shutdown. If rc.shutdown fails
(non-zero return code value), the shutdown is terminated.

3-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX partition shutdown (2 of 2)


IBM Power Systems

AIX shutdown can also be initiated from the HMC.


# ssh hscroot@<hmc> chsysstate -o osshutdown

Do a fast
shutdown,
shutdown -F

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-17. AIX partition shutdown (2 of 2) AN123.1

Notes:
From the HMC, the following shutdown options are supported. Generally, best practice is to
shutdown AIX from within the partition.
Delayed: The HMC shuts down the logical partition using the delayed power-off
sequence. This allows the logical partition time to end jobs and write data to disks. If the
logical partition is unable to shut down within the predetermined amount of time, it will
end abnormally and the next restart may be longer than normal.
Immediate: The HMC shuts down the logical partition immediately. The HMC ends all
active jobs immediately. The programs running in those jobs are not allowed to perform
any job cleanup. This option might cause undesirable results if data has been partially
updated. Use this option only after a controlled shutdown has been unsuccessfully
attempted.
Operating System: The HMC shuts down the logical partition normally by issuing a
shutdown command to the logical partition. During this operation, the logical partition
performs any necessary shutdown activities. This option is only available for AIX logical
partitions.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Operating System Immediate: The HMC shuts down the logical partition immediately
by issuing a shutdown -F command to the logical partition. During this operation, the
logical partition bypasses messages to other users and other shutdown activities. This
option is only available for AIX logical partitions.

3-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Managed system shutdown


IBM Power Systems

Ensure all partitions have been shut down first!


# ssh hscroot@<hmc> chsysstate -m <ms_name> -r sys -o off

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-18. Managed system shutdown AN123.1

Notes:
Power down partitions first
Before you power off the managed system, you must first shut down the operating systems
in each of the running partitions. Otherwise, they will terminate abnormally which may lead
to file system corruption.
After selecting the Power Off item from the Managed System's Operations task menu, you
must choose between the Normal power off procedure and the Fast power off procedure.
Normal power off: The system ends all active tasks in a controlled manner. During that
time, the service processor and the POWER Hypervisor are allowed to perform cleanup
(end-of-job-processing).
Fast power-off: The system ends all active tasks immediately. The programs running in
the service processor and the POWER Hypervisor are not allowed to perform any
cleanup.

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. What is the first process that is created on the system and


which file does it reference to initiate all the other processes
that have to be started?

2. Which AIX feature can be used to stop and start


subsystems and groups of daemons?

3. True or False: You can only execute the shutdown


command from the console.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-19. Checkpoint AN123.1

Notes:

3-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

System startup and


shutdown

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-20. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 3. System startup and shutdown 3-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Describe the system and AIX startup process
Activate the system and AIX partitions
Explain the difference between SMS and normal startup
modes
Describe the contents of the /etc/inittab file
Use System Resource Controller commands to start, stop,
and display AIX subsystems
Explain how to shut down the system and AIX partitions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 3-21. Unit summary AN123.1

Notes:

3-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 4. AIX installation

What this unit is about


This unit describes the process of installing the AIX 6.1 operating
system.

What you should be able to do


After completing this unit, you should be able to:
List the installation methods for AIX
List the steps necessary to install the AIX base operating system
Install and understand all the options when installing AIX from
optical media
Carry out post installation tasks

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Installation and migration
SG25-7559 IBM AIX Version 7.1 Difference Guide (Redbook)
SC23-6629 AIX Version 6.1 Release Notes
GI11-9815 AIX Version 7.1 Release Notes
SC23-6630 AIX Version 7.1 Expansion Pack Release Notes
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


List the installation methods for AIX
List the steps necessary to install the AIX base operating
system
Install and understand all the options when installing AIX
from optical media
Carry out post installation tasks

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-1. Unit objectives AN123.1

Notes:

4-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Installation methods for AIX 7


IBM Power Systems

Pre-installation option (for a new system order)

DVD (FC 3435)

Network:
Network Installation Manager (NIM)
Details covered in IBM training course: AIX Installation Management
(AN22G)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-2. Installation methods for AIX 7 AN123.1

Notes:
When a Power system order is placed with IBM, or a business partner, there are options to
have the system preconfigured. This pre-configuration consists of LPAR creation and
installation of OS software including AIX.
AIX 6 and AIX 7 are delivered, by default, on DVD media. Optionally, AIX 6 can also be
ordered on CD (one through eight disks).
In an LPAR environment, NIM is a very popular method of installing and updating AIX. NIM
is a large topic and is covered in-depth in the AN22 education class.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX installation in a partition (DVD)


IBM Power Systems

Steps:
Assume a partition and partition profile have already been created.
1. Place the AIX DVD in the drive.
2. Activate the partition to SMS and open terminal window.
3. Select to boot device using SMS menus in the terminal window.
4. Interact with the AIX install menus.

Note, the partition must either:


Have PCI slot which controls a drive which will read CD-ROMs.
OR
Be allocated a CD-ROM device though a VIOS server (as a virtual
optical SCSI device).

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-3. AIX installation in a partition (DVD) AN123.1

Notes:
To install AIX into a partition, the partition and profile must first be created through the
HMC. The partition must have access to a device slot which contains the optical media
drawer. If a virtualized environment is to be deployed, then the VIOS partition will probably
own the optical device. In that case, it is still possible to make this CD available to a
partition as a virtual optical SCSI device. In VIOS version 1.5, a new feature was added
which allows a media ISO image to be allocated to multiple partitions, through the
file-backed virtual optical device feature.
To install AIX from the optical drive, either boot into SMS mode and choose to boot from the
optical media device, or start the partition with the Diagnostic with default boot list. Then
follow and interact with the menus.

4-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Installing AIX from DVD (1 of 2)


IBM Power Systems

Boot partition into SMS mode and select DVD.


PowerPC
PowerPC Firmware
Firmware
Version
Version SF240_338
SF240_338
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main
Main Menu
Menu
1.
1. Select
Select Language
Language
2.
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
IP Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
Options

Multiboot
Multiboot
1.
1. Select
Select Install/Boot
Install/Boot Device
Device

Select
Select Device
Device Type
Type
3.
3. CD/DVD
CD/DVD

Select
Select Media
Media Type
Type
9. Select the CD-ROM
9. List
List All
All Devices
Devices
drive from the list.
Select
Select Device
Device
Device
Device Current
Current Device
Device
Number
Number Position
Position Name
Name
1.
1. -- SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-4. Installing AIX from DVD (1 of 2) AN123.1

Notes:
When SMS starts, choose option 5, followed by the boot device (in this case CD/DVD). The
system will then display all devices of this type. In the visual, there is only one such device.
Select this device number and then press Enter.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Installing AIX from DVD (2 of 2)


IBM Power Systems

Select
Select Task
Task

SCSI
SCSI CD-ROM
CD-ROM
(( loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0
loc=U8204.E8A.65BF831-V11-C11-T1-W8200000000000000-L0 ))

1.
1. Information
Information
2.
2. Normal
Normal Mode
Mode Boot
Boot
3.
3. Service
Service Mode
Mode Boot
Boot

Are
Are you
you sure
sure you
you want
want to
to exit
exit System
System Management
Management Services?
Services?
1.
1. YesYes
2.
2. No No

The system will now boot from the DVD.


*******
******* Please
Please define
define the
the System
System Console.
Console. *******
*******

Type
Type aa 11 and
and press
press Enter
Enter to
to use
use this
this terminal
terminal as
as the
the
system
system console.
console.

>>>
>>> 11 Type
Type 11 and
and press
press Enter
Enter to
to have
have English
English during
during install.
install.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-5. Installing AIX from DVD (2 of 2) AN123.1

Notes:
Once the optical media device is selected, we need to perform a normal boot and exit SMS
as shown in the visual. The partition will then proceed and boot from the optical media
drive. The first interactive step is to type <1>, and then press Enter to use the terminal as
the system console.

4-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Installation and Maintenance


IBM Power Systems

Main Installation and Maintenance menu

Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance

Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>>.
>>>.

>>>
>>> 11 Start
Start Install
Install Now
Now with
with Default
Default Settings
Settings

22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install

33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery

44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)

88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu

>>>
>>> Choice
Choice [1]:
[1]: 22

Best practice, always look first at the install options (2)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-6. Installation and Maintenance AN123.1

Notes:
If option 1 is selected, a default system installation will occur. However, in most cases you
may want to see and change the default settings. To do this, type a <2> and press Enter.
Select 88 to display help on this or any subsequent installation screen.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Installation and Settings


IBM Power Systems

Installation and Settings menu


Installation
Installation and
and Settings
Settings

Either
Either type
type 00 and
and press
press Enter
Enter to
to install
install with
with current
current settings,
settings, or
or type
type the
the
number
number of
of the
the setting
setting you
you want
want to
to change
change and
and press
press Enter.
Enter.

11 System
System Settings:
Settings:
Method
Method of
of Installation.............New
Installation.............New andand Complete
Complete Overwrite
Overwrite
Disk
Disk Where You
Where You Want
Want to
to Install.....hdisk0
Install.....hdisk0

22 Primary
Primary Language
Language Environment
Environment Settings
Settings (AFTER
(AFTER Install):
Install):
Cultural
Cultural Convention................English
Convention................English (United
(United States)
States)
Language
Language ..........................English
..........................English (United
(United States)
States)
Keyboard ..........................English (United States)
Keyboard ..........................English (United States)
Keyboard Type......................Default
Keyboard Type......................Default

33 Security
Security Model.......................Default
Model.......................Default

44 More
More Options
Options (Software
(Software install
install options)
options)

>>>
>>> 00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.

+-----------------------------------------------------
+-----------------------------------------------------
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination disk hdisk0.
destination disk hdisk0.
>>>
>>> Choice
Choice [0]:
[0]:

Let's explore each option in more detail.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-7. Installation and Settings AN123.1

Notes:
The installation and Settings menu enables you to set the key options and configuration
settings to be deployed during installation.

4-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Method of installation
IBM Power Systems

Choose option 1 for a fresh install.


Change
Change Method
Method of
of Installation
Installation

Type
Type the
the number
number of
of the
the installation
installation method
method and
and press
press Enter.
Enter.

>>>
>>> 11 New
New and
and Complete
Complete Overwrite
Overwrite
Overwrites
Overwrites EVERYTHING
EVERYTHING on
on the
the disk
disk selected
selected for
for installation.
installation.
Warning:
Warning: Only use this
Only use this method
method if
if the
the disk
disk is
is totally
totally empty
empty or
or if
if there
there
is nothing on the disk you want to preserve.
is nothing on the disk you want to preserve.

22 Preservation
Preservation Install
Install
Preserves
Preserves SOME
SOME of
of the
the existing
existing data
data on
on the
the disk
disk selected
selected for
for
installation.
installation. Warning:
Warning: This
This method
method overwrites
overwrites the
the usr
usr (/usr),
(/usr),
variable
variable (/var), temporary (/tmp), and root (/) file systems. Other
(/var), temporary (/tmp), and root (/) file systems. Other
product
product (applications)
(applications) files
files and
and configuration
configuration data
data will
will be
be destroyed.
destroyed.

33 Migration
Migration Install
Install
Upgrades
Upgrades the
the Base
Base Operating
Operating System
System to
to the
the current
current release.
release.
Other
Other product
product (applications)
(applications) files
files and
and configuration
configuration data
data are
are saved.
saved.

88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu

>>>
>>> Choice
Choice [1]:
[1]:

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-8. Method of installation AN123.1

Notes:
Changing the method of installation
When you select Option 1 in the Installation and Settings menu to change the method of
installation, the Change Method of Installation sub-menu shown in the visual is
displayed. The contents of which depends on the current state of the machine.
Complete Overwrite Install
On a new machine, New and Complete Overwrite is the only possible method of
installation. On an existing machine, if you want to completely overwrite the existing
version of BOS, then you should use this method.
Preservation Install
Use the Preservation Install method when a previous version of BOS is installed on
your system and you want to preserve the user data in the root volume group. This
method removes only the contents of /usr, / (root), /var and /tmp. The Preservation
Install option preserves page and dump devices as well as /home and other

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

user-created file systems. System configuration has to be done after doing a


preservation installation.
Migration Install
Use the Migration Install method to upgrade from one version and release of AIX t a
different version and release, while preserving the existing root volume group. For
example, when migrating from AIX 6.1 to an AIX 7.1. This method preserves all file
systems except /tmp, as well as the logical volumes and system configuration files.
Obsolete or selective fix files are removed.

4-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Installation disks
IBM Power Systems

Select disks to be used for the installation.


Change
Change Disk(s)
Disk(s) Where
Where You
You Want
Want to
to Install
Install

Type
Type one
one or
or more
more numbers
numbers for
for the
the disk(s)
disk(s) to
to be
be used
used for
for installation
installation and
and press
press
Enter.
Enter. To
To cancel
cancel aa choice,
choice, type
type the
the corresponding
corresponding number
number and
and Press
Press Enter.
Enter.
At
At least
least one
one bootable
bootable disk
disk must
must be
be selected.
selected. The
The current
current choice
choice is
is indicated
indicated
by
by >>>.
>>>.

Name
Name Location
Location Code
Code Size(MB)
Size(MB) VG
VG Status
Status Bootable
Bootable

>>>
>>> 11 hdisk0
hdisk0 none
none 6528
6528 rootvg
rootvg Yes
Yes
22 hdisk1
hdisk1 none
none 6528
6528 rootvg
rootvg Yes
Yes Note: Some SAN
33 hdisk2
hdisk2 none
none 6528
6528 none
none Yes
Yes
44 hdisk3 none 6528 none Yes disks might appear
hdisk3 none 6528 none Yes
non-bootable. If
so, change the
>>>
>>> 00 Continue
Continue with
with choices
choices indicated
indicated above
above setting on the disk
55
55 More
More Disk
Disk Options
Options subsystem for the
66
66 Devices
Devices not known to Base Operating System
not known to Base Operating System Installation
Installation
77
77 Display
Display More
More Disk
Disk Information
Information
LUNs.
88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu
Name
Name Device
Device Adapter
Adapter Connection
Connection Location
Location
>>>
>>> Choice
Choice [0]:
[0]: or
or Physical
Physical Location
Location Code
Code
>>>
>>> 11 hdisk0
hdisk0 U9113.550.65F2E7F-V11-C2-T1-L810000000000
U9113.550.65F2E7F-V11-C2-T1-L810000000000
22 hdisk1
hdisk1 U9113.550.65F2E7F-V11-C2-T1-L820000000000
U9113.550.65F2E7F-V11-C2-T1-L820000000000
33 hdisk2
hdisk2 U9113.550.65F2E7F-V11-C6-T1-L830000000000
U9113.550.65F2E7F-V11-C6-T1-L830000000000
44 hdisk3
hdisk3 U9113.550.65F2E7F-V11-C6-T1-L810000000000
U9113.550.65F2E7F-V11-C6-T1-L810000000000

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-9. Installation disks AN123.1

Notes:
Selecting installation disks
After you select the type of installation, you must then select the disks that are to be used
for the installation. A list of all the available disks is displayed, similar to the one shown.
This screen also gives you the option to install to an unsupported disk by adding the code
for the device first.
When you have finished selecting the disks, type <0> in the Choice field and press Enter.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Set Primary Language Environment


IBM Power Systems

Default language environment is en_US (US English).


Set
Set Primary
Primary Language
Language Environment
Environment

Type
Type the
the number
number for
for the
the Cultural
Cultural Convention
Convention (such
(such as
as date,
date, time,
time, and
and
money),
money), Language,
Language, and
and Keyboard
Keyboard for
for this
this system
system and
and press
press Enter,
Enter, or
or type
type
159
159 and
and press
press Enter
Enter to
to create
create your
your own
own combination.
combination.

Cultural
Cultural Convention
Convention Language
Language Keyboard
Keyboard

11 CC (POSIX)
(POSIX) CC (POSIX)
(POSIX) CC (POSIX)
(POSIX)
22 Albanian
Albanian English
English (United
(United States)
States) Albanian
Albanian
33 Arabic
Arabic (Algeria)
(Algeria) English
English (United
(United States)
States) Arabic
Arabic (Algeria)
(Algeria)
44 Arabic
Arabic (Bahrain)
(Bahrain) English
English (United
(United States)
States) Arabic
Arabic (Bahrain)
(Bahrain)
55 Arabic (Egypt)
Arabic (Egypt) English (United States) Arabic (Egypt)
English (United States) Arabic (Egypt)
66 Arabic (Jordan)
Arabic (Jordan) English (United States) Arabic (Jordan)
English (United States) Arabic (Jordan)
77 Arabic
Arabic (Kuwait)
(Kuwait) English
English (United
(United States)
States) Arabic
Arabic (Kuwait)
(Kuwait)
88 Arabic
Arabic (Lebanon)
(Lebanon) English
English (United
(United States)
States) Arabic
Arabic (Lebanon)
(Lebanon)
99 Arabic
Arabic (Morocco)
(Morocco) English
English (United
(United States)
States) Arabic
Arabic (Morocco)
(Morocco)
>>>
>>> 10
10 MORE
MORE CHOICES...
CHOICES...

88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu

>>>
>>> Choice
Choice [10]:
[10]:

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-10. Set Primary Language Environment AN123.1

Notes:
At this point in the installation process, you can change the language and cultural
convention that is used on the system after installation. This screen will display a full list of
supported languages.
It is recommended that if you are going to change the language, change it at this point
rather than after the installation is complete. Whatever language is specified at this point is
obtained from the installation media.
Cultural Convention determines the way numeric, monetary, and date and time
characteristics are displayed.
The Language field determines the language used to display text and system messages.
The Keyboard field determines the mapping of the keyboard for the selected language
convention.

4-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Security Models
IBM Power Systems

These settings are beyond the scope of this class.


Covered in course: Implementing AIX Security Features
Security models are all set to NO by default.
Security
Security Models
Models

Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.

1.
1. Trusted
Trusted AIX.............................................
AIX............................................. No
No

2.
2. Other
Other Security
Security Options
Options (Trusted
(Trusted AIX
AIX and
and Standard)
Standard)
Security
Security options
options vary
vary based
based on
on choices.
choices.
LSPP, SbD, CAP/CCEVAL,
LSPP, SbD, CAP/CCEVAL, TCB
TCB Default....................................... No
1.
1. Secure
Secure by
by Default....................................... No

2.
2. CAPP
CAPP and
and EAL4+
EAL4+ Configuration
Configuration Install....................
Install.................... No
No

3.
3. Trusted
Trusted Computing
Computing Base
Base Install..........................
Install.......................... No
No

>>>
>>> 00 Continue
Continue to
to more
more software
software options.
options.

88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu

>>>
>>> Choice
Choice [0]:
[0]:
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-11. Security Models AN123.1

Notes:
Type <1> and press Enter to change the selection for Trusted AIX. Trusted AIX enables
Multi Level Security (MLS) capabilities in AIX MLS is also referred to as label-based
security.
As compared to regular AIX, Trusted AIX label-based security implements labels for all
subjects and objects in the system. Access controls in the system are based on labels that
provide for an MLS environment and include support for the following:
Labeled objects: Files, IPC objects, network packets, and other labeled objects
Labeled printers
Trusted Network: Support for RIPSO and CIPSO in IPv4 and IPv6
Note that once you choose this mode of installation, you will not be able to go back to a
regular AIX environment without performing an overwrite install of regular AIX. Evaluate
your need for a Trusted AIX environment before choosing this mode of install.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Do not forget standard AIX provides a set of security features to enable information
managers and administrators to provide a basic level of system and network security. The
primary AIX security features include the following:
Login and password controlled system and network access
User, group, and world file access permissions
Access control lists (ACLs)
Audit subsystem
Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further
enhance and extend AIX security into the networking subsystems.
Type <2> and press Enter to continue to other security options. For Trusted AIX, the choice
will be LSPP/EAL4+ configuration. For standard AIX, the choices will be Secure by Default,
CAPP/EAL4+, and Trusted Computing Base.
Attention: Evaluate your need for any security options before making your choice.
Additional information is available in your security documentation.
For more training on AIX installation security options, attend the IBM training course:
Implementing the AIX Security Features (course codes AU47 or AN57).

4-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Software install options


IBM Power Systems

Further install / software options


Install
Install Options
Options

1.
1. Graphics
Graphics Software................................................
Software................................................ Yes Yes
2.
2. System
System Management
Management Client
Client Software................................
Software................................ YesYes
3.
3. Create JFS2 File Systems.........................................
Create JFS2 File Systems......................................... Yes Yes
4.
4. Enable
Enable System
System Backups
Backups to
to install
install any
any system......................
system...................... Yes
Yes
(Installs
(Installs all
all devices)
devices)

>>>
>>> 5.
5. Install
Install More
More Software
Software

Install
Install More
More Software
Software

1.
1. Firefox
Firefox (Firefox
(Firefox CD)..............................
CD).............................. No
No
2.
2. Kerberos_5
Kerberos_5 (Expansion
(Expansion Pack).......................
Pack)....................... No
No
3.
3. Server
Server (Volume
(Volume 2).................................
2)................................. No
No

00 Install
Install with
with the
the current
current settings
settings listed
listed above.
above.

88
88 Help
Help ??
99
99 Previous
Previous Menu
Menu

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-12. Software install options AN123.1

Notes:
When Graphics Software Install option is Yes, X11, CDE, WebSM, Java, and other
software dependent on these packages is installed.
System Management Client Software includes WebSM, Java, service agent, lwi and
pconsole.
The default action, since AIX 5.3, is to create all logical volumes in rootvg using JFS2 file
systems.
Enabling System Backups to install on other systems, installs all devices code and drivers.
Otherwise, only device drivers necessary to your system hardware configuration are
installed. This is the preferred option, and it is very useful if you want to clone the image to
another system which differs in type or device layout.
To install more software, select option 5 and press Enter.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Install summary and installation


IBM Power Systems
Overwrite
Overwrite Installation
Installation Summary
Summary

Disks:
Disks: hdisk0
hdisk0
Cultural
Cultural Convention:
Convention: en_GB
en_GB
Language:
Language: en_US
en_US
Keyboard:
Keyboard: en_GB
en_GB
JFS2
JFS2 File
File Systems
Systems Created:
Created: Yes
Yes
Graphics
Graphics Software: Yes
Software: Yes
System
System Management
Management Client
Client Software:
Software: Yes
Yes
Enable
Enable System
System Backups
Backups to
to install
install any
any system:
system: Yes
Yes

Optional
Optional Software
Software being
being installed:
installed:

>>>
>>> 11 Continue
Continue with
with Install
Install
+-----------------------------------------------------
+-----------------------------------------------------
88
88 Help
Help ?? || WARNING:
WARNING: Base
Base Operating
Operating System
System Installation
Installation will
will
99
99 Previous
Previous Menu
Menu || destroy
destroy or
or impair
impair recovery
recovery of
of ALL
ALL data
data on
on the
the
|| destination
destination disk
disk hdisk0.
hdisk0.
>>>
>>> Choice
Choice [1]:
[1]:

Installing
Installing Base
Base Operating
Operating System
System

Please
Please wait...
wait...

Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)

33 00 Making
Making logical
logical volumes
volumes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-13. Install summary and installation AN123.1

Notes:
Prior to installation, a summary page is displayed. If you are ready to proceed with your
options, select 1 to continue and the system installation will begin. It takes approximately
one hour to build the partition from DVD or CD media.

4-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Accept License Agreements


IBM Power Systems

Software
Software License
License Agreements
Agreements

Show
Show Installed
Installed License
License Agreements
Agreements
Accept
Accept License
License Agreements
Agreements

Accept
Accept License
License Agreements
Agreements

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
ACCEPT
ACCEPT Installed
Installed License
License Agreements
Agreements yes
yes ++

Software
Software Maintenance
Maintenance Agreement
Agreement

View
View Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions
Accept
Accept Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions

Accept
Accept Software
Software Maintenance
Maintenance Terms
Terms and
and Conditions
Conditions

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
ACCEPT
ACCEPT Software
Software Maintenance
Maintenance Agreements?
Agreements? yes
yes ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-14. Accept License Agreements AN123.1

Notes:
When AIX installation is complete, the end user has to accept both Software and
Maintenance License agreements, as shown in the visual.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX installation: Post steps


IBM Power Systems

Post-install tasks:
Accept the license agreement.

Optional: Using the installation assistant:


Set root password
Set date and time
Configure network

Exit from installation assistant.

Update for the operating system to the latest TL and SP level.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-15. AIX installation: Post steps AN123.1

Notes:
The installation is not finished until you complete the post setup in the operating system.
Once AIX has installed, the system will reboot. Several post installation steps are required.
Firstly, you have to accept both the software and maintenance license agreements. Finally,
the installation assistant will start. Although optional, it is recommended that you use the
installation assistant at a minimum to set the root password, date, and time, and configure
the network parameters accordingly.
One AIX is installed, you should update it to the latest technology level and service pack.
These can be downloaded from fix central: http://www.ibm.com/support/fixcentral

4-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Installation Assistant and login


IBM Power Systems
Installation
Installation Assistant
Assistant

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Set
Set Date
Date and
and Time
Time
Set
Set root
root Password
Password
Configure
Configure Network
Network Communications
Communications
Install
Install Software
Software Applications
Applications
Using
Using SMIT (information only)
SMIT (information only)
Tasks
Tasks Completed
Completed -- Exit
Exit to
to Login
Login

Note: No root
password is set, by
AIX
AIX Version
Version 77
Copyright
Copyright IBM
IBM Corporation,
Corporation, 1982,
1982, 2010.
2010.
default, if it is not set
Console login: root
Console login: root using the Installation
*******************************************************************************
**
Assistant
*******************************************************************************
**
** above.
**
** Welcome
Welcome to
to AIX
AIX Version
Version 7.1!
7.1! **
** **
** **
** Please
Please see
see the
the README
README file
file in
in /usr/lpp/bos
/usr/lpp/bos for
for information
information pertinent
pertinent to
to **
** this
this release
release of
of the
the AIX
AIX Operating
Operating System.
System. **
** **
** **
*******************************************************************************
*******************************************************************************

##

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-16. Installation Assistant and login AN123.1

Notes:
After the license agreements have been accepted, the installation assistant (ASCII
console) or configuration assistant (Graphical console) will be displayed. The install
assistant is similar to a mini version of SMIT. As mentioned earlier in the unit, it is
recommended that one uses the installation assistant at a minimum to set the root
password, date, and time and to configure the network parameters accordingly. Another
approach, would be to exit the installation assistant immediately and use smit, command
line, or scripts to configure the system.
The installation assistant can be invoked at any time using the install_assist command.
On a graphical console, either the install_assist or configassist commands can be
used to launch the configuration assistant.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX installation in a partition using NIM: NIM


overview
IBM Power Systems

What is NIM?
Centralized Installation and Management of AIX over a network
LPAR 4 Client
Systems

LPAR 1

Public/Open LPAR 2
NIM Server network
NIM resources LPAR 3
lpp_source
SPOT LPAR 4

Client Definitions
LPAR1
LPAR2

Actions:
Resources are allocated to clients.
Clients are set for a BOS operation.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-17. AIX installation in a partition using NIM: NIM overview AN123.1

Notes:
Network Install Manager (NIM) introduction
NIM can be used to manage the installation of the Base Operating System (BOS) and
optional software on one or more networked machines. NIM gives you the ability to
install and maintain the AIX operating system, and any additional software, and fixes
that may be applied over time. NIM allows you to customize the configuration of
machines both during and after installation. NIM eliminates the need for access to
physical media, such as tapes and optical media, once the NIM master has been
loaded. You use the NIM master to load other network clients. System backups can be
created with NIM, and stored on any server in the NIM environment. The advantage to
using NIM in an LPAR environment is that it solves the device allocation issue. Since
AIX may already be installed once on the system before it is shipped, you can configure
this partition to be the NIM master. Or, you could use another AIX system that is the
proper AIX version. One of the optional steps in creating a NIM master is creating a
mksysb (AIX system backup image). You could use this mksysb to install AIX in the
other partitions. The advantage to mksysb is that it copies AIX customizations from the
source system.

4-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty NIM resources


All operations on clients in the NIM environment require one or more resources. At a
minimum, in order to perform a BOS installation on a client there must be two resources
defined:
SPOT includes everything that a client machine requires in a /usr file system, such as
the AIX kernel, executable commands, libraries, and applications. The SPOT is
created, controlled, and maintained from the master, even though the SPOT can be
located on another system.
An lpp_source resource represents a directory in which software installation images
are stored. NIM uses an lpp_source for an installation operation by first mounting the
lpp_source on the client machine. The installp commands are then started on the
client using the mounted lpp_source as the source for installation images. When the
installation operation has completed, NIM automatically unmounts the resource. In
addition to providing images to install machines, lpp_source resources can also be
used to create and update SPOT resources.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX installation in a partition using NIM:


Configuration steps
IBM Power Systems

Assume a partition and partition profile have been created.


Set up and configure the NIM master to support a BOS installation of
your machine.
Activate the partition using SMS boot mode.
Specify the IP parameters for a network boot.
Configure the partition to boot from the network adapter.
Interact with AIX installation menus, if required (depends on NIM
configuration).

Note:
Subsequent installs and updates for the same partition can be initiated
from the NIM master.
A mksysb restore example is provided in a later unit (Backup and
Restore).
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-18. AIX installation in a partition using NIM: Configuration steps AN123.1

Notes:
To install a partition from a NIM server, you will need to create the partition and partition
profile, for the partition where AIX will be installed. You would complete this step if you were
installing from optical media, except that you would not have to allocate the slot for the CD
or DVD device. The partition will need to be activated in SMS boot mode. From SMS, the
NIM server network details can be entered, which will cause the client to issue a boot
request over the network. From this point, the menu steps are identical to using optical
media.

4-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Network boot (1 of 7)
IBM Power Systems

Select the Setup Remote IPL option:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
--------------------------------------------------------
Main Menu

1. Select Language
2. Setup Remote IPL (Initial Program Load)
3. Change SCSI Settings
4. Select Console
5. Select Boot Options

--------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
-------------------------------------------------------

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-19. Network boot (1 of 7) AN123.1

Notes:
Network boot (remote IPL)
To configure a partition to boot from another system over the network, choose Setup
Remote IPL (Initial Program Load) from the main SMS menu.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-23


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Network boot (2 of 7)
IBM Power Systems

Choose the network adapter:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
----------------------------------------------------------
NIC Adapters
Device Location Code
1. Port 1 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T1
2. Port 2 - IBM 2 PORT 10/100/100 U78A0.001.DNWGCP5-P1-C4-T2

----------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-20. Network boot (2 of 7) AN123.1

Notes:
NIC adapter
Select which network interface to use. The example in the visual shows two ports on the
integrated Ethernet controller.

4-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Network boot (3 of 7)
IBM Power Systems

Select the network service:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Select Network Service
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-

1. BOOTP
2. ISCSI

---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-21. Network boot (3 of 7) AN123.1

Notes:
Select the Network service: BOOTP.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-25


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Network boot (4 of 7)
IBM Power Systems

Set up the IP parameters, the adapter configuration options,


then perform the ping test:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
Network Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-

1. IP Parameters
2. Adapter Configuration
3. Ping Test
4. Advanced Setup: BOOTP
---------------------------------------------------------
Navigation Keys: X = eXit System Management Services
---------------------------------------------------------
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-22. Network boot (4 of 7) AN123.1

Notes:
Network parameters
Choose option 1 and configure the IP parameters. This screen is shown in the next
visual.
Then choose option 2 and configure the adapter settings, such as media speed and
duplex setting.
When everything is configured properly, run the ping test and it should be successful.
When the ping test is successful, return to the SMS main menu, select the network
adapter as a boot device, and exit the SMS menu. This will start the network boot
process.

4-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Network boot (5 of 7)
IBM Power Systems

IP parameters:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNGWCP5-C1-C4-
1. Client IP Address [10.6.103.64]
2. Server IP Address [10.6.103.1]
3. Gateway IP Address [10.6.103.254]
4. Subnet Mask [255.255.255.0]

---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-23. Network boot (5 of 7) AN123.1

Notes:
IP parameters
Enter the IP address of the client, which is the partition.
Enter the IP address of the server, which is the NIM server.
Enter the IP address of the gateway. This is the partitions gateway system; so it must
be local on the partitions subnet. This value can be a valid route on the same subnet as
the client partition or the IP address of the NIM server. Ask your network administrator
which system to use.
Enter the subnet mask that the partition is using.
Adapter configuration
Once youve entered this information, return to the previous screen and choose the
Adapter Configuration option. Here you will need to specify the media speed and the
duplex setting.
Ping test and network boot
After you have configured the adapter parameters, return to the main SMS menu. Run
the ping test, and if successful, select the network adapter as a boot device, then exit
the SMS menus to begin the boot process and the installation.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-27


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Network boot (6 of 7)
IBM Power Systems

Adapter configuration:

PowerPC Firmware
Version EL320_040
SMS 1.7 (c) Copyright IBM Corp. 2000,2007 All rights
---------------------------------------------------------
IP Parameters
Port 1 - IBM 2 PORT 10/100/1000 Base-TX PCI-X Adapter: U78A0.001.DNWGCP5-P1-C4

1. Speed,Duplex
Disable Spanning Tree
2. Spanning Tree Enabled
for faster operation
3. Protocol

---------------------------------------------------------
Navigation Keys:
X = eXit System Management Services
---------------------------------------------------------
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-24. Network boot (6 of 7) AN123.1

Notes:
Overview
The adapter configuration screen allows you to set parameters for the adapter itself.
Typically, you can leave it alone with the exception of optionally disabling spanning tree.
This will make the boot go much faster.
The value for option 2 will not change, that is, from Enabled to Disabled. The option
should have a question mark next to it that is answered when you choose the option.

4-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Network boot (7 of 7)
IBM Power Systems

When remote IPL is configured, perform the ping test.


If ping is unsuccessful:
Is NIM server on network?
Check IP parameters screen for mistakes.
Is gateway correct and available?
Try again.
Return to SMS Select Boot Options menu.
Select the network adapter as the Install/Boot Device.
Exit from SMS initiates network boot.
AIX Install and Maintenance menu processing is the same as
previously described.
NIM can have unattended install with no console interaction.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-25. Network boot (7 of 7) AN123.1

Notes:
Ping test
This option pings the NIM server. If it fails, suspect your IP configuration or the network.

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-29


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. AIX 7 can be installed from which of the following? (Select


all that are correct.)
a. 8 mm tape
b. CD-ROM
c. Diskette
d. NIM server

2. True or False: A preservation install preserves all data on


the disks.

3. What is the console used for during the installation process?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-26. Checkpoint AN123.1

Notes:

4-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

AIX
installation

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-27. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 4. AIX installation 4-31


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


List the installation methods for AIX
List the steps necessary to install the AIX base operating
system
Install and understand all the options when installing AIX
from optical media
Carry out post installation tasks

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 4-28. Unit summary AN123.1

Notes:

4-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 5. AIX software installation and maintenance

What this unit is about


This unit describes how to perform software installation and
maintenance.

What you should be able to do


After completing this unit, you should be able to:
Define the package definitions and naming conventions
Determine the current installed level of the OS and individual
filesets
Apply, commit, and remove AIX software
Recover from broken and inconsistent software states
Describe how to download software maintenance using Fix Central
and SUMA
Identify if all the components in the Power and AIX environment
are compatible and supported

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX 7.1 Information
SG24-7463 AIX 5L Differences Guide: Version 5.3 Edition
(Redbook)
SG24-7910 AIX Version 7.1 Differences Guide (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Define the package definitions and naming conventions
Determine the current installed level of the OS and individual
filesets
Apply, commit, and remove AIX software
Recover from broken and inconsistent software states
Describe how to download software maintenance using Fix
Central and SUMA
Identify if all the components in the Power and AIX
environment are compatible and supported

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-1. Unit objectives AN123.1

Notes:

5-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX media
IBM Power Systems

AIX
AIX AIX AIX AIX 7.1 Base (DVD)
AIX AIX
+ update images
AIX
AIX 7.1 Expansion Pack

AIX AIX 7.1 InfoCenter

AI X
AIX Toolbox for Linux

AIX
Mozilla Firefox Browser

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-2. AIX media AN123.1

Notes:
Each of the products listed above has a program ID number. At the time of publication they
were:
AIX v7.1 standard edition; program ID number: 5765-G98
AIX v7.1 AIX Base
AIX v7.1 Expansion Pack
AIX v7.1 InfoCenter (DVD)
AIX Toolbox for Linux
Mozilla Firefox Browser
For virtual environments, a PowerVM license is required. PowerVM standard edition
program ID number: 5765-PVS. The following software is supplied:
Virtual I/O Server V2.2
Virtual I/O Server Expansion Pack

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The AIX Expansion Pack is a collection of extra software that extends the base operating
system capabilities. It contains filesets such as:
Open Secure Sockets Layer (OpenSSL)
Java 32- and 64-Bit
iSCSI Target Device Driver
List of Open Files (LSOF) and many more
The AIX InfoCenter contains a list of support guides and help documentation. It is also
available online: http://publib.boulder.ibm.com/infocenter/aix/v7r1/index.jsp
Also available on-line is the AIX toolbox (open source) filesets
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html.

5-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Software packaging definitions


IBM Power Systems

LPP
Base Operating
System Component
bos
Package
Base Networking
package
bos.net
TCP/IP collection
of filesets
bos.net.tcp

bos.net.tcp.server
Fileset
TCP/IP Server fileset
the smallest unit
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-3. Software packaging definitions AN123.1

Notes:
Licensed Program Product (LPP)
A collection of packages that form an installable product.
Package
A package contains a group of filesets with a common function. It is a single, installable
image. AIX packages are a bundle of binaries glued together with the meta-information
(name, version, dependencies).
Fileset
A fileset is the smallest, individually installable unit. Generally, it is a single subsystem.
For example, bos.net.tcp.server is a fileset in the bos.net package. This image is a
Unix Backup File Format file (BFF), created with the backup command. Files in an LPP
can be listed with: restore Tvf <package> or extracted with restore xvf <package>.
For example: To list the contents of bos.alt_disk_install.rte fileset contained in AIX 7.1
TL01 SP03:

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

# restore -Tqvf U843197.bff


New volume on U843197.bff:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Thu Nov 10 19:38:56 CET 2011
Files are backed up by name.
The user is BUILD.
0 ./
3341 ./lpp_name
0 ./usr
0 ./usr/lpp
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1
130444 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/liblpp.a
0 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root
2560 ./usr/lpp/bos.alt_disk_install/bos.alt_disk_install.rte/7.1.1.1/inst_root/liblpp.a
258155 ./usr/lpp/bos.alt_disk_install/bin/altlib
The number of archived files is 17.
235743 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_lib
33476 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_posti
136613 ./usr/lpp/bos.alt_disk_install/migration/alt_disk_mig_prei
6368 ./usr/sbin/alt_blvset
52083 ./usr/sbin/alt_disk_copy
61402 ./usr/sbin/alt_disk_mksysb
46212 ./usr/sbin/alt_rootvg_op
14545 ./usr/lib/instl/jfs2j2
The total size is 980942 bytes.
Note: This is the only way, in AIX, to see which files are located within an LPP fileset,
prior to install.

5-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Software bundles
IBM Power Systems

A bundle is a collection of packages and filesets suited for a


particular environment.
There are many predefined system bundles in AIX which include:
AllDevicesKernels
Alt_Disk_Install
openssh_client and openssh_server
Full list is in /usr/sys/inst.data/sys_bundles. Example:

## /usr/sys/inst.data/sys_bundles
/usr/sys/inst.data/sys_bundles ## cat
cat openssh_server.bnd
openssh_server.bnd

## MEDIA="Expansion
MEDIA="Expansion Pack"
Pack"
I:openssl.base
I:openssl.base
I:openssl.man.en_US
I:openssl.man.en_US
I:openssh.base.server
I:openssh.base.server
I:openssh.man.en_US
I:openssh.man.en_US

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-4. Software bundles AN123.1

Notes:
Since there are thousands of filesets, having to determine which individual fileset you want
on your machine could be a time-consuming task. AIX has bundles which offer a collection
of filesets that suit a particular purpose. For example, if you are developing applications,
the App-Dev bundle would be the logical choice to install.
Some filesets within a bundle are only installed if the prerequisite hardware is available. For
example, a graphic adapter is needed to run X11 and CDE. In some cases, bundles are
equivalent to product offerings. Often, however, they are a subset of a product offering or a
separate customized bundle. The bundles available may vary from AIX version to AIX
version.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX software levels


IBM Power Systems

There are four distinct software levels and management for AIX.
Base level
Technology level (TL)
Service pack (SP)
Interim fixes

Fix Packs
Interim
Base Technology + Service packs fixes
AIX Level level

(Contain APARs)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-5. AIX software levels AN123.1

Notes:
Base AIX level is OS version and release, as first installed.
Maintenance:
Technology level (TL). A TL is a major maintenance update and contains fixes and
functional enhancements. TLs are released twice per year. The first TL is restricted to
hardware features and enablement, in addition to software service. The second TL
includes new hardware features and enablement, software service, and new software
features, making it the larger of the two yearly releases. Each TL is supported for up to
two years from the introduction of the update. This means that clients with a Software
Maintenance Agreement for the AIX OS will be able to contact IBM support for defect
support during that two year period without having to move up to the latest Technology
Level update. In previous versions of AIX, Technology levels were referred to as
Maintenance Levels (ML). The terms are often still used interchangeably.
Service pack (SP). SPs contain service-only updates, also known as Program
Temporary Fixes (PTF), that are grouped together for easier identification. SPs are

5-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty released between Technology Levels and contain fixes for highly pervasive, critical, or
security-related issues. Service Packs are cumulative.
Interim fixes (ifix). Generally, this term refers to a certified fix that is generally available
to all customers between regularly scheduled fix packs or other releases. It can contain
fixes for one or more product defects (APARs). Specifically for AIX, the term Interim Fix
(IF) is used as a replacement for emergency fix or efix. While the term emergency fix
is still applicable in some situations (a fix given in the middle of the night with minimal
testing, for example), the term Interim Fix is more descriptive in that it implies a
temporary state until an update can be applied that has been through more extensive
testing. IF fixes often rectify security vulnerabilities.
APARs (Authorized Problem Analysis Reports). A formal report to IBM
development, of a problem caused by a suspected defect in a current unaltered release
of an IBM program.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

What is my AIX version?


IBM Power Systems

To obtain the AIX level, use the oslevel command.

## oslevel
oslevel -s
-s
7100-00-01-1037
7100-00-01-1037

Service Pack
AIX Level Release date
VRMF for example, 37th week
in 2010
Service Pack

Technology
Level

To upgrade from one AIX version and release to another (for example,
AIX 6.1 to AIX 7.1), a migration must be performed.
New TLs or SPs are applied through updates.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-6. What is my AIX version? AN123.1

Notes:
The oslevel command reports the latest installed maintenance, technology level, and
service pack on the system.
The visual shows the system is level AIX 7.1, technology level 0, service pack 1. Service
packs and technology level fixes are applied to the running system. To upgrade the system
with a new level, for example, from AIX 6.1 to 7.1, a new migration update must take place.
This involves system downtime.

5-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Software installation and maintenance


IBM Power Systems

All aspects of software installation and maintenance can be


performed from SMIT, the command line, or systems director
console.

Command line interaction:


lslpp: Lists installed software
installp: Traditional AIX command for installing and maintaining
LPP packages
rpm: RedHat Linux command for installing and maintaining rpm filesets
(part of the AIX Linux affinity introduced in AIX 5L)
geninstall: A generic installer that installs software of various
package formats: LPP, RPM, and ISMP.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-7. Software installation and maintenance AN123.1

Notes:
The lslpp and installp commands are vital for interacting, installing, and maintaining
software on AIX.
The rpm and geninstall commands are relatively new. These commands were introduced
in AIX5L as a part of the AIX affinity for Linux applications which included support for other
software formats like RPM and ISMP (InstallShield MultiPlatform).

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Software repository
IBM Power Systems

A location on disk which contains AIX software


Standard image directory is: /usr/sys/inst.images
AIX filesets require a .toc file
To copy software, for example from an AIX CD to disk, use:
The SMIT facility: Copy Software to Hard Disk for Future Installation
Or the AIX commands: bffcreate or gencopy
Copy
Copy Software
Software to
to Hard
Hard Disk
Disk for
for Future
Future Installation
Installation
[Entry
[Entry Fields]
Fields]
** INPUT
INPUT device
device // directory
directory for
for software
software /dev/cd0
/dev/cd0
** SOFTWARE
SOFTWARE package
package to
to copy
copy [all]
[all] ++
** DIRECTORY for storing software package
DIRECTORY for storing software package
[/usr/sys/inst.images]
[/usr/sys/inst.images]
DIRECTORY
DIRECTORY for
for temporary
temporary storage
storage during
during copying
copying [/tmp]
[/tmp]
EXTEND file systems if space needed?
EXTEND file systems if space needed? yes
yes ++
Process
Process multiple
multiple volumes?
volumes? yes
yes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-8. Software repository AN123.1

Notes:
Generally, it is useful and sometimes necessary, for example when building and managing
a NIM server to store software to disk. AIX refers to this as a software repository. The
default software repository is sometimes referred to as the default installation image
directory. Its location on AIX is /usr/sys/inst.images. However, it is advisable to create and
manage a repository in a separate file system that is not contained in the AIX root volume
group.
The tables of contents (.toc) file
This is a mandatory file required for installing and updating packages on AIX. If the
command line is used (installp), then the user has to manually create the .toc file. This is
done using the inutoc command. To create a .toc file in the current directory, type:
# inutoc .
SMIT automatically creates a .toc file when copying software files to disk and prior to
installing LPPs.

5-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Software states
IBM Power Systems

The base installation of software is always in a committed


state.
Committed is a permanent state.
When updates are installed, they can be either applied or
committed.
Applied software can later be rejected or committed.
7.1.0.1
bos.perf.tools Action: Install and Commit
Committed
7.1.0.1

AIX

7.1.0.1 Saved

7.1.0.1
bos.perf.tools
Action: Apply Committed
7.1.0.2 Reject
7.1.0.2 Applied or
AIX
Commit
7.1.0.2
Committed

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-9. Software states AN123.1

Notes:
Committed state and the initial install
AIX has a number of software states. When you are installing software for the first time,
the software automatically installs to a committed state. This means there is only one
level of that software product installed on your system.
Applied state versus committed state for maintenance
When you are installing a set of fixes or upgrading to a new technology level on your
system, you have the option of installing the software either in the committed state or
the applied state. The applied state allows you to maintain two levels of the software on
your system. When software is installed in the applied state, the older version is saved
on the disk and is deactivated, while the newer version is installed and becomes the
active version.
The applied state gives you the opportunity to test the newer software before
committing to its use. If it works as expected, then you can commit the software, which
removes the old version from the disk. If the newer version is causing a problem, you
can reject, it which removes the newer version and reverts back to the old version.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Software listing and versioning


IBM Power Systems

Software listing is done with the lslpp command.


## lslpp
lslpp -L
-L |grep
|grep bos.net.tcp.client
bos.net.tcp.client
bos.net.tcp.client
bos.net.tcp.client 7.1.0.2
7.1.0.2 CC FF TCP/IP
TCP/IP
Client
Client
Version Release Modification Fix
AIX Migration smit update_all

State
State codes:
codes:
AA --
-- Applied.
Applied.
BB --
-- Broken.
Broken. C & F are State
CC --
-- Committed.
Committed. and Type
EE --
-- EFIX
EFIX Locked.
Locked. codes.
OO --
-- Obsolete.
Obsolete. (partially
(partially migrated
migrated to
to newer
newer version)
version)
?? --
-- Inconsistent State...Run lppchk -v.
Inconsistent State...Run lppchk -v.

Type
Type codes:
codes:
FF --
-- Installp
Installp Fileset
Fileset
PP --
-- Product
Product
CC --
-- Component
Component
TT --
-- Feature
Feature
RR --
-- RPM
RPM Package
Package
EE --
-- Interim
Interim Fix
Fix
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-10. Software listing and versioning AN123.1

Notes:
The lslpp command displays information about installed filesets or fileset updates. Each
fileset has a version number associated with it (in the format of
Version.Release.Modification.Fix), a state code, and a type code.
For the example of:
bos.net.tcp.client 7.1.0.2 C F TCP/IP Client
The version and release is 7.1
The mod level is 0
The fix level is 2.
The following two codes that represent the state and type of fileset have legends for the
codes at the bottom of the lslpp report.

5-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

lslpp, filesets, and files


IBM Power Systems

Switches -f and -w are very useful lslpp flags.


List files in an
LPP fileset.
## lslpp
lslpp -f
-f alex.grumpy.rte
alex.grumpy.rte
Fileset
Fileset File
File
---------------------------------------------------------
---------------------------------------------------------
Path:
Path: /usr/lib/objrepos
/usr/lib/objrepos
alex.grumpy.rte
alex.grumpy.rte 1.0.0.5
1.0.0.5
/usr/local/grumpy/grumpyrecovery
/usr/local/grumpy/grumpyrecovery
/usr/local/grumpy/README
/usr/local/grumpy/README
/usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart
/usr/sbin/gfunctions
/usr/sbin/gfunctions
/usr/local/grumpy/grumpycheck
To which
/usr/local/grumpy/grumpycheck
fileset does a
/usr/local/grumpy/grumpystop
/usr/local/grumpy/grumpystop file belong?

## lslpp
lslpp -w
-w /usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart
File
File Fileset
Fileset Type
Type
-----------------------------------------------------------
-----------------------------------------------------------
/usr/local/grumpy/grumpystart
/usr/local/grumpy/grumpystart alex.grumpy.rte
alex.grumpy.rte File
File
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-11. lslpp, filesets, and files AN123.1

Notes:
The lslpp command has many useful flags associated with it. It is also possible to see when
a particular LPP was installed using the h flag. See lslpp man page for more information.
A situation may arise where you want to use a particular command but it is not installed on
the system and you are not sure what LPP fileset to install to be able to use the binary. To
help with this problem you can use the which_fileset command. The which_fileset
command searches the /usr/lpp/bos/AIX_file_list file for a specified file name or command
name, and prints out the name of the fileset that the file or command is shipped in. The
/usr/lpp/bos/AIX_file_list file is large and not installed automatically. You must install the
bos.content_list fileset to receive this file.
Example:
# which_fileset shutdown
/etc/shutdown -> /usr/sbin/shutdown bos.compat.links 7.1.0.0
/usr/sbin/shutdown bos.rte.control 7.1.0.0

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Installing new software using SMIT


IBM Power Systems

smit install_all

Install
Install and
and Update
Update from
from ALL
ALL Available
Available Software
Software

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** INPUT
INPUT device
device // directory
directory for
for software
software ..
** SOFTWARE
SOFTWARE to
to install
install []
[] ++
PREVIEW
PREVIEW only?
only? (install
(install operation
operation will
will NOT
NOT occur)
occur) no
no ++
COMMIT software updates?
COMMIT software updates? yes
yes ++
SAVE
SAVE replaced
replaced files?
files? no
no ++
AUTOMATICALLY
AUTOMATICALLY install
install requisite
requisite software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? yes
yes ++
OVERWRITE
OVERWRITE same
same or
or newer
newer versions?
versions? no
no ++
VERIFY
VERIFY install
install and
and check
check file
file sizes?
sizes? no
no ++
DETAILED output?
DETAILED output? no
no ++
Process
Process multiple
multiple volumes?
volumes? yes
yes ++
ACCEPT
ACCEPT new
new license
license agreements?
agreements? no
no ++
Preview
Preview new
new LICENSE
LICENSE agreements?
agreements? no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-12. Installing new software using SMIT AN123.1

Notes:
There are two fast paths worth remembering when it comes to software and SMIT:
install_all to install new software
update_all to update current software
Prior to the screen shown in the visual, you will be asked to select the INPUT device /
directory for software. The input device could be tape (/dev/rmt0), optical media
(/dev/cd0), or a directory. The period (.) in the example indicates the directory you currently
reside in.
The default behavior when installing new software is to commit. To first apply software
rather than commit, change the COMMIT software updates field to No.
The SMIT software installation panel uses the geninstall command to be able to handle
a variety of software packaging formats.

5-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty
Installing software using command line:
Examples
IBM Power Systems

installp
a (apply), -c (commit), -p (preview), -g (apply prerequisites), -X
(expand file systems, if needed), -Y (accept license agreements), -d
(device or directory location of software), -q (quiet mode)

## installp
installp -acpgXYd
-acpgXYd .. bos.rte.install
bos.rte.install
## installp
installp -acpgXYd
-acpgXYd /TL02_SP01
/TL02_SP01 all
all

geninstall
I (use installp flags, as described above), -p (preview), -d
(device or directory location of software)
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d .. bos.rte.install
bos.rte.install
## geninstall
geninstall -I
-I "-acgXY"
"-acgXY" -p
-p -d
-d /TL01_SP02
/TL01_SP02 all
all

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-13. Installing software using command line: Examples AN123.1

Notes:
The installp command handles software that is packaged in the traditional AIX bff format.
The geninstall command determines the type of packaging and invoke the appropriate
utility to handle the selected packages. For example, it would invoke the rpm command if
the software was packaged in that format.
The installp and geninstall commands install and update software from the command
line on AIX. They both accept a large number of flags; the popular flags are, shown in the
visual. For geninstall, the installp command is invoked if the software is in AIX bff format
rather than rpm); in that case, the needed installp options are passed to the geninstall
command as the value of the I flag. Following are partial descriptions of the flags (see the
man pages for full details):
-a
Applies one or more software products or updates. This is the default action. This flag
can be used with the -c flag to apply and commit a software product update when
installed.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

-c
Commits all specified updates that are currently applied but not committed.
-d Device
Specifies where the installation media can be found. This can be a hardware device
such as tape or diskette, it can be a directory that contains installation images, or it can
be the installation image file itself.
-g
When used to install or commit, this flag automatically installs or commits, respectively,
any software products or updates that are requisites of the specified software product.
-p
Performs a preview of an action by running all preinstallation checks for the specified
action.
-X
Attempts to expand any file systems where there is insufficient space to do the
installation. This option expands file systems based on current available space and size
estimates that are provided by the software product package.
-Y
Agrees to required software license agreements for software to be installed.

5-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Red Hat Package Manager filesets


IBM Power Systems

IBM provides strong Linux affinity within AIX


Many useful packages for AIX come in RPM format
Developed by RedHat, now used in many Linux flavors
Examples (included within the Linux Toolbox for AIX):
cdrecord
mkisofs
apache
bash List Remove
packages package

## rpm
rpm qa
qa

## rpm
rpm -e
-e cairo-1.0.2-6
cairo-1.0.2-6
Install
## rpm
rpm -i
-i bash-3.2-1.aix.ppc.rpm
bash-3.2-1.aix.ppc.rpm package

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-14. Red Hat Package Manager filesets AN123.1

Notes:
In addition to providing the ability to run a Linux operating system on IBM Power
Architecture technology, IBM provides strong Linux affinity within the AIX OS. This affinity
enables faster and less costly deployment of multi-platform, integrated solutions across
AIX and Linux platforms. Linux packages can be installed and manipulated on AIX using
the RedHat Package Manager as shown in the visual.
AIX affinity with Linux includes Linux application source compatibility, compliance with
emerging Linux standards, and a GNU Linux build-time environment with GNU and other
open source tools and utilities that combine to facilitate the development and deployment
of Linux applications on the AIX OS. This AIX affinity with Linux allows Linux programs to
be easily recompiled for native execution on the AIX OS. This approach allows you to
benefit from the capabilities of Linux applications combined with the industrial strength
foundation and performance advantages afforded to native AIX applications.
Quick guide to RPM:
To install: rpm -i <packagefilename>

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

To upgrade (works for install as well): rpm -U <packagefilename>


To remove/deinstall: rpm -e <packagename> # As in foo, not foo.ppc.rpm
To query an installed package: rpm -q <packagename>
To query all installed packages: rpm -qa
To list files in a package: rpm -ql <packagename>
To list requirements for a package: rpm -q --requires
To find package providing requirements: rpm -q --whatprovides
To query an uninstalled RPM: rpm -qp <packagefilename>
To get help: rpm help

5-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Applying patches to the system


IBM Power Systems

Ideally, all systems should be at the latest fix pack (TL and SP level).
IBM recommends installing the complete fix pack.
System updates can be applied through smit update_all or using
geninstall or installp commands.

Some items
removed for
smitty
smitty update_all
update_all clarity
** INPUT
INPUT device
device // directory
directory for
for software
software /updates
/updates
** SOFTWARE
SOFTWARE to
to update
update _update_all
_update_all
PREVIEW
PREVIEW only?
only? (update
(update operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
COMMIT software updates?
COMMIT software updates? no
no ++
SAVE
SAVE replaced
replaced files?
files? yes
yes

Updates can first be applied and then committed at a later time.


This enables you to roll back if needed.
Once software is committed there is no going back without removal and
reinstall.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-15. Applying patches to the system AN123.1

Notes:
In the past, AIX system administrators would often download and install individual filesets
on a system. This caused the software be at mixed levels and sometime created more
problems than it solved. Now, IBM allows fixes to be downloaded in a fix pack, containing:
Technology level (also known as Maintenance level in previous releases)
Service Pack
In accordance with 'Enhanced Service Strategy Releases', these generally available
updates have been tested to operate best when all updates in a fix pack are installed. IBM
recommends installing the complete fix pack. AIX updates are provided as Technology
Level packages or Service Packs. These generally available updates have been tested to
operate best when all updates in a fix pack are installed. IBM recommends installing the
complete fix pack.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Applying patches, apply, commit, reject


IBM Power Systems

installp example:
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.0.0
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation
Apply
## installp
installp -aB
-aB -d
-d .. cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf
update
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf (-aB)
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.1.0
5.4.1.0 AA FF HAES
HAES PDF
PDF Documentation
Documentation
Note: installp
Note: installp s
s ## will
will list
list all
all Applied
Applied software
software on
on the
the system
system

installp r
## installp r cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf Reject
(-r)
## lslpp
lslpp -L
-L |grep
|grep -i
-i cluster
cluster |grep
|grep pdf
pdf
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.0.0
5.4.0.0 CC FF HAES
HAES PDF
PDF Documentation
Documentation

OR
OR

installp c
## installp c all
all Commit all
applied software
Installation
Installation Summary
Summary (-c)
--------------------
--------------------
Name
Name Level
Level Part
Part Event
Event Result
Result
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
cluster.doc.en_US.es.pdf
cluster.doc.en_US.es.pdf 5.4.1.0
5.4.1.0 USR
USR COMMIT
COMMIT SUCCESS
SUCCESS

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-16. Applying patches, apply, commit, reject AN123.1

Notes:
The visual above shows a fileset update being applied to cluster.doc.en_US.es.pdf. This
could be done with system management tools like SMIT, geninstall or installp
commands. It is often very useful to remember key installp flags. The flags, -aB mean apply
and update the fileset. Once applied the update can be rejected (-r) or committed (-c).
In this example, the filesets are stored in a software repository on disk in which we are
currently located. Hence the device location (-d) is set to dot (the current directory).

5-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing fixes (APARs) installed on the system


IBM Power Systems

TLs and SPs apply fixes (APARs) to AIX.


You can list these fixes with the instfix command.
instfix is useful for listing and searching through applied updates on the
system.

instfix i
## instfix i

All
All filesets
filesets for
for IY32852
IY32852 were
were found.
found.
All
All filesets for IY14691 were
filesets for IY14691 were found.
found.
All
All filesets
filesets for
for IY31312
IY31312 were
were found.
found.
All
All filesets
filesets for
for IY31879
IY31879 were
were found.
found.
All
All filesets
filesets for
for IY34538
IY34538 were
were found.
found.

2244
2244 lines
lines removed
removed for clarity .
for clarity .

## instfix
instfix -i
-i |grep
|grep IY34981
IY34981
All
All filesets for
filesets for IY34981
IY34981 were
were found.
found.

Interim fixes between services packs, including service advisories, is


now done through interim fix management.
emgr command
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-17. Listing fixes (APARs) installed on the system AN123.1

Notes:
Fixes displayed with the instfix i command are installed through Technology Level and
Service Pack updates. In previous versions of AIX, interim fixes, between Maintenance
level releases, were installed through instfix itself. In AIX6, instfix is really a legacy
command. It is only useful for listing and searching through applied updates on the system.
Necessary fixes that are not part of a TL or SP, are handled through interim fix
management.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Interim fix management


IBM Power Systems

## emgr
emgr -pe
-pe 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Preview
Install
.lot
.lot of
of output
output is
is produced,
produced, removed
removed for
for clarity!
clarity!
EPKG NUMBER
EPKG NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 INSTALL
INSTALL PREVIEW
PREVIEW SUCCESS
SUCCESS
## emgr
emgr -e
-e 744A_610.071105.epkg.Z
744A_610.071105.epkg.Z
Install
ifix
## emgr
emgr -l
-l List
installed
ID
ID STATE
STATE LABEL
LABEL INSTALL
INSTALL TIME
TIME ABSTRACT
ABSTRACT efixes
===
=== =====
===== ==========
========== ==================
================== ======================================
======================================
11 *Q*
*Q* 744A_610
744A_610 10/10/08
10/10/08 23:30:49
23:30:49 Kernel
Kernel fix
fix for
for 0744A_610
0744A_610

emgr r
## emgr r L
L 744A_610
744A_610 Remove
Log ifix
Log file
file is
is /var/adm/ras/emgr.log
/var/adm/ras/emgr.log
EFIX
EFIX NUMBER
NUMBER LABEL
LABEL OPERATION
OPERATION RESULT
RESULT
===========
=========== ==============
============== =================
================= ==============
==============
11 744A_610
744A_610 REMOVE
REMOVE SUCCESS
SUCCESS
ATTENTION:
ATTENTION: system
system reboot
reboot is
is required.
required. Please
Please see
see the
the "Reboot
"Reboot Processing"
Processing"
sections
sections in
in the
the output
output above
above or
or in
in the
the /var/adm/ras/emgr.log
/var/adm/ras/emgr.log file.
file.
Return
Return Status
Status == SUCCESS
SUCCESS

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-18. Interim fix management AN123.1

Notes:
The interim fix (ifix) management solution enables users to track and manage ifix packages
on a system. An ifix package might be an interim fix, debug code, or test code that contains
commands, library archive files, or scripts that run when the ifix package is installed.
The ifix management solution consists of the following commands:
ifix packager (epkg)
ifix manager (emgr)
The epkg command creates ifix packages that can be installed by the emgr command. The
emgr command installs, removes, lists, and verifies system efixes.
It is important to examine the state field after installing an interim fix. The codes for the
state field are documented in the AIX Installation and Migration manual. In the above
example, the state value of Q means that a reboot is necessary for this fix to be effective.

5-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Removing installed software


IBM Power Systems

smit remove
Remove
Remove Installed
Installed Software
Software

[Entry
[Entry Fields]
Fields]
** SOFTWARE
SOFTWARE name
name [cluster.es.cspoc.cmds]
[cluster.es.cspoc.cmds] ++
PREVIEW
PREVIEW only?
only? (remove
(remove operation
operation will
will NOT
NOT occur)
occur) yes
yes ++
REMOVE
REMOVE dependent
dependent software?
software? yes
yes ++
EXTEND
EXTEND file
file systems
systems if
if space
space needed?
needed? no
no ++
DETAILED
DETAILED output?
output? no
no ++

Removing software from the command line


Remove the Firefox web browser
## installp
installp -u
-u Firefox.base.rte
Firefox.base.rte

(Preview) Remove all X11 software with associated prerequisites


## installp
installp -upg
-upg X11*
X11*

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-19. Removing installed software AN123.1

Notes:
Software can be removed by using system management tools or the command line. The
installp u flag, removes the specified software product and any of its installed updates
from the system. The product can be in either the committed or broken state. Any software
products that are dependent on the specified product must also be explicitly included in the
input list unless the -g flag is also specified. Removal of any bos.rte fileset is never
permitted.
Note: The removal of LPP filesets does not necessarily mean the process will delete all
files included in the filesets. This is dependent on how the LPP filesets are constructed.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Recovering from broken or inconsistent states


IBM Power Systems

To list broken or inconsistent filesets, use the lppchk command.


## lslpp
lslpp -L
-L |grep
|grep Firefox.base.rte
Firefox.base.rte
Firefox.base.rte
Firefox.base.rte 1.5.0.12
1.5.0.12 ?? FF Firefox
Firefox Web
Web Browser
Browser
Look for ?
or B.
## lppchk
lppchk -v
-v
lppchk:
lppchk: The
The following
following filesets
filesets need
need to
to be
be installed
installed or
or corrected
corrected to
to bring
bring
the
the system
system to
to aa consistent state:
consistent state: Display
inconsistent
Firefox.base.rte
Firefox.base.rte 1.5.0.12
1.5.0.12 (APPLYING)
(APPLYING) filesets.

## installp
installp -C
-C
installp:
installp: Cleaning
Cleaning up
up software
software for:
for: Perform a clean-up
Firefox.base.rte operation. Fileset is
Firefox.base.rte 1.5.0.12
1.5.0.12
removed
Installation
Installation Summary
Summary
--------------------
--------------------
Name
Name Level
Level Part
Part Event
Event Result
Result
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Firefox.base.rte
Firefox.base.rte 1.5.0.12
1.5.0.12 USR
USR CLEANUP
CLEANUP SUCCESS
SUCCESS

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-20. Recovering from broken or inconsistent states AN123.1

Notes:
If the process of installing, updating, or removing software from the system is interrupted or
fails, the outcome is likely to be either broken or inconsistent filesets on the system. To
detect this, use the lppchk command. If all is OK, the command will return null, otherwise
broken or inconsistent filesets will be displayed. To clean up from any such operation, use
the installp command with the C option (clean-up) and then retry the original operation
again. If the failed operation was an uninstall, remove the software manually, using installp
u <fileset>.

5-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Service update management assistant


IBM Power Systems

Excellent tool for downloading fixes:


Optional: Tasks can be automated or driven by ksh scripts
Not installed by default in AIX 7.1:
bos.suma
Prerequisites of bos.ecc_client.rte and Java6.sdk
Access: SMIT SUMA
Can be used to download:
By PTF
Technology level(s)
Service pack(s)
All latest fixes
Internet access must be available from the service update management
assistant (SUMA) host.
Has many configuration parameters

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-21. Service update management assistant AN123.1

Notes:
SUMA is an excellent tool for quickly downloading fixes with minimum fuss directly onto an
AIX server or NIM server.
The bos.suma fileset is not installed by default and has prerequisites of bos.ecc_client.rte
and Java6.sdk.
Why SUMA?
Fix automation, the ability to get maintenance fixes onto a system automatically, is
becoming a focus area for IT system administrators. As system administration becomes
more complex and time consuming, it is often a roadblock that prevents systems from
being up to date with current software fixes. Clients want the increased security and
reliability benefits, as well as the reduced downtime and total cost of ownership that comes
with keeping current fixes on a system. To meet these client demands, SUMA has
automated the process of determining which fixes are available, discovering which of the
available fixes a system needs, and downloading the necessary fixes onto a system,
thereby reducing both the complexity and the time spent on system administration to
perform these tasks.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SUMA base configuration


IBM Power Systems

Base configuration
# smit suma_config_base
Base
Base Configuration
Configuration

[Entry
[Entry Fields]
Fields]
Screen
Screen output
output verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
Logfile
Logfile output verbosity
output verbosity [Verbose]
[Verbose] ++
Notification
Notification email
email verbosity
verbosity [Info/Warnings/Errors]
[Info/Warnings/Errors] ++
Remove
Remove superseded
superseded filesets
filesets on
on Clean?
Clean? yes
yes ++
Remove
Remove duplicate
duplicate base
base levels
levels on
on Clean?
Clean? yes
yes ++
Remove
Remove conflicting
conflicting updates
updates on
on Clean?
Clean? Yes
Yes ++
Fixserver
Fixserver protocol
protocol https
https ++
Download protocol
Download protocol http
http ++
Maximum
Maximum log
log file
file size
size (MB)
(MB) [1]
[1] ##
Download timeout (seconds)
Download timeout (seconds) [180]
[180] ##

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-22. SUMA base configuration AN123.1

Notes:
The Base Configuration menu allows SUMA global configuration settings to be viewed or
changed. These settings are used for each SUMA task that is run and allow specification of
values for items such as:
Screen, logfile, and email verbosity levels
Flag options for the lppmgr command to help manage the size of a download
repository
Download protocol
Download timeout setting
A clean operation will remove unnecessary files from the repository using the lppmgr
command.
The global configuration settings can be viewed from the command line, # suma -c.
In AIX 7 and later, use of HTTP or HTTPS proxy connections requires that the ECC service
connection be configured. This is shared with Service Agent and Inventory Scout.

5-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

SUMA task configuration


IBM Power Systems

Default task configuration


# smit suma_task_defaults Directory to
store
View/Change
View/Change SUMA
SUMA Task
Task Defaults
Defaults
downloads
[Entry
[Entry Fields]
Fields]
Action
Action [Download]
[Download] ++
Directory
Directory for
for item
item storage
storage [/aix/FIXES]
[/aix/FIXES]
Type of item to request
Type of item to request [All
[All Latest
Latest Fixes]
Fixes] ++
Name
Name of
of item
item to
to request
request []
[]
Repository
Repository to filter
to filter against
against [/aix/FIXES]
[/aix/FIXES]
Maintenance
Maintenance oror Technology
Technology Level
Level to
to filter
filter against
against []
[] ++
System
System or
or lslpp
lslpp output
output to
to filter
filter against
against [localhost]
[localhost]
Maximum
Maximum total
total download
download size
size (MB)
(MB) [-1]
[-1] +#
+#
EXTEND
EXTEND file systems if space needed?
file systems if space needed? yes
yes ++
Maximum
Maximum file
file system
system size
size (MB)
(MB) [-1]
[-1] +#
+#
Notify
Notify email
email address
address [root]
[root] ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-23. SUMA task configuration AN123.1

Notes:
SUMA default task values can be uniquely set for each SUMA task. The visual above
shows the default settings. The possible actions are:
Preview: SUMA performs the operations that do not directly affect the file system. The
output displayed reflects what would happen during a download. Use this option to
determine which files will be downloaded for your request.
Download: SUMA downloads files into the directory specified in Directory for item
storage.
Download and Clean: SUMA performs a download operation and a clean operation to
remove unnecessary files from the repository.
The task configuration settings can be viewed from the command line, # suma -D

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SUMA command line execution


IBM Power Systems

SUMA command line examples: Request


type =
Download specific service pack service pack
## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a RqType=SP
RqType=SP -a
-a Action=Download
Action=Download \\
-a
-a RqName=7100-00-02-1041'
RqName=7100-00-02-1041'

Download technology level 6 for AIX 6.1 on Wednesday at 11:00 PM


## /usr/sbin/suma
/usr/sbin/suma -s
-s 0
0 23
23 ** ** 3
3 -a
-a RqType=ML
RqType=ML a
a
Action=Download
Action=Download \\
-a
-a RqName='6100-06-00-1036
RqName='6100-06-00-1036
Task
Task ID
ID 11 created.
created. List all
scheduled
## suma
suma -l
-l SUMA tasks

Download latest fixes for the currently installed AIX TL


## /usr/sbin/suma
/usr/sbin/suma -x
-x -a
-a Action=Download
Action=Download -a
-a RqType=Latest
RqType=Latest

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-24. SUMA command line execution AN123.1

Notes:
SUMA tasks can be initiated through the command line. This is most useful when
producing scripts to automatically download fixes. SUMA uses cron when scheduled tasks
are created. In the schedule example above, the following entry will be added to root's
crontab: 0 23 * * 3 _SUMA=cron /usr/suma/bin/suma -x 1

5-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty The output of command:


# suma -l
1:
DisplayName=
Action=Download
RqType=ML
RqName=6100-02
RqLevel=
PreCoreqs=y
Ifreqs=y
Supersedes=n
ResolvePE=IfAvailable
Repeats=y
DLTarget=/aix/FIXES
NotifyEmail=root
FilterDir=/aix/FIXES
FilterML=6100-01
FilterSysFile=localhost
MaxDLSize=-1
Extend=y
MaxFSSize=-1
For further information see the SUMA main page.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Fix Central website


IBM Power Systems

To download fixes: http://www.ibm.com/support/fixcentral

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-25. Fix Central website AN123.1

Notes:
AIX fixes are generally available on the Internet at Fix Central. Fixes cat any level, from AIX
4.3.3 to the present version, can be downloaded.
Each IBM client accessing Fix Central is required to have an individual IBM ID to download
fixes (some exemptions may apply). If not already registered, the registration is quick and
simple and will provide users with a customized experience to better serve their needs. To
register go to:
https://www.ibm.com/account/profile
Click the Register link.

5-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Fix Level Recommendation Tool


IBM Power Systems

http://www14.software.ibm.com/webapp/set2/flrt/home
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-26. Fix Level Recommendation Tool AN123.1

Notes:
Today's AIX environment can be complex as lots of components are required. In addition to
AIX, one must also think about but System Firmware, HMC, VIOS, PowerHA levels, and
more. How do you know if the levels of these products are compliant and supported? The
answer is FLRT. FLRT is web driven tool that enables you to select your machine type and
software components and levels. It then produces an easy to read report which provides
recommendations, notices and status compliance as shown on the visual.

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
c. Install state
d. Commit state

2. What command is used to list all installed software on your system?

3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle

4. True or False: If a problem is found with the inetd subsystem, it is possible to


download and apply a fix to the bos.net.tcpip.server fileset in AIX to
correct the problem.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-27. Checkpoint AN123.1

Notes:

5-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

AIX software
installation and
maintenance

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-28. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 5. AIX software installation and maintenance 5-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Define the package definitions and naming conventions
Determine the current installed level of the OS and individual
filesets
Apply, commit, and remove AIX software
Recover from broken and inconsistent software states
Describe how to download software maintenance using Fix
Central and SUMA
Identify if all the components in the Power and AIX
environment are compatible and supported

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 5-29. Unit summary AN123.1

Notes:

5-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 6. System configuration and devices

What this unit is about


This unit describes how to list and understand the system
configuration and manipulate devices.

What you should be able to do


After completing this unit, you should be able to:
Explain device terminology
List device configuration and status
Configure new devices
Manage device states
Interpret physical and virtual location codes

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX 7.1 Information
AIX Version 7.1 Operating System and Device
Management
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Explain device terminology
List device configuration and status
Configure new devices
Manage device states
Interpret physical and virtual location codes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-1. Unit objectives AN123.1

Notes:

6-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Device terminology
IBM Power Systems

Generic terminology
Physical devices
Ports
Device drivers
Logical devices
/dev directory
Virtual devices

Power H/W-specific terminology


CEC
System planar
RIO or 12X
System ports
GX+
IVE
PCI
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-2. Device terminology AN123.1

Notes:
Generic Device terminology
Physical Devices are the actual hardware that is connected in some way to the system
Ports are the physical connectors and adapters in the system to which physical devices
or cables are attached.
All Power servers, except but the entry level models, provide the ability to extend the
internal buses of the system enclosure to the I/O expansion drawers. The I/O expansion
drawers have PCI buses which can support additional adapters and disks (depending
upon the type of I/O drawer. Older Power models used a cabling system called RIO.
The newer servers use a cabling system called 12X (based on InfiniBand).
Logical Devices. Software interfaces (special files) that present a means of accessing a
physical device to the users and application programs. Data appended to logical devices is
sent to the appropriate device driver. Data read from logical devices is read from the
appropriate device driver.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

/dev is the directory which contains all of the logical devices that can be directly
accessed by the user. Some logical devices defined are only referenced in the ODM
customized database and cannot be accessed by users.
Virtual Devices are the Ethernet and SCSI devices which are allocated to the client for
networking access and storage. These devices are not real.
Power hardware-specific terminology
Central electronics complex (CEC) is the main system unit that contains system
processors, memory, and remote I/O connections.
System planar is the main component of the CEC where all processor cards, memory
dimms, and I/O attachments are interconnected together.
RIO and 12X provide high-speed connectivity between the system enclosure (contains
the CEC) and any I/O drawer enclosures. RIO and 12X are comprised of special cables,
adapters and protocols, which allow the I/O drawers to effectively act as extensions of
the system enclosures internal buses. An I/O drawer can consist of PCI slots/adapters,
disks, or both, depending on the type of I/O drawer. The I/O drawers connect to the
system enclosure through either a RIO or 12X GX adapter, which sits on the system
enclosures GX+ bus.
System Ports are the two serial ports on the system planar. In an operating system
environment, the two system ports become host virtual system ports and are only
available for specific limited functions. For example, the two integrated system ports on
a p550 are limited to serial connected TTY console functionality and IBM approved
call-home modems. These system ports do not support other general serial connection
uses, such as UPS, PowerHA heartbeat, printers, mice, and so on, If you need
multi-purpose serial port functions, optional PCI adapters are available.
GX+: Each POWER6 processor provides a GX+ bus, which is used to connect to an I/O
subsystem or Fabric Interface card.
IVE: The POWER6 processor-based servers extend the virtualization technologies
introduced in POWER5 by offering the Integrated Virtual Ethernet (IVE) adapter. IVE,
also called Host Ethernet Adapter (HEA) in other documentation, enables an easy way
to manage the sharing of the integrated high-speed Ethernet adapter ports. It is a
standard set of features that are part of POWER6 and early POWER7 processor-based
servers. IVE is discontinued in new models POWER7 processor-based servers.
PCI, which stands for Peripheral Component Interconnect, is an industry-standard bus
for attaching peripherals to computers.

6-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System components locations


IBM Power Systems

5886
SAS disk Location:
drawer Enclosure
Bus or planar
SAS Adapter

12X
Port
5877 Device
PCI
Expansion
drawers

12X
12X
PCI cables

12X
CEC
Power 770 PCI GX
System
Enclosures CEC
12X
PCI GX
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-3. System components locations AN123.1

Notes:
A Power server can be comprised of many enclosures. An enclosure is a single box that
could be mounted in a rack. Each enclosure has a unique identifier which consists of the
machine type and model (MTM) plus a serial number, as in this example:
U8204.E8A.65BF831.
Virtual devices will use this as the basis for their location.
The most important enclosure is the system enclosure which contains the CEC. The MTM
and serial for the system enclosure is used as the basis for virtual device locations.
The CEC, within the system enclosure, actually has a separate MTM and serial number. All
of the non-virtual devices within a system enclosure use the CEC identifier as the basis for
their location. For example, device pci1 (on the PCI-X) bus has the device code of
U78A0.001.DNWGCAH-P1
U78A0.001.DNWGCAH is the identifier of the CEC and P1 means the device is attached to
the main System planar.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

For certain server models, multiple system enclosures can be cabled together act as one
large server. An example of that would be a Power 770.
Within each enclosure there will be one or more planars. A planar is often associated with
an internal bus, such as a PCI bus. On each bus there will be one more device adapters.
Each device adapter will have one or more ports. Most of the devices that you will want to
identify will be associated with or connected to one of these ports.
While the system enclosure will have a few integrated disk bays and PCI slots, it is
common to desire more of these resources. To support expanding the I/O capacity of the
server, the system enclosures can be connected to I/O expansion drawers which act as an
extension of the server. These I/O drawers have their own MTM and serial number that is
used for locating devices attached to them. The current cabling system for connecting I/O
expansion drawers to the system drawers is the 12X cabling, though older servers used the
RIO cabling. The expansion drawers contain their own internal PCI buses that support card
slots. Some models also have an integrated SAS or SCSI adapter to support additional
disk bays in the enclosure.
Finally when additional locally attached disks are needed, it is possible to place a disk
expansion drawer. These are cabled to storage adapter in either a system enclosure or an
I/O expansion drawer using SAS or SCSI cabling, depending on the model I/O drawer.
Devices in this type of I/O drawer are located based upon the storage adapter to which they
are cabled. And that storage adapter will either be in a system enclosure or an I/O
expansion drawer.
Device location codes will be explored in more depth as we go through this unit.

6-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Device addressing
IBM Power Systems

The address of a device allows you to identify its location.


Physical location codes uniquely identify a specific component in a
server or accessed by a server.
Assigned by the system firmware.
Example hdisk0: U78A0.001.DNWGGRX-P2-D5 (SAS drive)

Operating system location codes uniquely identify a component only


within an AIX instance.
Assigned by AIX.
Not as useful or meaningful as physical codes on POWER5 or later systems.
Virtual devices do not have AIX location codes.
Note: Address conventions differ between models and types (adapters,
SCSI, non-SCSI).
Example. hdisk0: 00-08-00 (SAS drive)

Both physical and AIX codes can be seen side by side with:
lsdev CHF name, status, physloc, location

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-4. Device addressing AN123.1

Notes:
Every device is assigned a physical location code when it is attached to the system. These
codes are critical. If a device has a problem such as a disk failure, an error report is
generated which will identify the device and its location. You can use this information to
replace the failed disk drive.
It is important not to confuse physical location codes with AIX location codes. Before LPAR
technology was introduced into Power Systems, there were only AIX location codes, and
they remain today for legacy purposes. On POWER-based processor servers that can be
partitioned, you need to use physical location codes.
Note: Virtual devices do not have OS location codes.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Physical location code examples


IBM Power Systems

Physical location code format


Unit_type.Model_no.Serial_no-additional device information
Examples:
hdisk0
hdisk0 U78A0.001.DNWGGRX-P2-D5
U78A0.001.DNWGGRX-P2-D5 SAS
SAS Disk
Disk Drive
Drive
SAS
SAS Planar
Planar (P2),
(P2), Device
Device slot
slot reference
reference 5,
5, disk
disk is
is in
in the
the CEC
CEC

ent1
ent1 U78A0.001.DNWGGRX-P1-C4-T2
U78A0.001.DNWGGRX-P1-C4-T2 2-Port
2-Port 10/100/1000
10/100/1000 PCI-X
PCI-X Adapter
Adapter
System
System planar
planar (P1),
(P1), Card
Card slot
slot No 4, 22nd
No 4, nd port,
port, Adapter
Adapter is
is in
in the
the CEC
CEC

hdisk0
hdisk0 U7311.D20.6516D3C-P1-C04-T2-L8-L0
U7311.D20.6516D3C-P1-C04-T2-L8-L0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk
Planar
Planar 11 (P1),
(P1), PCI
PCI slot
slot No 4, 22nd
No 4, nd port,
port, SCSI
SCSI ID
ID 8,0,
8,0, Disk
Disk is
is in
in an
an
attached
attached SCSI 7311-D 20 I/O Drawer.
SCSI 7311-D 20 I/O Drawer.

hdisk5
hdisk5 U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000
U78A0.001.DNWGGRX-P1-C3-T1-W500507630E801223-L4011402700000000 FC
FC SCSI
SCSI Disk
Disk
System
System planar
planar (P1),
(P1), Card
Card slot
slot No
No 3,
3, Port
Port 1,
1, WW == WW
WW unique
unique name
name of
of
an
an
FC
FC adapter
adapter (where
(where the
the FC
FC adapter
adapter is
is in
in aa remote
remote storage
storage subsystem),
subsystem),
LL == LUN
LUN ID. The disk is a logical device (identified by
ID. The disk is a logical device (identified by the
the LUN
LUN
ID) in the remote storage subsystem.
ID) in the remote storage subsystem.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-5. Physical location code examples AN123.1

Notes:
The visual above shows how to interpret physical location code information.
The example system is an older model Power 550, but the principle applies to all Power
servers.
This server has a single system enclosure.
U78A0 identifies the CEC within the system enclosure.
The model number for a CEC is always: 001.
DNWGGRX is the serial number of the CEC.
Power Systems usually have I/O expansion drawers, or in the case of the larger machines,
expansion frames containing I/O drawers. U7311.D20 is a remote I/O drawer (RIO) for low
to mid-range systems. 6516D3 is the serial number assigned to the drawer.

6-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Virtual location codes example


IBM Power Systems

Client (AIX) partition Virtual devices are easily


recognized by the virtual ID
reference. This value is the LPAR
uname L
## uname L ID as shown with the uname
22 sys124_v1_T1
sys124_v1_T1 command.

vscsi0
vscsi0 U8204.E8A.652ACD2-V2-C12-T1
U8204.E8A.652ACD2-V2-C12-T1 Virtual
Virtual SCSI
SCSI Client
Client Adapter
Adapter
hdisk1
hdisk1 U8204.E8A.652ACD2-V2-C12-T1-L810000000000
U8204.E8A.652ACD2-V2-C12-T1-L810000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive

Virtual
Virtual client
client disk,
disk, Virtual
Virtual (LPAR)
(LPAR) ID
ID 2,
2, virtual
virtual card
card slot
slot 12.
12.

VIOS HMC profile


Virtual SCSI adapter definition

Note: In this example, the HMC profile is required


to show the client server virtual disk relationship.

VIOS partition
vhost0
vhost0 U8204.E8A.652ACD2-V1-C12
U8204.E8A.652ACD2-V1-C12 Virtual
Virtual SCSI
SCSI Server
Server Adapter
Adapter

Virtual
Virtual Server
Server adapter,
adapter, Virtual
Virtual (LPAR)
(LPAR) ID
ID 1,
1, virtual
virtual card
card slot
slot (Adapter
(Adapter ID)
ID) 12
12

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-6. Virtual location codes example AN123.1

Notes:
Virtual devices are assigned location codes in a similar format to physical devices. The
format is:
Unit_type.Model_no.virtual_adapter_number.virtual_card_slot_number.[port].[
LUN]
The visual shows a VIOS presenting a virtual disk (hdisk1) to a VIO Client. In order to do
this, the first step is to create a virtual server adapter, on the HMC for the VIOS and also a
VIO client adapter for the AIX partition. Each adapter has an assigned ID.
The vhost device in the VIOS symbolizes the virtual server adapter. In the example: V1
represents a virtual device with an assigned ID of one. C12 represents the virtual card slot
number, which is always equal to the adapter ID as defined on the HMC.
The vscsi device on the virtual client symbolizes the client adapter. In the example, V2
again represents a virtual device with an assigned ID of two. C12 represents the virtual
card slot number, which is also equal the adapter ID as defined on the HMC. T1 specifies
the port number of the adapter.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The client disks associated with the virtual client adapter will always inherit the location
code definition plus one additional field, the LUN id (L81000000000). In this example, eight
is the SCSI ID of the physical disk in the VIOS. One represents the first disk on the adapter
to be presented to the client.

6-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System configuration and device overview


IBM Power Systems

Understanding the configuration of the system is important.


The configuration should be documented and updated on a regular
basis.
All devices have attributes, some of which can be changed.
lsattr lists device attributes.
chdev changes device attributes.
AIX devices can be physical or virtual.
An AIX partition does not need to have any physical devices!
Most devices within AIX are self configured through cfgmgr.
Device states can be controlled using mkdev and rmdev
commands.
This includes virtual devices.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-7. System configuration and device overview AN123.1

Notes:
System configuration is important. We need to understand what devices we have at our
disposal and where these devices are physically located within each box or drawer. This is
important when devices fail, especially disks! Taking out the wrong disk in the system due
to failure could result in data corruption.
An AIX partition does not need to have any real devices. In today's Power p environments,
virtual LPARs are fast becoming the norm. Virtualization is a large topic and is covered in a
separate LPAR and virtualization education track. It is beyond the scope of the course.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Device commands
IBM Power Systems

prtconf
Lists major system configuration items
lscfg
Lists device information including physical location codes
lsdev
Lists device information including the state of the device
lsslot
Displays all specified hot plug slots and their characteristics
chdev
Changes the characteristics of a device
rendev
Changes the name of a device
lsattr
Displays attribute characteristics and possible values of attributes for devices
in the system
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-8. Device commands AN123.1

Notes:
There are many commands that are useful in determining the current configuration of your
system. These commands will be covered in more detail on the following visuals.

6-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

prtconf (1 of 2)
IBM Power Systems

Shell script that collects system information


## prtconf
prtconf
System
System Model:
Model: IBM,8233-E8B
IBM,8233-E8B
Machine
Machine Serial
Serial Number:
Number: 100603P
100603P
Processor
Processor Type:
Type: PowerPC_POWER7
PowerPC_POWER7
Processor
Processor Implementation
Implementation Mode:
Mode: POWER
POWER 77
Processor Version: PV_7_Compat
Processor Version: PV_7_Compat
Number
Number Of
Of Processors:
Processors: 22
Processor
Processor Clock
Clock Speed:
Speed: 3000
3000 MHz
MHz
CPU
CPU Type:
Type: 64-bit
64-bit
Kernel
Kernel Type:
Type: 64-bit
64-bit Some items were
LPAR
LPAR Info: 15
Info: 15 sys304_118_MA
sys304_118_MA removed for
Memory
Memory Size:
Size: 1024
1024 MB
MB clarity.
Good
Good Memory
Memory Size:
Size: 1024
1024 MB
MB
Platform
Platform Firmware
Firmware level:
level: AL710_099
AL710_099 Output is
Firmware
Firmware Version:
Version: IBM,AL710_099
IBM,AL710_099 continued on the
Network
Network Information
Information next page.
Host
Host Name:
Name: sys304_118
sys304_118
IP
IP Address: 10.6.52.118
Address: 10.6.52.118
Sub
Sub Netmask:
Netmask: 255.255.255.0
255.255.255.0
Gateway:
Gateway: 10.6.52.254
10.6.52.254

Paging
Paging Space
Space Information
Information
Total
Total Paging
Paging Space:
Space: 512MB
512MB
Percent
Percent Used:
Used: 10%
10%

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-9. prtconf (1 of 2) AN123.1

Notes:
prtconf is very useful command which displays an overview of the system configuration.
This is particularly useful for documentation purposes. One should run this command on a
regular basis and save or print the output.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

prtconf (2 of 2)
IBM Power Systems

INSTALLED
INSTALLED RESOURCE
RESOURCE LIST
LIST

The
The following
following resources
resources are
are installed
installed on
on the
the machine.
machine.
+/- Device listing
+/- == Added
Added or
or deleted
deleted from
from Resource
Resource List.
List.
** == Diagnostic
Diagnostic support
support not
not available.
available. including physical Second half of
location codes the output is
Model
Model Architecture:
Architecture: chrp
chrp
Model
Model Implementation:
Implementation: Multiple
Multiple Processor,
Processor, PCI
PCI bus
bus
identical to
lscfg
++ sys0
sys0 System
System Object
Object
++ sysplanar0
sysplanar0 System
System Planar
Planar
** pci6
pci6 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 PCI Bus
PCI Bus
++ usbhc0
usbhc0 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Host Controller
Host Controller (33103500)
(33103500)
++ usbhc1
usbhc1 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Host
Host Controller
Controller (33103500)
(33103500)
++ usbhc2
usbhc2 U78A0.001.DNWHNC6-P1
U78A0.001.DNWHNC6-P1 USB
USB Enhanced
Enhanced Host
Host Controller
Controller (3310e000)
(3310e000)
** pci2
pci2 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI
PCI Express
Express Bus
Bus
++ ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
++ ent5
ent5 U5877.001.00H0301-P1-C5-T2
U5877.001.00H0301-P1-C5-T2 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-Express
PCI-Express Adapter
Adapter (14104003)
(14104003)
** pci1
pci1 U5877.001.00H0301-P1
U5877.001.00H0301-P1 PCI Express Bus
PCI Express Bus
++ fcs2
fcs2 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
** fcnet0
fcnet0 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
++ fscsi1
fscsi1 U5877.001.00H0301-P1-C3-T1
U5877.001.00H0301-P1-C3-T1 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
++ hdisk4
hdisk4 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L4000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ hdisk5
hdisk5 U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000
U5877.001.00H0301-P1-C3-T1-W500507680140581E-L5000000000000 MPIO
MPIO IBM 2145 FC
IBM 2145 FC Disk
Disk
++ fcs3
fcs3 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 8Gb
8Gb PCI
PCI Express
Express Dual
Dual Port
Port FC
FC Adapter
Adapter (df1000f114108a03)
(df1000f114108a03)
** fcnet1
fcnet1 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 Fibre
Fibre Channel
Channel Network
Network Protocol
Protocol Device
Device
++ fscsi2
fscsi2 U5877.001.00H0301-P1-C3-T2
U5877.001.00H0301-P1-C3-T2 FC
FC SCSI
SCSI I/O
I/O Controller
Controller Protocol
Protocol Device
Device
** vio0
vio0 Virtual
Virtual I/O
I/O Bus
Bus
** vscsi0
vscsi0 U8233.E8B.100603P-V15-C35-T1
U8233.E8B.100603P-V15-C35-T1 Virtual SCSI Client Adapter
Virtual SCSI Client Adapter
** hdisk3
hdisk3 U8233.E8B.100603P-V15-C35-T1-L8400000000000000
U8233.E8B.100603P-V15-C35-T1-L8400000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk2
hdisk2 U8233.E8B.100603P-V15-C35-T1-L8300000000000000
U8233.E8B.100603P-V15-C35-T1-L8300000000000000 Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
** hdisk1
hdisk1 U8233.E8B.100603P-V15-C35-T1-L8200000000000000
U8233.E8B.100603P-V15-C35-T1-L8200000000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
** hdisk0
hdisk0 U8233.E8B.100603P-V15-C35-T1-L8100000000000000
U8233.E8B.100603P-V15-C35-T1-L8100000000000000 Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
** ent1
ent1 U8233.E8B.100603P-V15-C2-T1
U8233.E8B.100603P-V15-C2-T1 Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
** vsa0
vsa0 U8233.E8B.100603P-V15-C0
U8233.E8B.100603P-V15-C0 LPAR
LPAR Virtual
Virtual Serial
Serial Adapter
Adapter
** vty0
vty0 U8233.E8B.100603P-V15-C0-L0
U8233.E8B.100603P-V15-C0-L0 Asynchronous
Asynchronous Terminal
Terminal

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-10. prtconf (2 of 2) AN123.1

Notes:
The last function prtconf performs is to run the lscfg command as shown in the visual.
Although the prtconf v flag can be used to display detailed Vital Product Data (VPD)
information, the output on the previous page is omitted. To get around this problem, simply
make a copy of the prtconf script to prtconfVPD and append a v flag to the last lscfg
command at the end of the script.
As follows:
# tail `which prtconf`
done
fi
#devices information
lscfg ######## APPEND v here !!! ###########
fi

6-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

lscfg
IBM Power Systems

lscfg can be used to display vital product data (VPD) information for
devices.
IBM customer engineers (CEs) need this to order and replace failed
components.
Physical
location code
## lscfg
lscfg -v
-v -l
-l ent4
ent4
ent4
ent4 U5877.001.00H0301-P1-C5-T1
U5877.001.00H0301-P1-C5-T1 2-Port
2-Port
10/100/1000
10/100/1000 Base-TX PCI-Express
Base-TX PCI-Express Adapter
Adapter (14104003)
(14104003)

2-P VPD
2-P NIC-TX
NIC-TX PCI-e:
PCI-e: information
EC
EC Level....................D76567
Level....................D76567
Part
Part Number.................46K6601
Number.................46K6601
Manufacture
Manufacture ID..............YL1026
ID..............YL1026
FRU
FRU Number..................46K6601
Number..................46K6601
Network
Network Address.............00145E76B484
Address.............00145E76B484
ROM Level.(alterable).......EP0170
ROM Level.(alterable).......EP0170
Hardware
Hardware Location
Location Code......U5877.001.00H0301-P1-C5-T1
Code......U5877.001.00H0301-P1-C5-T1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-11. lscfg AN123.1

Notes:
The lscfg command displays configuration, diagnostic, and vital product data (VPD)
information about the system.
Use the lscfg command to display vital product data (VPD) such as part numbers, serial
numbers, and engineering change levels. VPD data is required for hardware engineers
when they need to order replacement parts due to failures.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

lsdev
IBM Power Systems

lsdev displays device information, including the device state.


Software (AIX)
location codes
## lsdev
lsdev |grep
|grep ent
ent
ent0
ent0 Available
Available 02-08
02-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
ent1
ent1 Available
Available 02-09
02-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902)
ent2
ent2 Available
Available Virtual
Virtual I/O
I/O Ethernet
Ethernet Adapter
Adapter (l-lan)
(l-lan)
ent3
ent3 Available
Available Shared
Shared Ethernet
Ethernet Adapter
Adapter

## lsdev
lsdev -Cc
-Cc disk
disk
hdisk0
hdisk0 Available
Available 03-08-01-8,0
03-08-01-8,0 16
16 Bit
Bit LVD
LVD SCSI
SCSI Disk
Disk Drive
Drive
hdisk1
hdisk1 Available
Available 01-00-02
01-00-02 MPIO
MPIO Other
Other FCFC SCSI
SCSI Disk
Disk Drive
Drive
hdisk2
hdisk2 Available
Available 00-08-00
00-08-00 SAS
SAS Disk
Disk Drive
Drive -Cc : list by class
-Cl : list by device name
## lsdev
lsdev -Cl
-Cl proc2
proc2
proc2
proc2 Available
Available 00-02
00-02 Processor
Processor

## lsdev
lsdev -p
-p pci5
pci5
ent8
ent8 Available
Available 05-08
05-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) Child
ent9
ent9 Available
Available 05-09
05-09 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (14108902)
(14108902) devices

Device state
Locating the
parent
lsdev Cl
## lsdev cd1 F
Cl cd1 F parent
parent device
ide0
ide0

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-12. lsdev AN123.1

Notes:
The lsdev command displays information about devices in the device configuration
database.
The -C flag requests information about all the customized devices. Newer versions of AIX
assume customized devices if neither -P nor -C are coded. Any combination of the -c
Class, -s Subclass, -t Type, -l Name, -p Parent, and -S State flags selects a subset of the
customized devices.
A -P flag will display information about all devices supported by the system using the. Any
combination of the -c Class, -s Subclass, and -t Type flags selects a subset of the
supported devices.
In newer versions of AIX, lsdev will assume a request for customized devices if neither -P
nor -C lags are coded.
Commonly used classes include disk, cdrom, adapter, and if (interface).
A simple script that can be useful in seeing the full parentage of a device is:

6-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty # cat parent.device


DEV=$1
while test $? -eq 0
do
printf "$DEV "; DEV=`lsdev -Cl $DEV -F parent`
done 2> /dev/null

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

lsslot
IBM Power Systems

lsslot displays dynamic reconfigurable slots, such as hot plug slots,


and their characteristics.
Lists all logical I/O
slots on the system

## lsslot
lsslot -c
-c slot
slot
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 Logical
Logical I/O
I/O Slot
Slot pci7
pci7 fcs1
fcs1
U787F.001.DPM0WB8-P1-C3
U787F.001.DPM0WB8-P1-C3 Logical
Logical I/O
I/O Slot
Slot pci4
pci4 sisscsia1
sisscsia1
U787F.001.DPM0WB8-P1-T5
U787F.001.DPM0WB8-P1-T5 Logical
Logical I/O
I/O Slot
Slot pci5
pci5 ent0
ent0 ent1
ent1
U787F.001.DPM0WB8-P1-T10
U787F.001.DPM0WB8-P1-T10 Logical
Logical I/O
I/O Slot
Slot pci3
pci3 sisscsia0
sisscsia0
U787F.001.DPM0WB8-P1-T12
U787F.001.DPM0WB8-P1-T12 Logical I/O
Logical I/O Slot
Slot pci2
pci2 ide0
ide0
Lists all PCI hot
U9131.52A.063412G-V1-C0
U9131.52A.063412G-V1-C0 Virtual
Virtual I/O
I/O Slot
Slot vsa0
vsa0 plug slots

## lsslot
lsslot -c
-c pci
pci
## Slot
Slot Description
Description Device(s)
Device(s)
U787F.001.DPM0WB8-P1-C1
U787F.001.DPM0WB8-P1-C1 PCI-X
PCI-X capable,
capable, 64
64 bit,
bit, 133MHz
133MHz slot
slot fcs1
fcs1
U787F.001.DPM0WB8-P1-C3
U787F.001.DPM0WB8-P1-C3 PCI-X
PCI-X capable,
capable, 32
32 bit,
bit, 66MHz
66MHz slot
slot sisscsia1
sisscsia1
U787F.001.DPM0WB8-P1-C4
U787F.001.DPM0WB8-P1-C4 PCI-X capable,
PCI-X capable, 64
64 bit,
bit, 266MHz slot fcs0
266MHz slot fcs0

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-13. lsslot AN123.1

Notes:
The lsslot command displays all the specified hot plug slots and their characteristics. Hot
plug slots are the plug-in points for connecting entities that can be added and removed
from the system without turning the system power off or rebooting the operating system.
The -c flag is required. It specifies the type of hot plug connector, for example, pci for hot
pluggable PCI adapters. You can display only the empty, that is, available, hot plug slots
with the -a flag, the occupied slots with the -o flag, or a specific slot by using the -s flag.
The -l flag can be used to locate the slot associated with the specified DeviceName, as
listed by the lsdev command.

6-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

lsattr and chdev commands


IBM Power Systems

Use lsattr to view and chdev change device attribute data.


## lsattr
lsattr -El
-El rmt0
rmt0

block_size
block_size 1024
1024 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True
compress
compress yes
yes UseUse data
data COMPRESSION
COMPRESSION True
True
Current block
density_set_1 size = 1KB
density_set_1 71
71 DENSITY
DENSITY setting
setting #1#1 True
True
density_set_2
density_set_2 38
38 DENSITY
DENSITY setting
setting #2#2 True
True
extfm
extfm yes
yes UseUse EXTENDED
EXTENDED file
file marks
marks True
True
mode
mode yes
yes UseUse DEVICE
DEVICE BUFFERS
BUFFERS during
during writes
writes True
True
ret
ret no
no RETENSION
RETENSION onon tape
tape change
change or
or reset
reset True
True True indicates
ret_error
ret_error no
no RETURN
RETURN error
error onon tape
tape change
change oror reset
reset True
True that the attribute
size_in_mb
size_in_mb 36000
36000 Size
Size in
in Megabytes
Megabytes False
False is user settable

To display a specific attribute:


lsattr E l rmt0 -a block_size
Tapes cannot be read when the tape device has a different block size.
Changing the value to 0 (variable) can help overcome this problem.
## chdev
chdev -l
-l rmt0
rmt0 -a
-a block_size=0
block_size=0 Set block
rmt0 changed size to 0
rmt0 changed

## lsattr
lsattr -El
-El rmt0
rmt0 || grep
grep block_size
block_size Block size
block_size
block_size 00 BLOCK
BLOCK size
size (0=variable
(0=variable length)
length) True
True changed

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-14. lsattr and chdev commands AN123.1

Notes:
The lsattr command displays information about the attributes of a given device or type of
device.
The chdev command changes the characteristics of the specified device with the given
device logical name that is specified with the -l Name flag. The device can be in the
defined, stopped, or available state. Some changes may not be allowed when the device is
in the available state. When changing the device characteristics, you can supply the flags
either on the command line, or in the specified -f File flag.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Device states
IBM Power Systems

Undefined
The device is unknown to the system.
Defined
The device is know to the system but it is unavailable for use.
Available
The device is available and ready for use.
Stopped
The device is unavailable but remains known by its device driver.
The mkdev and cfgmgr commands make devices available
for use.
The rmdev command can make devices unavailable for use
and completely remove them from the system.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-15. Device states AN123.1

Notes:
Device States
Undefined is not a state one can see assigned in the system, more of a reference
statement. If refers to a device which is supported but is not configured.
Defined means that the device is known to the system. It has been allocated a logical
device name, a location code, and attributes have been assigned to it. However, it is still
unavailable for use.
Available means that the device is fully configured and is ready for use.
Stopped mean that the device is configured, but not available for use by applications.
When a device is first identified, it is configured and put into the Available state.
Available devices can be put into the defined or undefined state by using the rmdev
command. Devices can be configured with both the mkdev or cfgmgr commands.
cfgmgr
The cfgmgr command configures devices and optionally installs device software into
the system. It can be run at any time.

6-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

/dev directory, device configuration, and control


IBM Power Systems

On UNIX platforms, access to devices is provided through special device


files that reside in /dev directory.
## lsdev
lsdev -Cc
-Cc tape;
tape; ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0* Tape drive will be
/dev/*rmt0*
/dev/*rmt0* not
not found
found configured by loading the
device into the kernel
## cfgmgr
cfgmgr (/unix).

## lsdev
lsdev -Cc
-Cc tape
tape
rmt0
rmt0 Available
Available 04-08-01-2,0
04-08-01-2,0 LVD
LVD SCSI
SCSI 4mm
4mm Tape
Tape Drive
Drive

## ls
ls -l
-l /dev/*rmt0*
/dev/*rmt0*
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 00 13
13 Oct
Oct 14:43
14:43 /dev/rmt0
/dev/rmt0
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 11 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.1
/dev/rmt0.1
.
. Removed
Removed rmt0.2
rmt0.2 through
through rmt0.6
rmt0.6
crw-rw-rw-
crw-rw-rw- 11 root
root system
system 37,
37, 77 13
13 Oct
Oct 14:43
14:43 /dev/rmt0.7
/dev/rmt0.7

## rmdev Minor number.


rmdev -l
-l rmt0
rmt0 The Kernel will
rmt0 Certain devices like
rmt0 Defined
Defined reference the tape tapes can behave in
device through the different ways.
## mkdev
mkdev -l
-l rmt0
rmt0 major number (37).
rmt0 Available
rmt0 Available

## rmdev
rmdev -l
-l rmt0
rmt0 -d
-d
rmt0
rmt0 deleted
deleted
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-16. /dev directory, device configuration, and control AN123.1

Notes:
The visual shows a tape drive connected to a system but is undefined. The cfgmgr
command is run to configure and make the device available. Once available, special device
files have been created in /dev directory. Some devices like tapes have several special
files. Each file is assigned a major and minor number. Major and minor numbers are used
by the operating system to determine the actual driver and device to be accessed by the
user-level request for the special device file.
For example, when writing files to a tape, the difference between tar cvf /dev/rmt0
myfiles.tar and tar cvf /dev/rmt0.1 myfiles.tar is that rmt0 will result in the tape rewinding
after the operation, whereas with rmt0.1, the tape will not rewind after the write operation.

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

rendev command
IBM Power Systems

You must first unconfigure device to Defined state first.


## rmdev
rmdev -l
-l hdisk2
hdisk2
hdisk2
hdisk2 Defined
Defined

Use rendev to change device name.

## rendev
rendev -l
-l hdisk2
hdisk2 n
n testdisk
testdisk

Device to be New desired device name


renamed

Display new device name:


## lsdev
lsdev Cc
Cc disk
disk
hdisk0
hdisk0 Available
Available Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
hdisk1
hdisk1 Available
Available Virtual SCSI Disk Drive
Virtual SCSI Disk Drive
testdisk
testdisk Available
Available Virtual
Virtual SCSI
SCSI Disk
Disk Drive
Drive
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-17. rendev command AN123.1

Notes:
The rendev command changes the name of the specified device with the given device
name that is specified with the -l name flag. The new desired name must not exceed 15
characters in length. If the name has already been used or is present in the /dev directory,
the operation fails.
One of the use cases would be to rename a group of disks on which application data may
reside, to be able to distinguish them from other disks on the system.
Devices that are in use (available state) cannot be renamed; the device must first be in a
defined state. If device is a parent of other devices you must unconfigured all child devices
first. The rendev command will restore device to the Available state. The u flag may be
used to prevent the device from being configured again after it is renamed.
Disk drive devices that are members of the root volume group, or that will become
members of the root volume group (by means of LVM or install procedures), must not be
renamed. Renaming such disk drives may interfere with the ability to recover from certain
scenarios, including boot failures.

6-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint
IBM Power Systems

1. What does the following location code mean?


fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter

2. What is the purpose of a device major number? How would you locate
the major number of a disk, hdisk18?

3. True or False: cfgmgr is a binary executable that runs at system


initialization time to configure devices on the system.

4. What commands can you run on AIX to document the system


configuration?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-18. Checkpoint AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Exercise
IBM Power Systems

System configuration
and devices

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-19. Exercise AN123.1

Notes:

6-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Explain device terminology
List device configuration and status
Configure new devices
Manage device states
Interpret physical and virtual location codes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 6-20. Unit summary AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 6. System configuration and devices 6-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

6-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 7. System storage overview

What this unit is about


This unit is an overview of AIX system storage.

What you should be able to do


After completing this unit, you should be able to:
Describe the terminology and the concepts associated with:
- Physical volumes
- Volume groups
- Logical volumes
- Physical partitions
- Logical partitions
Describe how file systems and logical volumes are related

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating System and Device
Management
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Describe the terminology and the concepts associated with:
Physical volumes
Volume groups
Logical volumes
Physical partitions
Logical partitions
Describe how file systems and logical volumes are related

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-1. Unit objectives AN123.1

Notes:

7-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Components of AIX storage


IBM Power Systems

Physical storage
Logical storage
File systems
Directories
Files

Managed by
Logical Volume Manager (LVM)
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-2. Components of AIX storage AN123.1

Notes:
Components
The basic components or building blocks of AIX storage are:
Files
Directories
File systems
Logical storage
Physical storage
Logical Volume Manager (LVM)
As a user, you work with files and directories. As a system administrator, you manage
storage using the Logical Volume Manager.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Traditional UNIX disk storage


IBM Power Systems

Partition 1
Partition 4
Partition 2

Partition 3 Partition 5

Problems:
Fixed partitions
Expanding size of the partition
Limitation on size of a file system and a file
Contiguous data requirement
Time and effort required in planning ahead

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-3. Traditional UNIX disk storage AN123.1

Notes:
Issues with traditional UNIX disk storage
Traditionally, disk partitioning has been implemented through partitions. Customers had
to select the correct size for each partition before the system could be installed.
Each file system was on a partition on the hard disk.
Changing the size of the partition, and thus the file system, was no easy task. It involved
backing up the file system, removing the partition, creating new ones, and restoring the
file system.
A major limitation to partitions was that each partition had to consist of contiguous disk
space. This characteristic limited the partition to reside on a single physical drive. It
could not span multiple hard disks. Since file systems were always contained within a
partition, no file system could be defined that would be larger than the largest physical
drive. This meant that no single file could be larger than the largest physical drive.

7-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Benefits of the LVM


IBM Power Systems

Solves noncontiguous space problems.


Data can span disks.
Sizes can be dynamically increased.
Data can be mirrored for availability.
New disks are easily added to the system.
Data can be relocated.
LVM (data) statistics can be collected.

These tasks can be performed dynamically!

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-4. Benefits of the LVM AN123.1

Notes:
Constraints virtually eliminated
The constraints with traditional UNIX disk storage have been virtually eliminated in AIX,
with the addition of the Logical Volume Manager.
Note that the tasks listed in the visual, can be performed while users are on the system.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Logical Volume Manager components


IBM Power Systems

Physical Volume group


partitions (PPs) Logical
partitions (LPs)

1
2
3
4
5
write(data);
6
x
y
z
Application

Logical
volume (LVs)
Physical
volumes (PVs)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-5. Logical Volume Manager components AN123.1

Notes:
Introduction
The AIX Logical Volume Manager controls disk storage resources by mapping data
between a simple and flexible logical view of storage space and the actual physical
disks.
This visual and these notes provide a brief overview of the basic components of LVM.
Components
A hierarchy of structures is used to manage disk storage:
Volume groups
Physical volumes
Physical partitions
Logical volumes
Logical partitions

7-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Volume group (VG)


A volume group (VG) is the largest unit of storage allocation. A VG consists of a group
of one or more physical volumes (disks) all of which are accessed under one VG name.
The combined storage of all the physical volumes makes up the total size of the VG.
This space can be used by other storage entities like file systems and logical volumes.
VGs are portable and can be disconnected from one system and connected to another
system. All disks in the VG must move together.
Physical volume (PV)
A physical volume (PV) is the name for an actual disk or hard drive. A PV can be
internally or externally attached.
For a disk to be used by LVM, the disk must be added to a volume group, or a new
volume group must be set up for it.
A PV can only belong to one volume group (VG).
Physical partition (PP)
All of the physical volumes in a volume group are divided into physical partitions (PP).
All the physical partitions within a volume group are the same size, although different
volume groups can have different PP sizes.
Logical volume (LV)
Within each volume group, one or more logical volumes (LV) are defined. Logical
volumes are groups of information located on physical volumes. Data on logical
volumes appears to be contiguous to the user, but can be non-contiguous on the
physical volume, or can even be located on several physical volumes.
Logical partition (LP)
Each logical volume consists of one or more logical partitions (LP). Logical partitions
are the same size as the physical partitions within a volume group. Each logical partition
is mapped to at least one physical partition. Although the logical partitions are
numbered consecutively, the underlying physical partitions are not necessarily
consecutive or contiguous.
This allows file systems, paging space, and other logical volumes to be resized or
relocated, to span multiple physical volumes, and to have their contents replicated for
greater flexibility and availability in the storage of data.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Physical storage
IBM Power Systems

PP1
Volume PV1 PP2
group A PP3
PP4 Physical
PP5 volume
PP6 /dev/hdiskn
Volume PV2 PV3 PV4 PV5
group B
PPn

Original volume groups Big volume groups


-t factor Disks (PVs) PPs per PV Disks (PVs) -t factor
1 32 1016 128 1
2 16 2032 64 2
4 8 4064 32 4
8 4 8128 16 8
16 2 16256 8 16
N/A N/A 32512 4 32
N/A N/A 65024 2 64
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-6. Physical storage AN123.1

Notes:
Introduction
Disk space on a physical volume (PV) is allocated to logical volumes (LV) in chunks
called physical partitions (PP). Each physical partition size is the same across all the
disks in a volume group (VG). The PP size is set at the time the VG is created. The size
is set in megabytes on power of two boundaries (for example: 4 MB, 8 MB, 16 MB, and
so forth). The default is 4 MB.
In AIX 5L V5.2 and later, LVM defaults the PP size of a new VG to the smallest PP size
(equal or greater than 4 MB) which allows full addressing of the largest disk in the VG
given the selected maximum number of PPs per PV (defaults to 1016). The smallest PP
size is 1 MB, which is supported by using a larger number of PPs per PV.
When a PV is added to a system, a file called hdiskn is added to the /dev directory. n is
a number allocated by the operating system. It is usually the next available number.
This file may be used to access the device directly but this is not often done.

7-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Original volume group


Originally AIX supported VGs with a maximum of 32 PVs, no more than 1016 PPs per
disk, and an upper limit of 256 LVs per VG. This VG type is commonly referred to as the
original, normal, or volume group.
As disks increased in size, this meant that the PP size had to increase to use the entire
disk space and stay within the 1016 PPs per disk limit. Larger PPs means less flexibility
in allocating space for LVs, and potentially more wasted space.
For example, for an 18 GB disk, you must have a PP size of 32 MB. A PP size of 16 MB
would require 1152 PPs, over the limit.
Volume group -t factor
To handle the increase in hard disk drive capacity over time, AIX V4.3.1 implemented a
new volume group factor, which can be specified by the -t flag of the mkvg command,
that allows you to increase the maximum number of PPs per disk proportional to the
given integer multiplier value. The maximum number of PVs decreases proportional to
the specified -t factor.
For example, if you wanted to use an 8 MB PP size with our 18 GB disks, you would
need at least 2304 PPs per disk. Setting the -t factor to 4 would allow 4064 PPs per
disk, but would limit us to 8 disks in the VG.
Big volume group
AIX V4.3.2 expanded the LVM scalability by introducing big volume groups. A big VG
can have up to 128 physical volumes and a maximum of 512 LVs defined with it. The
volume group -t factor can also be used with the big VG.
Using our 18 GB disk example, setting the -t factor to 4, would allow us to have a VG
with a PP size of 8 MB and 32 disks.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Volume groups
IBM Power Systems

Volume group types:


Volume Group Max Max LVs Max PPs per Max PP
Original Type PVs VG Size
Big
Original 32 256 32512 1 GB
Scalable (1016 * 32)

Big 128 512 130048 1 GB


(1016 * 128)
Limits Scalable 1024 4096 2097152 128 GB

AIX contains one mandatory volumes group: rootvg


rootvg created on system install
Contains the AIX operating system
Why create new volume groups?
Separate user data from operating system files rootvg datavg
Disaster recovery
PV1 PV2 PV3
Data portability
Data integrity and security
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-7. Volume groups AN123.1

Notes:
Volume group types
With successive versions of AIX, new types of volume groups have been introduced
which allow for greater capacities and greater flexibility:
Original volume groups
When creating a volume group with SMIT or using the mkvg command, original
volume groups are the default.
Big volume groups
Big volume groups were introduced with AIX V4.3.2. Besides increasing the number
of PVs per VG, the big volume group also doubled the maximum number of LVs per
VG from 255 to 512. Support for creating big volume groups through SMIT was
introduced in AIX 5L V5.3. Previous to 5.3 big volume groups could only be created
from the command line.

7-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Scalable volume groups


Scalable volume groups were introduced with AIX 5L V5.3. A scalable VG can
accommodate a maximum of 1024 PVs and raises the limit for the number of LVs to
4096. The -t factor does not apply to the scalable VG type.
The maximum number of PPs is no longer defined on a per disk basis but applies to
the entire VG. This opens up the prospect to configure VGs with a relatively small
number of disks, but with fine grained storage allocation options, through a large
number of PPs which are small in size. The scalable VG can hold up to 2097152
(2048 KB) PPs. Optimally, the size of a physical partition, can also be configured for
a scalable VG.
Existing and new volume groups
When the system is installed, the root volume group (rootvg) is created. rootvg
consists of a base set of logical volumes and physical volumes required to start the
system, and any other logical volumes you specify to the installation script.
Additional disks can either be added to rootvg, or a new volume group can be created
for them. There can be up to 255 VGs per system.
Why create separate volume groups?
It is recommended that all user and application data be separated from the OS by
placing the data into volume groups. The data should be grouped into individual volume
groups by type or purpose (for example, Oracle data). By maintaining the user file
systems and the operating system files in distinct volume groups, the user files are not
jeopardized during operating system updates, reinstallations, and crash recoveries.
Maintenance is easier because you can update or reinstall the operating system,
without having to restore user data.
For security, you can make the volume group unavailable using varyoffvg.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Volume group descriptor area


IBM Power Systems

Three-disk or more
One-disk VG Two-disk VG VG

VGDA VGDA VGDA


VGDA VGDA VGDA VGDA

VGDA VGDA

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-8. Volume group descriptor area AN123.1

Notes:
Volume Group Descriptor Area (VGDA)
The VGDA is an area of disk, at least one per PV, containing information for the entire
VG. It contains administrative information about the volume group (for example, a list of
all logical volume entries, a list of all the physical volume entries, and so forth). There is
usually one VGDA per physical volume. The exceptions are when there is a volume
group with either one or two disks (as shown in the visual).
Quorum
There must be a quorum of VGDAs available to activate the volume group and make it
available for use with the varyonvg command. A quorum of VGDA copies is needed to
ensure the data integrity of management data that describes the logical and physical
volumes in the volume group. A quorum is equal to 51% or more of the VGDAs
available.
A system administrator can force a volume group to varyon without a quorum. This is
not recommended and should only be done in an emergency.

7-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Logical storage
IBM Power Systems

Physical volumes

1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49

Logical Volume Manager

1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-9. Logical storage AN123.1

Notes:
Logical partition
A physical partition is the smallest unit of disk allocation. Each logical partition maps to
a physical partition which physically stores the data.
The logical partitions within a volume group are the same size as the physical partitions
within that volume group.
Logical volume
A logical volume consists of one or more logical partitions within a volume group.
Logical volumes may span physical volumes if the volume group consists of more than
one physical volume. Logical volumes do not need to be contiguous within a physical
volume, because the logical partitions within the logical volume are maintained to be
contiguous. The view the system sees is the logical one. Thus, the physical partitions
they point to can reside anywhere on the physical volumes in the volume group.
Logical volumes may be increased in size at any time, assuming that there are sufficient
free physical partitions within the volume group. This can be done dynamically through

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SMIT even when users are doing work in that logical volume. However, logical volumes
cannot easily be decreased and require a file system backup and restore to a
re-created smaller logical volume.
The mapping of which logical partition corresponds to which physical partition, is
maintained in the VGDA for the volume group. It is both a physical view and a logical
view.
LVM mapping
The Logical Volume Manager (LVM) consists of the logical volume device driver (LVDD)
and the LVM subroutine interface library. The LVM controls disk resources by mapping
data between a more simple and flexible logical view of storage space, and the actual
physical disks. The LVM does this using a layer of device driver code that runs above
traditional disk device drivers.

7-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Uses of logical volumes


IBM Power Systems

A logical volume may contain one of the following:


Journaled (JFS) or enhanced journaled file system (JFS2)
Journal log (/dev/hd8)
Paging space (/dev/hd6)
Boot logical volume (/dev/hd5)
Dump device
Nothing (raw logical volume)

Examples of JFS/JFS2 logical volumes:


/dev/hd1 /home
/dev/hd2 /usr
/dev/hd3 /tmp
/dev/hd4 /
/dev/hd9var /var
/dev/hd10opt /opt
/dev/hd11admin /admin
/dev/lv00 /myfilesystem
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-10. Uses of logical volumes AN123.1

Notes:
Introduction
When you install the system, one volume group (rootvg) is automatically created which
consists of a base set of logical volumes required to start the system. rootvg contains
such things as paging space, the journal log, and boot data, each usually in its own
separate logical volume.
You can create additional logical volumes with the mklv command or go through the
SMIT menus. This command allows you to specify the name of the logical volume and
to define its characteristics.
JFS and JFS2 file systems
The native file system on AIX is the journaled file system (JFS), or the enhanced
journaled file system (JFS2). They use database journaling techniques to maintain
consistency. It is through the file system's directory structure that users access files,
commands, applications, and so forth.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Journal log
The journal log is the logical volume where changes made to the file system structure
are written until such time as the structures are updated on disk. Journaled file systems
and enhanced journaled file systems are discussed in greater detail later in the course.
Paging space
Paging space is fixed disk storage for information that is resident in virtual memory but
is not currently being maintained in real memory.
Boot logical volume
The boot logical volume is a physically contiguous area on the disk which contains the
boot image.
Dump device
When you install the operating system, the dump device is automatically configured for
you. By default, the primary device is /dev/hd6, which is the paging logical volume, and
the secondary device is /dev/sysdumpnull. For systems migrated from versions of AIX
earlier than V4.1, the primary dump device is what it formerly was, /dev/hd7.
Raw logical volume
A raw logical volume is simply an empty logical volume. Database applications, for
example Oracle, db2, recommend the use of raw logical volumes.

7-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

What is a file system?


IBM Power Systems

A file system is:


Method of storing data
Hierarchy of directories

Seven types are supported:


Journaled file system (JFS)
Enhanced journaled file system (JFS2)
CD-ROM file system (CDRFS)
DVD-ROM file system (UDFS)
Network file system (NFS)
Common Internet File System (CIFS)
Proc File System (PROCFS)
Autonomic Health Advisor File System (AHAFS)

Different file systems are connected together through directories to form


the view of files that users see.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-11. What is a file system? AN123.1

Notes:
Introduction
A file system is a directory hierarchy for storing files. It has a root directory and
subdirectories. In an AIX system, the various file systems are joined together so that they
appear as a single file tree with one root. Many file systems of each type can be created.
Because the available storage is divided into multiple file systems, data in one file system
could be on a different area of the disk than data of another file system. Because file
systems are of a fixed size, file system full errors can occur when that file system has
become full. Free space in one file system cannot automatically be used by an alternate file
system that resides on the same physical volume.
Supported file systems
AIX supports seven file system types:
JFS - Journaled File System, exists within a logical volume on disk
JFS2- Enhanced Journaled File System, exists within a logical volume on disk

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

CDRFS - CD-ROM File System on a Compact Disc


UDFS - Universal Disk Format (UDF) file system on DVD
CIFS - Common Internet File System accessed across a network (To install CIFS
support on AIX, install the bos.cifs_fs package)
NFS - Network File System accessed across a network
PROCFS - Proc file system maps processes and kernel data structures to
corresponding files
NAMEFS - NameFS provides the function of file-over-file and directory-over-directory
mounts. It allows you to mount a subtree of a file system in a different place in the file
name space. This allows a file to be accessed through two different path names.
Although these are physically different, they appear the same to users and applications.
AHAFS - Autonomic Health Advisor File System is a part of CAA (Cluster Aware AIX) a
mediator to take the requests of event registration, monitoring and unregistering from
the processes interested in monitoring for events.

7-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Why have multiple file systems?


IBM Power Systems

Can strategically place it on disk for improved performance.


Some tasks are performed more efficiently on a file system
than on each directory within the file system, for example,
back up, move, secure an entire file system.
Can limit disk usage of users by file system through quotas.
Maintain integrity of the entire file system structure, for
example, if one file system is corrupted, the others are not
affected.
Special security situations.
Organize data and programs into groups for ease of file
management and better performance.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-12. Why have multiple file systems? AN123.1

Notes:
Benefits
A file system is a structure that allows you to organize your data. It is one level in the
hierarchy of your data. By placing data in separate file systems, it allows for ease of
control and management of the data.
File systems can be placed on the disk in areas that provide the best performance.
Many times, backups and recoveries are done at a file system level.
Limit disk usage
Since the administrator determines the size of the file system, users are allocated only a
certain amount of shared disk space. This helps to control disk usage. The
administrator can also impose more granular control over that disk space by limiting
how much space an individual user can use in a file system. This is known as file
system quotas.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Data is not all in one place


By having several different file systems, all of your data is not in one place. If a file
system ever becomes corrupted, the other file systems are not affected. Also,
administrators can take a file system offline without affecting other file systems. This is
helpful when performing back ups or when limiting user access to the file system for
security reasons.

7-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Standard file systems in AIX


IBM Power Systems

hd4

/ (root)

home sbin opt lpp proc usr dev tftpboot var mnt etc tmp

hd1 hd10opt hd2 hd9var hd3

/ / / / /

csm freeware bin lib sbin spool adm tmp

Note: The drawing depicts logical, not physical volumes.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-13. Standard file systems in AIX AN123.1

Notes:
Initial file systems
When AIX is first installed on a stand-alone system there are only seven journaled file
systems and one pseudo file system (/proc) in existence:
/ (root) = /dev/hd4
At the top of the hierarchical file tree. It contains the files and directories critical for
system operations including the device directory and programs that complete the boot
process.
/usr = /dev/hd2
Operating system commands, libraries, and application programs
Can be shared across the network
/var = /dev/hd9var
Variable spool and log files

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The files in this file system vary considerably depending on system activity.
/home = /dev/hd1
Users' home directories (was /u in earlier versions of AIX)
This is traditionally where user data files are stored.
/tmp = /dev/hd3
Space accessible to all users for temporary files and work space
Should be cleared out frequently.
/opt = /hd10opt
Special file system to store freeware files
/proc = /proc
Special pseudo file system kept in memory to support threads, or light weight processes
This file system is not designed to store user files.
It is a type of file system which is different from a journal file system.
AIX supports the PROCFS implementation to improve compatibility with Linux.
/admin = /hd11admin
There are two empty directories: lost_found and tmp.
The permissions setting on this /admin/tmp directory is 755 and the directory is owned
by root.
This tmp directory has more security for applications to use.

7-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

/etc/filesystems
IBM Power Systems

/:
dev = /dev/hd4
vol = root
mount = automatic
check = false
vfs = jfs2
log = /dev/hd8
type = bootfs
/home:
dev = /dev/hd1
vol = /home
mount = true
check = true
vfs = jfs2
log = /dev/hd8
/home/team01:
dev = /dev/fslv00
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-14. /etc/filesystems AN123.1

Notes:
What is /etc/filesystems?
The /etc/filesystems file, documents the layout characteristics, or attributes of file
systems. It is in a stanza format which means a resource is named followed by a colon
and a listing of its attributes in the form of attributes = value.
Each stanza in the /etc/filesystems file, names the directory where the file system is
normally mounted.
File system attributes
The file system attributes specify all the parameters of the file system. They are as
follows:
dev For local mounts, identifies the block special file where the file system resides, or
the file or directory to be mounted
vol Used by the mkfs command when initiating the label on a new file system

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

mount Used by the mount command to determine whether a file system should be
mounted by default. Possible values are:
automatic File system mounted automatically at system startup
true File system mounted by the mount all command. This command is issued during
system initialization to automatically mount such file systems.
false File system is not automatically mounted
check Used by the fsck command to determine the default file systems to be checked.
True enables checking
vfs Specifies the type of mount. For example, vfs=jfs2.
log The device to which log data is written, as the file system is modified. This option is
only valid for journaled file systems.
type Used to group together related file systems which can all be mounted with the
mount -t command
account Used to determine the file systems to be processed by the accounting
subsystem.
quote Allows the system administrator to control the number of files and data blocks
that can be allocated to a user or group

7-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Mount
IBM Power Systems

mount is the glue that logically connects file systems to


the directory hierarchy.
File systems are associated with devices represented by
special files in /dev (the logical volume).
When a file system is mounted, the logical volume and its
contents are connected to a directory in the hierarchical
tree structure.
## mount
mount /dev/fslv00
/dev/fslv00 /home/patsie
/home/patsie

What to Where to
mount mount it
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-15. Mount AN123.1

Notes:
Mounting a file system
A file system has to be mounted in order for it to be available for use. Use the mount
command or SMIT to do this. The file system can also be umounted using the umount or
unmount command, or SMIT. These commands can be executed by either the root
user or a member of the system group.
It is possible to have file systems automatically mounted at boot time. This can be
specified in the /etc/filesystems file using the mount=automatic or mount=true
parameters.
Mount points
Full path names must be used when specifying the mount point. If SMIT is used to
create the file system, the mount point is created automatically.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mounting over an empty directory


IBM Power Systems

Before After
home home

liz john patsie liz john patsie

.profile .profile
.exrc data doc .exrc data doc
myscript myscript

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-16. Mounting over an empty directory AN123.1

Notes:
Accessing data in a file system
In order for users to get access to the data contained in a file system, it must be
mounted. When the file system is mounted, it becomes a part of the hierarchical tree
structure of files and directories. From the users perspective, there is no way to tell
where one file system ends and another begins.

7-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Mounting over files


IBM Power Systems

Before After
home home

liz john patsie liz john patsie

reports pgms .profile


.exrc

.profile
.exrc data doc
myscript
.profile
.exrc data doc
myscript
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-17. Mounting over files AN123.1

Notes:
What happens when mounting over files?
It is possible to mount over files and subdirectories. The result is that the files and
subdirectories that have been mounted over are now hidden from the users, that is,
inaccessible. They have not been lost though. They are again accessible when the
unmount command has been executed on the covering file system.
Not everyone has the authority to mount file systems randomly. Authority is based on
two things: what the default mount point is, as specified in the file /etc/filesystems, and
whether the user has write authority to that mount point. Users can issue file or directory
mounts provided they belong to the system group and have write access to the mount
point. They can do device mounts only to the default mount points mentioned in the file
/etc/filesystems. root can mount anywhere under any set of permissions.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing file systems


IBM Power Systems

## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 1966080
1966080 --
-- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 131072
131072 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 4587520
4587520 --
-- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 655360
655360 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 393216
393216 --
-- yes
yes no
no
/proc
/proc --
-- /proc
/proc procfs
procfs --
-- --
-- yes
yes no
no
/dev/hd10opt
/dev/hd10opt --
-- /opt
/opt jfs2
jfs2 524288
524288 --
-- yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 --
-- yes
yes no
no
/dev/fslv00
/dev/fslv00 --
-- /db2
/db2 jfs2
jfs2 262144
262144 rw
rw no
no no
no

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-18. Listing file systems AN123.1

Notes:
The lsfs command
You can list the various file systems that are defined using the lsfs command. This
command displays information from /etc/filesystems and from the logical volumes in a
more readable format. The lsfs command also displays information about CD-ROM
file systems and remote NFS file systems.
The SMIT fastpath to get to the screen which accomplishes the same task as the lsfs
command is: smit fs.
The syntax for the lsfs command is:
lsfs [-q] [ -c | -l ] [ -v vfstype | -u mountgrp ][file system]
The data may be presented in line and colon (-c) or stanza (-l) format. It is possible to
list only the file systems of a particular virtual file system type (-v), or within a particular
mount group (-u). The -q option queries the superblock for the fragment size
information, compression algorithm, and the number of bytes per inode.

7-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing logical volume information


IBM Power Systems

List all logical volumes for a volume group


## lsvg
lsvg -l
-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 16
16 22 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfs2log
jfs2log 11 22 22 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs2
jfs2 15
15 30
30 22 open/syncd
open/syncd //
hd2
hd2 jfs2
jfs2 35
35 70
70 22 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs2
jfs2 55 10
10 22 open/syncd
open/syncd /var
/var
hd3
hd3 jfs2
jfs2 33 66 22 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs2
jfs2 11 22 22 open/syncd
open/syncd /home
/home
loglv00
loglv00 jfs2log
jfs2log 11 22 22 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 44 22 open/syncd
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 44 22 closed/syncd
closed/syncd /db2
/db2

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-19. Listing logical volume information AN123.1

Notes:
Viewing logical volume information
lsvg -l rootvg
Provides information about the logical volumes in the rootvg volume group.
lslv lvname
This provides status information about the selected logical volume within the volume
group. For example, lslv hd6.

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (1 of 3)
IBM Power Systems

5. V______ G______
1. V______ G______
D ______ A______
VGDA 6. P______ V______

2. P______ P ______

3. L_____ P______

4. L______ V_______
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-20. Checkpoint (1 of 3) AN123.1

Notes:
For each item in the visual, fill in the blanks to complete the correct term for the indicated
LVM component.

7-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint (2 of 3)
IBM Power Systems

7. How many different physical partition (PP) sizes can be set within a
single VG?

8. By default, how big are PPs?

9. How many volume groups (VGs) can a physical volume (PV) belong
to?
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system

10. True or False: All VGDA information on your system is identical,


regardless of how many VGs exist.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-21. Checkpoint (2 of 3) AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (3 of 3)
IBM Power Systems
Use the following output to answer the questions below:
## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 -- -- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no

11. With which logical volume is the /home file system associated?

12. What types of file systems are being displayed?

13. What is the mount point for the file system located on the /dev/hd4 logical
volume?

14. Which file system is used primarily to hold user data and home directories?
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-22. Checkpoint (3 of 3) AN123.1

Notes:

7-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

System
storage

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-23. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 7. System storage overview 7-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Describe the terminology and the concepts associated with:
Physical volumes
Volume groups
Logical volumes
Physical partitions
Logical partitions
Describe how file systems and logical volumes are related

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 7-24. Unit summary AN123.1

Notes:

7-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 8. Working with the Logical Volume Manager

What this unit is about


This unit describes how to work with logical volumes, physical
volumes, and volume groups.

What you should be able to do


After completing this unit, you should be able to:
Explain how to work with the Logical Volume Manager
Add, change, and delete:
- Volume groups
- Logical volumes
- Physical volumes
Describe essential LVM concepts, such as:
- Mirroring
- Striping

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating System and Device
Management
AIX Version 7.1 Command References
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Explain how to work with the Logical Volume Manager
Add, change, and delete:
Volume groups
Logical volumes
Physical volumes
Describe essential LVM concepts, such as:
Mirroring
Striping

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-1. Unit objectives AN123.1

Notes:

8-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Logical Volume Manager


IBM Power Systems

# smit lvm
Logical
Logical Volume
Volume Manager
Manager

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Volume
Volume Groups
Groups
Logical
Logical Volumes
Volumes
Physical
Physical Volumes
Volumes
Paging
Paging Space
Space

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-2. Logical Volume Manager AN123.1

Notes:
Introduction
The SMIT Logical Volume Manager menu is used to manage many aspects of the system's
storage.
Volume groups: The SMIT Volume Groups menu provides facilities to manipulate the
volume groups in the system.
Logical volumes: The SMIT Logical Volumes menu provides facilities to manipulate
the logical volumes in the system. Logical volumes which contain journaled file
systems, paging space, or dump volumes can also be manipulated from their respective
menus.
Physical volumes: The SMIT Physical Volumes menu allows the user to configure the
physical volumes (fixed disks) in the system. This menu duplicates options on the Fixed
Disks menu of Devices.
Paging space: The SMIT Page Space menu allows a user to add, delete, activate, and
list the paging spaces available.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SMIT Volume Groups menu


IBM Power Systems

Volume
Volume Groups
Groups

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

List
List All
All Volume
Volume Groups
Groups
Add
Add aa Volume
Volume Group
Group
Set
Set Characteristics
Characteristics of of aa Volume
Volume Group
Group
List
List Contents
Contents ofof aa Volume
Volume Group
Group
Remove
Remove aa Volume
Volume Group
Group
Activate
Activate aa Volume
Volume Group
Group
Deactivate
Deactivate aa Volume
Volume Group
Group
Import
Import aa Volume
Volume Group
Group
Export
Export aa Volume
Volume Group
Group
Mirror
Mirror a Volume Group
a Volume Group
Unmirror
Unmirror aa Volume
Volume Group
Group
Synchronize
Synchronize LVM
LVM Mirrors
Mirrors
Back
Back Up
Up aa Volume
Volume Group
Group
Remake
Remake aa Volume
Volume Group
Group
Preview
Preview Information
Information about
about aa Backup
Backup
Verify
Verify the
the Readability
Readability of of aa Backup
Backup (Tape
(Tape only)
only)
View
View the
the Backup
Backup Log
Log
List
List Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
Restore
Restore Files
Files in
in aa Volume
Volume Group
Group Backup
Backup
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-3. SMIT Volume Groups menu AN123.1

Notes:
The visual shows the SMIT screen that allows for the configuration of volume groups.
To get to this menu, use the SMIT fastpath, smit vg.

8-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Adding a volume group to the system


IBM Power Systems

# smit mkvg mkvg y datavg hdisk1 hdisk2


Add
Add aa Volume
Volume Group
Group

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Add
Add an
an Original
Original Volume
Volume Group
Group
Add
Add aa Big
Big Volume
Volume Group
Group
Add
Add aa Scalable
Scalable Volume
Volume Group
Group

Add
Add an
an Original
Original Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes ++
** PHYSICAL VOLUME names
PHYSICAL VOLUME names [hdisk1 hdisk2]
[hdisk1 hdisk2] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate volume group AUTOMATICALLY
Activate volume group AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-4. Adding a volume group to the system AN123.1

Notes:
The mkvg command
The mkvg command is used to create a volume group. A new volume group must contain
at least one physical volume. The -y option is used to indicate the name for the new volume
group. If this is not specified, a system generated name is used.
It is best not to select a physical partition size as the system will select the best fit
automatically. The default is the smallest physical partition size consistent with the
maximum PP/PV and the largest physical volume in the volume group.
Using SMIT
The volume group MAJOR NUMBER on the SMIT dialog screen is used by the kernel to
access that volume group. This field is most often used for PowerHA where the major
number ideally should be the same for all nodes in the cluster.
Concurrent capable VGs are used for parallel processing applications, whereby the volume
group is read/write accessible to multiple machines at the same time.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Adding a scalable volume group to the system


IBM Power Systems

# smit mkvg mkvg S y db2_vg hdisk3

Add
Add aa Scalable
Scalable Volume
Volume Group
Group

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg]
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes ++
** PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk3]
[hdisk3] ++
Force
Force the
the creation
creation of
of aa volume
volume group?
group? no
no ++
Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY yes
yes ++
at
at system
system restart?
restart?
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#
Create
Create VG Concurrent Capable?
VG Concurrent Capable? no
no ++
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Enable
Enable Strict
Strict Mirror
Mirror Pools
Pools No
No ++
Infinite
Infinite Retry Option
Retry Option no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-5. Adding a scalable volume group to the system AN123.1

Notes:
Additional options for scalable volume groups
There is a separate SMIT panel for adding scalable volume groups. Besides creating a
different format VGDA, the administrator has the option to set the Maximum PPs per VG,
and the Max Logical Volumes for the volume group.
With non-scalable volume groups, LVM allows tuning of the number of physical partitions
for each physical volume through the -t factor. In scalable volume groups, the physical
partitions are managed on a volume group wide basis.
The maximum number of logical volumes was fixed depending upon the type of volume
group. Now, in scalable volume groups, the maximum is tunable.

8-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing volume groups and VG attributes


IBM Power Systems

## lsvg
lsvg
rootvg
rootvg
datavg
datavg
db2_vg
db2_vg

## lsvg
lsvg -o
-o
datavg
datavg
rootvg
rootvg

## lsvg
lsvg rootvg
rootvg

VOLUME
VOLUME GROUP:
GROUP: rootvg
rootvg VG
VG IDENTIFIER:
IDENTIFIER:
00cf2e7f00004c000000011cec07b52e
00cf2e7f00004c000000011cec07b52e
VG
VG STATE:
STATE: active
active PP
PP SIZE:
SIZE: 64
64 megabyte(s)
megabyte(s)
VG PERMISSION:
VG PERMISSION: read/write
read/write TOTAL
TOTAL PPs:
PPs: 130
130 (8320
(8320 megabytes)
megabytes)
MAX
MAX LVs:
LVs: 256
256 FREE
FREE PPs:
PPs: 54
54 (3456
(3456 megabytes)
megabytes)
LVs:
LVs: 11
11 USED
USED PPs:
PPs: 76
76 (4864
(4864 megabytes)
megabytes)
OPEN
OPEN LVs:
LVs: 99 QUORUM:
QUORUM: 22 (Enabled)
(Enabled)
TOTAL
TOTAL PVs:
PVs: 22 VG
VG DESCRIPTORS:
DESCRIPTORS: 33
STALE
STALE PVs:
PVs: 00 STALE
STALE PPs:
PPs: 00
ACTIVE
ACTIVE PVs:
PVs: 22 AUTO
AUTO ON:
ON: yes
yes
MAX
MAX PPs
PPs per
per VG:
VG: 32512
32512
MAX
MAX PPs
PPs per
per PV:
PV: 1016
1016 MAX
MAX PVs:
PVs: 32
32
LTG
LTG size
size (Dynamic):
(Dynamic): 256
256 kilobyte(s)
kilobyte(s) AUTO
AUTO SYNC:
SYNC: no
no
HOT
HOT SPARE:
SPARE: no
no BB
BB POLICY:
POLICY: relocatable
relocatable

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-6. Listing volume groups and VG attributes AN123.1

Notes:
The lsvg command, with no parameters, lists the volume groups in the system. If used with
the o options, all varied on/active volume groups are displayed.
To further list the information about the status and content of a particular volume group, run
lsvg <Volumegroup_name>
The output provides status information about the volume group. The most useful
information here is:
Volume group state (VG STATE - active or inactive/complete if all physical volumes are
active)
Physical partition size
Total number of physical partitions (TOTAL PPs)
Number of free physical partitions (FREE PPs)

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing PVs in a VG and VG contents


IBM Power Systems

## lsvg
lsvg -p
-p rootvg
rootvg
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE TOTAL
TOTAL PPs
PPs FREE
FREE PPs
PPs FREE
FREE DISTRIBUTION
DISTRIBUTION
hdisk0
hdisk0 active
active 99
99 23
23 15..00..00..00..08
15..00..00..00..08
hdisk5
hdisk5 active
active 31
31 31
31 07..06..06..06..06
07..06..06..06..06

## lsvg
lsvg -l-l rootvg
rootvg
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT
POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 11 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-7. Listing PVs in a VG and VG contents AN123.1

Notes:
The lsvg -p Volumegroup command gives information about all of the physical volumes
within the volume group. The information given is:
Physical volume name (PV_NAME)
Physical volume state (PV STATE - active or inactive)
Total number of physical partitions (TOTAL PPs)
Number of free physical partitions (FREE PPs)
How the free space is distributed across the disk (FREE DISTRIBUTION)
Free distribution is the number of physical partitions allocated within each section of the
physical volume: outer edge, outer middle, center, inner middle, and inner edge.
The lsvg -l Volumegroup command gives information about all of the logical volumes
within the volume group. The details given are:
Logical volume name (LVNAME)

8-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Type of logical volume (TYPE, for example, file system, paging)
Number of LPs (LPs)
Number of physical partitions (PPs)
Number of physical volumes (PVs)
Logical volume state (LV STATE)
Mount point (MOUNT POINT), if the logical volume contains a journaled file system

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Change a Volume Group


IBM Power Systems

# smit chvg chvg a n Q n datavg

Change
Change aa Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Activate
Activate volume
volume group
group AUTOMATICALLY
AUTOMATICALLY no
no ++
at system restart?
at system restart?
** AA QUORUM
QUORUM ofof disks
disks required
required to
to keep
keep the
the volume
volume no
no ++
group
group on-line
on-line ??
Convert
Convert this
this VG
VG to
to Concurrent
Concurrent Capable?
Capable? no
no ++
Change
Change to
to big
big VG
VG format?
format? no
no ++
Change
Change to
to scalable
scalable VG
VG format?
format? no
no ++
LTG Size in kbytes
LTG Size in kbytes 256
256 ++
Set
Set hotspare
hotspare characteristics
characteristics nn ++
Set
Set synchronization characteristics
synchronization characteristics of
of stale
stale nn ++
partitions
partitions
Max
Max PPs
PPs per
per VG
VG in
in units
units of
of 1024
1024 32
32 ++
Max Logical Volumes
Max Logical Volumes 256
256 ++
Mirror
Mirror Pool
Pool Strictness
Strictness ++
Infinite
Infinite Retry
Retry Option
Option no
no ++
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-8. Change a Volume Group AN123.1

Notes:
The chvg command changes the characteristics of a volume group. In the example shown
in the visual attributes, Activate volume group AUTOMATICALLY at system restart?
and A QUORUM of disks required to keep the volume group on-line? were set to
No, which causes the following command to run: chvg a n Q n datavg

8-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Extend and reduce a VG


IBM Power Systems

## extendvg
extendvg -f
-f rootvg
rootvg hdisk2
hdisk2
## lsvg
lsvg -p rootvg || awk
-p rootvg awk {print
{print $1,
$1, $2}
$2}
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active
hdisk1
hdisk1 active
active hdisk2
hdisk2
hdisk2 active
active

hdisk0 hdisk1

## reducevg
reducevg -d
-d rootvg
rootvg hdisk1
hdisk1
## lsvg
lsvg -p rootvg || awk
-p rootvg awk {print
{print $1,
$1, $2}
$2}
rootvg:
rootvg:
PV_NAME
PV_NAME PV
PV STATE
STATE
hdisk0
hdisk0 active
active hdisk1
hdisk2
hdisk2 active
active

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-9. Extend and reduce a VG AN123.1

Notes:
Add a physical volume to a volume group
To add a disk to an existing volume group, use the extendvg command or SMIT fastpath
smit extendvg. The disk must be installed in the system or connected to it externally, and
must be powered on.
extendvg formats the disk into physical partitions and then adds them to the physical
partition mapping maintained in the VGDA for the volume group. The space on the new
disk is now available to be allocated to logical volumes in the volume group. If the existing
data in the VGDA on the disk shows that it is part of another volume group, the -f option
forces the addition of the disk to the volume group, without requesting confirmation.
Use this option when adding a disk which has been previously used, but contains data
which is no longer needed.
The syntax for the extendvg command is:
extendvg [-f] Volumegroup hdiskn

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Remove a physical volume from a volume group


The reducevg command is used to remove a physical volume from a volume group. If it is
the last physical volume, the volume group is removed. To remove a disk from the volume
group, first be sure to free up all the storage on the disk by either deleting the logical
volumes or migrating them to some other disk in the volume group. Once there are no
logical volumes, on the disk, you can remove that disk from the volume group by using the
reducevg command or the SMIT fastpath smit reducevg.
The syntax for the reducevg command is:
reducevg [-d] [-f] Volumegroup hdiskn
The -d option deallocates the existing logical volume partitions, and then deletes resultant
empty logical volumes from the specified physical volumes. User confirmation is required
unless the -f flag is added.

8-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Remove a volume group


IBM Power Systems

# smit reducevg2 reducevg -df db2_vg hdisk2 hdisk3

Remove
Remove aa Volume
Volume Group
Group

Type
Type or
or select
select aa value
value for
for the
the entry
entry field.
field.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [db2_vg]
[db2_vg] ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-10. Remove a volume group AN123.1

Notes:
You can use the smit reducevg2 fastpath to remove a volume group. It runs a script which
identifies what physical volumes are in the volume group and then runs the reducevg
command to remove each physical volume until there are no more physical volumes in the
volume group.
The Remove a Volume Group menu does not have a corresponding high-level command.
The correct way to remove a volume group, is to use the Remove a Physical Volume
from a Volume Group option, which calls the reducevg command. This removes the
volume group when you remove the last physical volume within it.
The syntax of the reducevg command is:
reducevg [-d] [-f] VolumeGroup PhysicalVolume

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Activate and Deactivate a Volume Group


IBM Power Systems

# smit varyonvg varyonvg datavg


Activate
Activate aa Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
RESYNCHRONIZE
RESYNCHRONIZE stale
stale physical
physical partitions?
partitions? yes
yes ++
Activate
Activate volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT
MANAGEMENT mode?
mode?
FORCE
FORCE activation
activation ofof the
the volume
volume group?
group? no
no ++
Warning--this
Warning--this may
may cause
cause loss
loss of
of data
data integrity.
integrity.
Varyon
Varyon VG
VG in
in Concurrent
Concurrent Mode?
Mode? no
no ++
Synchronize
Synchronize Logical
Logical Volumes?
Volumes? no
no ++

# smit varyoffvg varyoffvg datavg

Deactivate
Deactivate aa Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++
Put
Put volume group in
volume group in SYSTEM
SYSTEM no
no ++
MANAGEMENT mode?
MANAGEMENT mode?
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-11. Activate and Deactivate a Volume Group AN123.1

Notes:
The varyonvg command
The varyonvg command is used to activate a volume group that is not activated at system
startup, or has been added to the system since startup.
The -f option is used to force a volume group online. It allows a volume group to be made
active that does not currently have a quorum of available disks. Any disk that cannot be
brought to an active state is put in a removed state. At least one disk must be available for
use in the volume group.
The varyoffvg command
The varyoffvg command is used to deactivate a volume group. No logical volumes should
be open when this command is issued. Removing a disk without deactivating the volume
group could cause errors and loss of data in the volume group descriptor areas, and the
logical volumes within that volume group.

8-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Import and Export a Volume Group


IBM Power Systems

# smit importvg importvg y datavg hdisk3


Import
Import aa Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg]
** PHYSICAL
PHYSICAL VOLUME
VOLUME name
name [hdisk3]
[hdisk3] ++
Volume
Volume Group
Group MAJOR
MAJOR NUMBER
NUMBER []
[] +#
+#

# smit exportvg exportvg datavg

Export
Export aa Volume
Volume Group
Group

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name [datavg]
[datavg] ++

Note: The volume group must be inactive before it is exported.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-12. Import and Export a Volume Group AN123.1

Notes:
Exporting a volume group
If you export the volume group from the current system using the exportvg command, this
removes all information about the volume group from the system. This is only local system
(ODM data) operation -- no data in volume group changed. To export a volume group, it
must be inactive first.
Importing a volume group
If you have a volume group on one or more external disks that you want to access on
another system, it must be imported to the system using the importvg command. Never
attempt to import volume group which is active (varied on) on another system.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Logical storage
IBM Power Systems

Physical volumes

1 4 1 4
7 2 3 7 2 3
10 10
8 9 8 9
13 16 13 16
14 15 19 14 15
19 22 22
20 21 25 20 21
25 28 28
26 27 31 26 27
31 34 34
32 33 32 33
35 38 35 38
36 37 41 36 37
41 44 44
42 43 42 43
47 50 47 50
48 49 48 49

Logical Volume Manager

1 2 3 4 1 2 3 4 Logical
partitions
Logical Logical
volume volume
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-13. Logical storage AN123.1

Notes:
Logical volumes
A logical volume is a group of logical partitions which may span physical volumes, as
long as the physical volumes are in the same volume group. A file system resides on
top of a logical volume (LV). A logical volume can be dynamically extended.
Logical partitions
Logical partitions are mapped one-to-one to physical partitions unless they are being
mirrored.

8-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

LVM and RAID support


IBM Power Systems

LVM supports the following three software RAID configurations:


RAID 0, Striping
RAID 1, Mirroring (up to 3 copies)
RAID 10 or 1 + 0, Striping + Mirroring

Striping aides performance, whereas mirroring aides availability.

In todays environment, most data resides in SANs. Disks in a SAN are


generally grouped together into a RAID array and divided into LUNs.
AIX sees LUNs as physical disks.
One should not further deploy AIX RAID configurations on top of H/W (SAN)
RAID configurations.
SAN environments provide greater levels of RAID support (performance and
availability).
LUNs can be increased in size. If so, AIX must know about it:
# chvg -g datavg
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-14. LVM and RAID support AN123.1

Notes:
LVM supports three software RAID configurations:
RAID 0. Striping provides improved performance and additional storage, but no fault
tolerance. Any disk failure destroys the array, which becomes more likely with more
disks in the array. A single disk failure destroys the entire array because when data is
written to a RAID 0 drive, the data is broken into fragments. The fragments are written
to their respective disks simultaneously on the same sector. This allows smaller
sections of the entire chunk of data to be read off the drive in parallel, giving this type of
arrangement huge bandwidth. RAID 0 does not implement error checking so any error
is unrecoverable. More disks in the array means higher bandwidth, but greater risk of
data loss.
RAID 1.Mirroring on AIX provides fault tolerance from disk errors by creating up to three
copies of the data on different drives.
RAID 10 Combines RAID levels 0 + 1. Striping + mirroring provides fault tolerance
along with improved performance.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

LVM options which affect performance


IBM Power Systems

Inter- and intra-policy


Logical volume placement on disk

Scheduling policy
Dictates how data is read/written for mirrored LVs

Mirror write consistency


Ensures mirrored PPs are consistent

Write verify
Verifies all writes with a read operation
Default is no. Generally it is not recommended to set to yes as it will
impact system (write) performance.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-15. LVM options which affect performance AN123.1

Notes:
The visual highlights key LVM options which affect performance.

8-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Mirroring (RAID1)
IBM Power Systems

Mirroring is when a logical partition maps to more than one


physical partition of the same volume group.

hdisk0 fslv00
First copy PP1
PP2 LP1
LP2

hdisk1
Second copy PP1
PP2

hdisk2
Third copy PP1
PP2

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-16. Mirroring (RAID1) AN123.1

Notes:
Mirroring of data over multiple drives protects against a potential hardware failure. The
structure of LVM enables mirroring by manipulating the relationship between the physical
partition and the logical partition. The AIX mirror function does not apply to a physical disk,
only to logical volumes. This is the most important principle to understand for the AIX LVM
mirroring function. In a normal operating environment each physical partition is mapped to
a logical partition. When you mirror data, the ratio becomes one logical partition to two
physical partitions for a two-way mirror. Or, one logical partition to three physical partitions
for a three-way mirror.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mirroring, allocation
IBM Power Systems

When mirroring, it is essential that all PP copies are stored on


different disks.

This setting is controlled by the Allocation policy.


This is also referred to as strictness.

Allocation can be set to:


No: This is not recommended.
Yes (default): This ensures that no LP copies can share the same PV.
Superstrict: Ensures that a given PV does not have a mixture of
primary and secondary copies, in addition to strictness.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-17. Mirroring, allocation AN123.1

Notes:
When mirroring data, it is essential that all PP copies are stored on different disks. The
placement of PP is governed by the allocation policy, which by default is set to strict. Strict
policy ensures that all mirrored copies are placed on different disks. However, under LVM
RAID 0 +1 configurations, strict policy can lead to situations where mirrored copies of the
data are on the same disk. To protect against this, the system will automatically set the
allocation policy to superstrict. Also, using an initial non-mirrored allocation with the
inter-policy set to spread the allocations over multiple disks (the so called poor mans
striping) can result in a non-superstrict situation when mirroring is implemented. When
implementing the LVM snapshot VG, the mirroring must be superstrict.

8-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Striping (RAID 0)
IBM Power Systems

Consecutive stripe units are


created on different physical
1 4 7 LP1 volumes.
1
Stripe hdisk0 2 Striping increases read/write
units 3 sequential throughput by
LP2 4 evenly distributing stripe units
2
5 8 among disks.
5
6
hdisk1 Stripe unit size is specified at
7 the creation time.
8 4 KB to 128 MB
3 6 9
LP3 9
Stream of
data
hdisk2
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-18. Striping (RAID 0) AN123.1

Notes:
Striping
Striping is a technique for spreading the data in a logical volume across several disks, so
that the I/O capacity of the disk drives can be used in parallel, so to access data on the
logical volume.
Striping is designed to increase the read/write performance of frequently accessed, large
sequential files. Striping can also be used to distribute data evenly across a set of disks, so
that random I/O can be scattered across many drives simultaneously. In non-striped logical
volumes, data is accessed using addresses to data blocks within physical partitions. In a
striped logical volume, data is accessed using addresses to stripe units.
Stripe size
The size of the stripe unit is specified at creation time. The stripe size can range from 4 KB
-128 MB in powers of two.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Constraints
There are some constraints imposed by implementing striping:
The number of physical partitions allocated to a striped logical volume must evenly
distributable among the disks.
At least two physical volumes are required
Performance considerations
There are some considerations in configuring striping for performance:
Use as many adapters as possible. For example, if multiple disks in the stripe width are
on the same storage adapter, a read/write of a stripe is not able to read/write the stripe
units in parallel.
Design to avoid contention with other uses of the disks used by the striped logical
volume.
Create on a volume group dedicated to striped logical volumes.
It is not a good idea to mix striped and non-striped logical volumes in the same physical
volume. Physical volumes should ideally be the same size within the set used for a striped
logical volume. Just because a logical volume is striped, it does not mean that the file's
data blocks are going to be perfectly aligned with the stripe units. Therefore, if a file block
crosses a stripe boundary, the block gets split into multiple LVM I/Os.

8-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Striping and mirroring (RAID 10 or 1+0)


IBM Power Systems

1 3 5 1 3 5 1
2
hdisk2 hdisk0 3
4
2
5
2 4 6 4 6
6
Stream of
hdisk3 hdisk1 data

Meets performance and high availability requirements


More expensive (requires more disks, minimum four)
Mirroring allocation automatically set to superstrict

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-19. Striping and mirroring (RAID 10 or 1+0) AN123.1

Notes:
RAID 10 meets performance and high availability requirements by mirroring strip sets to
different disks. However, this comes at a cost as more disks are required (minimum 4).

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mirror pools
IBM Power Systems

Mirror pools simplify the task of isolating a logical volume


copy to a specific group of physical volumes.

hdisk0
PP1
First copy PP3
on PoolA
hdisk1 lv00
PP2
PoolB hdisk PP4 LP1
should be on LP2
remote storage LP3
server!
hdisk2 LP4
PP1
PP3
Second copy
on PoolB hdisk3
PP2
PP4

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-20. Mirror pools AN123.1

Notes:
This visual shows an example of RAID 10, a combination of RAID 1 + 0 Mirroring of data
over multiple drives that protects against a potential hardware failure. Copies of LP1 are on
hdisk0 and hdisk2, and copies of LP2 are on hdisk1 and hdisk3. Physically, hdisk0/hdisk1
and hdisk2/hdisk3 are placed on different SAN storage servers. Now, lets imagine that
lv00 is placed to more than four hdisks and we need to be sure that all copies are placed on
different storage servers. Also consider that we need to increase the size of lv00 and that
we are required to attach more hdisks to our system. Proper PP distribution is not an easy
task in this situation.
Mirror pools simplify the task of mirroring data over multiple drives.
Mirror pool requirements and restrictions:
A mirror pool is made up of one or more physical volumes (hdisk).
Each physical volume can only belong to one mirror pool.
Mirror pools are only available for scalable volume groups.
rootvg cannot be assigned to mirror pools (rootvg cannot be a scalable volume group).

8-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Mirror pools are available in AIX 7.1 and AIX V6.1 TL 2 and up.
After assigning PVs (physical volumes) to a mirror pool, the volume group can no longer
be imported to a previous version of AIX that does not support mirror pools.
Any changes to mirror pool characteristics will not affect partitions allocated before the
changes were made. The reorgvg command should be used after mirror pool changes
are made to move the allocated partitions to conform to the mirror pool restrictions.
No additional commands for mirror pools have been added to AIX. Instead, the existing AIX
LVM commands have been extended to incorporate the mirror pool functionality. Following
are some examples of mirror pool enhanced AIX LVM commands.
To create a mirror pool with the defined list of disk (disks should be part of a vg):
# chpv p <mirror_pool_name> <hdisk list>
To create a logical volume in the given mirror pools:
# mklv -c 2 -p copy1=PoolA -p copy2=PoolB datavg 10
To list mirror pools defined in volume group:
# lsmp datavg

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Logical volume placement


IBM Power Systems

Intra-physical volume allocation policy


Middle Inner-edge

Center Inner-middle

Edge

Inter-physical volume allocation policy


Minimum (default)
1 LV copy: One (or minimum) PV should contain all PPs
2 or 3 LV copies: Use as many PVs as copies, keeping PV usage down to
a minimum.
Maximum
PPs should be spread over as many PVs as possible.
Note: These settings have little effect when used in SAN environments, whereby
LUNs are in RAID configurations.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-21. Logical volume placement AN123.1

Notes:
Introduction
When creating or changing a logical volume you can define the way the Logical Volume
Manager decides which physical partitions to allocate to the logical volume. This affects
the performance of the logical volume.
Intra-physical volume allocation policy
The intra-disk allocation policy choices, are based on the five regions of a disk where
physical partitions can be located. The closer a given physical partition is to the center
of a physical volume, the lower the average seek time is because the center has the
shortest average seek distance from any other part of the disk. The file system log is a
good candidate for allocation at the center of a physical volume, because it is so
frequently used by the operating system. At the other extreme, the boot logical volume
is used infrequently, and is therefore allocated at the edge or middle of the physical
volume. The general rule is that the more I/Os, either absolutely or during the running of
an important application, the closer to the center of the physical volumes the physical
partitions of the logical volume need to be allocated.

8-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Inter-physical volume allocation policy


If the minimum inter-disk setting is selected, the physical partitions assigned to the
logical volume are located on a single disk to enhance availability. If you select the
maximum inter-disk setting (range = maximum), the physical partitions are located on
multiple disks to enhance performance.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mirroring scheduling policy


IBM Power Systems

Scheduling policies when mirroring:

Parallel (default)
Write operations on different physical partitions start at the same time.
When the longest write finishes, the write operation is complete.
Improves performance (especially RAID-Performance)
Parallel write/sequential read
> Primary copy is read first, I f unsuccessful, the next copy is used.
Parallel write/round robin read
> Round-robin reads alternate disks between copies.

Sequential
Second physical write operation is not started unless the first operation has
completed successfully.
In case of a total disk failure, there is always a good copy.
Increased availability, but decreases performance

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-22. Mirroring scheduling policy AN123.1

Notes:
Scheduling policies
The scheduling policy determines how reads and writes are conducted to a mirrored
logical volume. LVM offers several scheduling policies for mirrored volumes to control
how data is written and read from the copies.
Sequential write
Sequential mirroring writes to multiple copies or mirrors in order. The multiple physical
partitions representing the mirrored copies of a single logical partition are designated
primary, secondary, and tertiary. In sequential scheduling, the physical partitions are
written to in sequence. The system waits for the write operation for one physical
partition to complete, before starting the write operation for the next one. When all write
operations have been completed for all mirrors, the write operation is complete.
Parallel write

8-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Parallel mirroring simultaneously starts the write operation for all the physical partitions
in a logical partition. When the write operation to the physical partition that takes the
longest to complete finishes, the write operation is completed.
Sequential read
When a sequential read is specified, the primary copy of the read is always read first. If
that read operation is unsuccessful, the next copy is read. During the read retry
operation on the next copy, the failed primary copy is corrected by LVM with a hardware
relocation. This patches the bad block for future access.
Parallel read
On each read, the system checks whether the primary is busy. If it is not busy, the read
is initiated on the primary. If the primary is busy, the system checks the secondary, and
then the tertiary. If those are also busy, the read is initiated in the copy with the least
number of outstanding I/Os.
Round-robin read
Round-robin reads alternate between copies. This results in equal utilization for reads,
even when there is more than one I/O outstanding.
Which is right for me?
Each of the scheduling policies provide benefits, as well as drawbacks. When deciding
on a method of mirroring, you need to take into consideration how critical the data is,
and performance. The trade off is performance, versus availability. In general, a
mirrored logical volume is slower than an unmirrored logical volume, because you have
to write the data in two or three places. The exception can be a mirrored LV in a
high-read environment. If your application does mostly reads, and you are using parallel
or parallel/round robin scheduling, reads may complete faster because the I/Os are
spread across multiple disks, which can occur simultaneously if the disks are on
separate controllers. One of the parallel scheduling policies usually provides the best
performance in a write intensive environment, because writes can proceed in parallel.
However, there is some additional overhead, and mirrored logical volumes are usually
slower than comparable unmirrored logical volumes in a write intensive environment.
Sequential scheduling provides the worst performance, but provides the best chance of
recovering data in the event of a system crash in the middle of a write operation.
Sequential scheduling makes it more likely that you have at least one good copy, the
primary copy, of a logical partition after a crash.
Synchronization
When turning on mirroring for an existing logical volume, the copies have to be
synchronized so the new copy contains a perfect image of the existing copy, at that
point in time. This can be done by using the -k option on the mklvcopy command at the
time mirroring is turned on, or with the syncvg command at a later time. Until the copies
are synchronized, the new copy is marked stale.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mirror write consistency


IBM Power Systems

Problem: If the system crashes before the write to all mirrors


is complete, the mirrors are in an inconsistent state, and the
system must distinguish between the old copy and the new
copy.

Solution: Mirror write consistency


Ensures PPs are consistent after reboot
Three modes: off, active, and passive
Active (default)
Uses a cache on disk
The physical write operation proceeds when the cache has been updated.
Passive. (Big VGs only)
Logging of LV updates, but does not log writes
If the system crashes on reboot, a forced synchronization of the LVs takes
place.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-23. Mirror write consistency AN123.1

Notes:
The LVM always ensures data consistency among mirrored copies of a logical volume
during normal I/O processing.
For every write to a logical volume, the LVM generates a write request for every mirror
copy. A problem arises if the system crashes in the middle of processing a mirrored write,
and before all copies are written. If mirror write consistency recovery is requested for a
logical volume, the LVM keeps additional information to allow recovery of these
inconsistent mirrors. Mirror write consistency recovery should be performed for most
mirrored logical volumes. Logical volumes, such as the page space that do not use the
existing data when the volume group is re-varied on, do not need this protection.
The Mirror Write Consistency (MWC) record consists of one sector. It identifies which
logical partitions may be inconsistent if the system is not shut down correctly. When the
volume group is varied back online, this information is used to make the logical partitions
consistent again. Note: With Mirror Write Consistency LVs, because the MWC control
sector is on the edge of the disk, performance may be improved if the mirrored logical
volume is also on the edge.

8-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Beginning in AIX 5L, a mirror write consistency option called Passive Mirror Write
Consistency is available. The default mechanism for ensuring mirror write consistency is
Active MWC. Active MWC provides fast recovery at reboot time after a crash has occurred.
However, this benefit comes at the expense of write performance degradation, particularly
in the case of random writes. Disabling Active MWC eliminates this write-performance
penalty, but upon reboot after a crash, you must use the syncvg -f command to manually
synchronize the entire volume group, before users can access the volume group. To
achieve this, automatic vary-on of volume groups must be disabled.
Enabling Passive MWC not only eliminates the write-performance penalty associated with
Active MWC, but logical volumes will be automatically resynchronized as the partitions are
being accessed. This means that the administrator does not have to synchronize logical
volumes manually or disable automatic vary-on. The disadvantage of Passive MWC is that
slower read operations may occur, until all the partitions have been resynchronized.
You can select either mirror write consistency option within SMIT, when creating or
changing a logical volume. The selection option takes effect only when the logical volume
is mirrored (copies > 1).

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SMIT Logical Volumes menu


IBM Power Systems

# smit lv
Logical
Logical Volumes
Volumes

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

List
List All
All Logical
Logical Volumes
Volumes byby Volume
Volume Group
Group
Add a Logical Volume
Add a Logical Volume
Set
Set Characteristic
Characteristic of
of aa Logical
Logical Volume
Volume
Show
Show Characteristics
Characteristics of
of aa Logical
Logical Volume
Volume
Remove
Remove aa Logical
Logical Volume
Volume
Copy
Copy aa Logical
Logical Volume
Volume

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-24. SMIT Logical Volumes menu AN123.1

Notes:
This is the top-level SMIT menu for logical volumes. The next few pages discuss these
items.

8-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Add a Logical Volume


IBM Power Systems
mklv y datalv t jfs2 c 2 \
# smit mklv datavg 10 hdisk2 hdisk3
Add
Add aa Logical
Logical Volume
Volume

[Entry
[Entry Fields]
Fields]
Logical
Logical volume
volume NAME
NAME [datalv]
[datalv]
** VOLUME
VOLUME GROUP
GROUP name
name datavg
datavg
** Number
Number of LOGICAL PARTITIONS
of LOGICAL PARTITIONS [100]
[100] ##
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk2
[hdisk2 hdisk3]
hdisk3] ++
Logical volume TYPE
Logical volume TYPE [jfs2]
[jfs2] ++
POSITION
POSITION onon physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER of PHYSICAL VOLUMES
NUMBER of PHYSICAL VOLUMES []
[] ##
to
to use
use for
for allocation
allocation
Number of COPIES of each logical
Number of COPIES of each logical 22 ++
partition
partition
Mirror
Mirror Write
Write Consistency?
Consistency? active
active ++
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on a SEPARATE physical
a SEPARATE physical volume?
volume?
RELOCATE the logical volume
RELOCATE the logical volume duringduring yes
yes ++
reorganization?
reorganization?
Logical
Logical volume
volume LABEL
LABEL []
[]
MAXIMUM
MAXIMUM NUMBER
NUMBER ofof LOGICAL
LOGICAL PARTITIONS
PARTITIONS [512]
[512] ##
Enable
Enable BAD BLOCK relocation?
BAD BLOCK relocation? yes
yes ++
SCHEDULING POLICY for writing/reading
SCHEDULING POLICY for writing/reading parallel
parallel ++
logical
logical partition
partition copies
copies
Enable
Enable WRITE
WRITE VERIFY?
VERIFY? no
no ++
File
File containing ALLOCATION MAP
containing ALLOCATION MAP []
[]
Stripe
Stripe Size?
Size? [Not
[Not Striped]
Striped] ++
Serialize IO?
Serialize IO? no
no ++
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy ++
Mirror Pool for Third
Mirror Pool for Third Copy Copy ++
Infinite Retry Option
Infinite Retry Option no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-25. Add a Logical Volume AN123.1

Notes:
The mklv command creates a logical volume. The name of the logical volume can be
specified or a system-generated name is used. The volume group the logical volume
belongs to, and the size (in logical partitions, must be specified. Other characteristics that
can be set are, the allocation policy, copies (mirroring), scheduling policy, and striping.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Show LV characteristics (1 of 2)
IBM Power Systems

## lslv
lslv datalv
datalv
LOGICAL
LOGICAL VOLUME:
VOLUME: datalv
datalv VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
LV
LV IDENTIFIER:
IDENTIFIER: 00cf2e7f00004c000000011d68130bea.1
00cf2e7f00004c000000011d68130bea.1
PERMISSION:
PERMISSION: read/write
read/write
VG
VG STATE:
STATE: active/complete
active/complete LV
LV STATE:
STATE: closed/syncd
closed/syncd
TYPE:
TYPE: jfs2
jfs2 WRITE
WRITE VERIFY:
VERIFY: off
off
MAX
MAX LPs:
LPs: 512
512 PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s)
COPIES:
COPIES: 22 SCHED
SCHED POLICY:
POLICY: parallel
parallel
LPs:
LPs: 10
10 PPs:
PPs: 20
20
STALE
STALE PPs:
PPs: 00 BB
BB POLICY:
POLICY: relocatable
relocatable
INTER-POLICY:
INTER-POLICY: minimum
minimum RELOCATABLE:
RELOCATABLE: yes
yes
INTRA-POLICY:
INTRA-POLICY: middle
middle UPPER
UPPER BOUND:
BOUND: 11
MOUNT
MOUNT POINT:
POINT: N/A
N/A LABEL:
LABEL: None
None
MIRROR
MIRROR WRITE
WRITE CONSISTENCY:
CONSISTENCY: on/ACTIVE
on/ACTIVE
EACH
EACH LPLP COPY
COPY ON
ON AA SEPARATE
SEPARATE PV
PV ?:
?: yes
yes (superstrict)
(superstrict)
Serialize
Serialize IO IO ?:
?: NO
NO
INFINITE
INFINITE RETRY:
RETRY: no
no
DEVICESUBTYPE:
DEVICESUBTYPE: DS_LVZ
DS_LVZ
COPY
COPY 11 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 22 MIRROR
MIRROR POOL:
POOL: None
None
COPY
COPY 33 MIRROR
MIRROR POOL:
POOL: None
None

## lslv
lslv -l
-l datalv
datalv
datalv:N/A
datalv:N/A
PV
PV COPIES
COPIES IN
IN BAND
BAND DISTRIBUTION
DISTRIBUTION
hdisk2
hdisk2 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
hdisk3
hdisk3 010:000:000
010:000:000 100%
100% 000:010:000:000:000
000:010:000:000:000
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-26. Show LV characteristics (1 of 2) AN123.1

Notes:
To list the characteristics of a logical volume use the command: lslv
<logicalvolume_name>
The l flag lists the following fields for each physical volume in the logical volume:
PV: Physical volume name.
Copies:
- The number of LPARs containing at least one physical partition (no copies) on the
PV
- The number of LPARs containing at least two physical partitions (one copy) on the
PV
- The number of LPARs containing three physical partitions (two copies) on the PV
In band: The percentage of physical partitions on the physical volume that belong to the
logical volume, and were allocated within the physical volume region specified by
Intra-physical allocation policy
Distribution: The number of physical partitions allocated within each section of the PV:
outer edge, outer middle, center, inner middle, and inner edge of the PV.

8-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Show LV characteristics (2 of 2)
IBM Power Systems

Show LP to PP relationship on disks


## lslv
lslv -m
-m datalv
datalv
datalv:N/A
datalv:N/A
LP
LP PP1
PP1 PV1
PV1 PP2
PP2 PV2
PV2 PP3
PP3 PV3
PV3
0001
0001 0104 hdisk2
0104 hdisk2 0104
0104 hdisk3
hdisk3
0002
0002 0105
0105 hdisk2
hdisk2 0105
0105 hdisk3
hdisk3
0003
0003 0106
0106 hdisk2
hdisk2 0106
0106 hdisk3
hdisk3
0004
0004 0107
0107 hdisk2
hdisk2 0107
0107 hdisk3
hdisk3
0005
0005 0108
0108 hdisk2
hdisk2 0108
0108 hdisk3
hdisk3
0006
0006 0109
0109 hdisk2
hdisk2 0109
0109 hdisk3
hdisk3
0007
0007 0110
0110 hdisk2
hdisk2 0110
0110 hdisk3
hdisk3
0008
0008 0111
0111 hdisk2
hdisk2 0111
0111 hdisk3
hdisk3
0009 0112 hdisk2
0009 0112 hdisk2 0112
0112 hdisk3
hdisk3
0010
0010 0113
0113 hdisk2
hdisk2 0113
0113 hdisk3
hdisk3

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-27. Show LV characteristics (2 of 2) AN123.1

Notes:
The lslv m flag shows the LP to PP relationship. The example in the visual, shows LP
number 1 for datalv, is mapped to physical partition number 104 on hdisk2, and is also
mirrored to the same physical partition number on hdisk3.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Reorganize logical volumes in a volume group


IBM Power Systems

reorgvg moves physical partition allocations for logical


volumes to more closely match the policies of those LVs.
hdisk3 hdisk4
datavg

1 2 3 4
empty
5 6 7 8

# chlv e x mylv (set to maximum number of disks)


# reorgvg datavg mylv
hdisk3 hdisk4
datavg

1 3 5 7 2 4 6 8

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-28. Reorganize logical volumes in a volume group AN123.1

Notes:
Reorganizing a volume group
If the intra-physical volume allocation policy (location on disk: center, middle, edge, inner
edge, and inner middle) is changed after the logical volume is created, the physical
partition does not relocate automatically. The reorgvg command is used to redistribute the
physical partitions of the logical volumes of a volume group according to their preferred
allocation policies. This should improve disk performance. Preference is given in the order
listed on the command line.
reorgvg syntax
The syntax is: reorgvg Volumegroup [LogicalVolume]
For example: reorgvg rootvg hd4 hd5
Using SMIT, no other arguments can be supplied. The entire volume group is reorganized.

8-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Add Copies to a Logical Volume


IBM Power Systems

# smit mklvcopy mklvcopy -k datalv 3 hdisk4

Add
Add Copies
Copies to
to aa Logical
Logical Volume
Volume

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** NEW
NEW TOTAL
TOTAL number
number of
of logical
logical partition
partition 33 ++
copies
copies
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk4]
[hdisk4] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to
to use
use for
for allocation
allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]
SYNCHRONIZE
SYNCHRONIZE the
the data
data in
in the
the new
new yes
yes ++
logical
logical partition
partition copies?
copies?
Mirror
Mirror Pool
Pool for
for First
First Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Second
Second Copy
Copy []
[] ++
Mirror
Mirror Pool
Pool for
for Third
Third Copy
Copy []
[] ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-29. Add Copies to a Logical Volume AN123.1

Notes:
Adding a copy of a logical volume
The mklvcopy command is used to add up to three copies to a logical volume. Specify
the logical volume to change and the total number of copies wanted. This only
succeeds if there are enough physical partitions to satisfy the requirements on the
physical volumes that are specified to be used. That is, if all copies are to be on
different physical volumes. Once a logical volume has been created, striping cannot be
imposed or removed.
Synchronizing a mirrored logical volume
Also, in order for the copies to match, the logical volume has to be synchronized using
the syncvg command. This can be done with the -k option when the copy is originally
started. It can be done later, using the syncvg command.
Removing a copy of a logical volume
The rmlvcopy command is used to reduce the total number of copies for a logical
volume. Specify the total number wanted. For example, two if you are reducing the
number of copies from three to two. The rmlvcopy command allows you to specify
which disk to remove the copy from.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Increase the Size of a Logical Volume


IBM Power Systems

# smit extendlv extendlv datalv 20

Increase
Increase the
the Size
Size of
of aa Logical
Logical Volume
Volume

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name datalv
datalv
** Number
Number of
of ADDITIONAL
ADDITIONAL logical
logical partitions
partitions [20]
[20] ##
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
POSITION
POSITION on
on physical
physical volume
volume middle
middle ++
RANGE
RANGE of
of physical
physical volumes
volumes minimum
minimum ++
MAXIMUM
MAXIMUM NUMBER
NUMBER of
of PHYSICAL
PHYSICAL VOLUMES
VOLUMES [1]
[1] ##
to use for allocation
to use for allocation
Allocate
Allocate each
each logical
logical partition
partition copy
copy yes
yes ++
on
on aa SEPARATE
SEPARATE physical
physical volume?
volume?
File
File containing
containing ALLOCATION
ALLOCATION MAP
MAP []
[]

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-30. Increase the Size of a Logical Volume AN123.1

Notes:
The extendlv command increases the number of logical partitions allocated to the
LogicalVolume, by allocating the number of additional logical partitions represented by the
Partitions parameter. The LogicalVolume parameter can be a logical volume name or a
logical volume ID. To limit the allocation to specific physical volumes, use the names of one
or more physical volumes in the PhysicalVolume parameter. Otherwise, all the physical
volumes in a volume group are available for allocating new physical partitions.
The default maximum number of partitions for a logical volume is 512. Before extending a
logical volume to more than 512 logical partitions, use the chlv command to increase the
default value.
The default allocation policy is to use a minimum number of physical volumes per logical
volume copy, to place the physical partitions belonging to a copy as contiguously as
possible, and then to place the physical partitions in the requested region specified by the
-a flag. Also by default, each copy of a logical partition is placed on a separate physical
volume.

8-38 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Remove a Logical Volume


IBM Power Systems

# smit rmlv rmlv f datalv2

Remove
Remove aa Logical
Logical Volume
Volume

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
LOGICAL
LOGICAL VOLUME
VOLUME name
name [datalv2]
[datalv2] ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-31. Remove a Logical Volume AN123.1

Notes:
The rmlv command removes logical volumes, and in the process, destroys all data.
The LogicalVolume parameter can be a logical volume name or logical volume ID. The
logical volume first must be closed. If the volume group is varied on in concurrent mode,
the logical volume must be closed on all the concurrent nodes on which the volume group
is varied on. For example, if the logical volume contains a file system, it must be
unmounted. However, removing the logical volume does not notify the operating system
that the file system residing on it has been destroyed.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

List all logical volumes by volume group


IBM Power Systems

## lsvg
lsvg -o
-o || lsvg
lsvg -i
-i l
l

datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
datalv
datalv jfs2
jfs2 30
30 90
90 33 closed/syncd
closed/syncd N/A
N/A
rootvg:
rootvg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
hd5
hd5 boot
boot 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd6
hd6 paging
paging 88 88 11 open/syncd
open/syncd N/A
N/A
hd8
hd8 jfslog
jfslog 11 11 11 open/syncd
open/syncd N/A
N/A
hd4
hd4 jfs
jfs 15
15 15
15 11 open/syncd
open/syncd //
hd2
hd2 jfs
jfs 35
35 35
35 11 open/syncd
open/syncd /usr
/usr
hd9var
hd9var jfs
jfs 55 55 11 open/syncd
open/syncd /var
/var
hd3
hd3 jfs
jfs 33 33 11 open/syncd
open/syncd /tmp
/tmp
hd1
hd1 jfs
jfs 11 11 11 open/syncd
open/syncd /home
/home
hd10opt
hd10opt jfs
jfs 44 44 11 open/syncd
open/syncd /opt
/opt
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd
closed/syncd N/A
N/A
hd11admin
hd11admin jfs
jfs 22 22 11 open/syncd
open/syncd /admin
/admin
fslv00
fslv00 jfs2
jfs2 22 22 11 closed/syncd
closed/syncd /db2
/db2

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-32. List all logical volumes by volume group AN123.1

Notes:
From the smit lv fastpath, the List all Logical Volumes by Volume Group option uses lsvg
-o to find out the active volume groups, and then lsvg -il to list the logical volumes within
them. The -i option of lsvg reads the list of volume groups from standard input.

8-40 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Mirroring volume groups


IBM Power Systems

Mirroring rootvg is very important.


# smit mirrorvg mirrorvg rootvg hdisk1
Mirror Can be used
Mirror aa Volume
Volume Group
Group
to mirror
any VG
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making
Enter AFTER making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** VOLUME
VOLUME GROUP
GROUP name
name rootvg
rootvg
Mirror
Mirror sync
sync mode
mode [Foreground]
[Foreground] ++
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names [hdisk1]
[hdisk1] ++
Number
Number of
of COPIES
COPIES of
of each
each logical
logical 22 ++
partition
partition
Keep
Keep Quorum
Quorum Checking
Checking On?
On? no
no ++
Create Exact LV Mapping?
Create Exact LV Mapping? no
no ++

## bosboot
bosboot -a
-a -d
-d /dev/hdisk1
/dev/hdisk1
Additional
## bootlist
bootlist -m
-m normal
normal hdisk0
hdisk0 hdisk1
hdisk1 steps
required for
## shutdown rootvg
shutdown Fr
Fr (not
(not required
required with
with AIX6
AIX6 and
and later)
later)
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-33. Mirroring volume groups AN123.1

Notes:
The mirrorvg command takes all the logical volumes on a given volume group and mirrors
those logical volumes. This same functionality may also be accomplished manually if you
execute the mklvcopy command for each individual logical volume in a volume group. As
with mklvcopy, the target physical drives to be mirrored with data, must already be
members of the volume group.
When mirrorvg is executed, the default behavior of the command requires that the
synchronization of the mirrors must complete before the command returns to the user. If
you wish to avoid the delay, use the S (background Sync) or -s (disable sync) option. The
default value of two copies is always used.
If there are only two disks in the volume group to be mirrored, Keep Quorum Checking On
should be set to no. Otherwise, if a disk fails, the entire volume group would go offline.
Protecting rootvg on AIX from disk failure is important. Mirroring the data is one way to
achieve this. When mirroring rootvg there are additional steps to perform:
Create a boot image on the mirrored disk, using bosboot command.
Add the newly mirrored disk to the bootlist.
Shut down and reboot the system.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Physical volumes
IBM Power Systems

PV1 Volume group PV2

1 1 4
4
2 2 3
7 3 7 10
10 8
8 9 9
13 13 16
16 14
14 15 19 15
19 22 22
20 20 21
25 21 25 28
28 26 27
26 27 31
31 34 34
32 32 33
35 33 35
38 38
36 36 37
41 37 41 44
44 42 43
42 43 47
47 50 50
48 49 48 49

Physical partitions
Physical volume (PV)
Hard disk, a virtual disk or a LUN
Physical partition (PP)
Smallest assignable unit of allocation on a physical disk
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-34. Physical volumes AN123.1

Notes:
A physical partition is a fixed size, contiguous set of bytes, on a physical volume (PV).
Physical partitions (PP) must be the same size across an entire volume group. However,
there may be multiple volume groups on a single system, each with a different PP size.
The limitations for each type of volume group (original, big, and scalable) such as the
number of physical volumes and size of the physical partitions, was given in the last unit,
System Storage Overview.

8-42 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

SMIT Physical Volumes menu


IBM Power Systems

# smit pv
Physical
Physical Volumes
Volumes

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

List
List All
All Physical
Physical Volumes
Volumes in
in System
System
Add a Disk
Add a Disk
Change
Change Characteristics
Characteristics of
of aa Physical
Physical Volume
Volume
List
List Contents
Contents of
of aa Physical
Physical Volume
Volume
Move
Move Contents
Contents of
of aa Physical
Physical Volume
Volume

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-35. SMIT Physical Volumes menu AN123.1

Notes:
This is the top-level menu for physical volume. Each of these items is discussed in the
following pages.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

List physical volume information


IBM Power Systems

List all physical volumes in the system.


## lspv
lspv
hdisk0
hdisk0 00cf2e7ff02c5fc4
00cf2e7ff02c5fc4 rootvg
rootvg active
active
hdisk1
hdisk1 00cf2e7f713ca357
00cf2e7f713ca357 None
None
hdisk2
hdisk2 00cf2e7fea693331
00cf2e7fea693331 datavg
datavg active
active
hdisk3
hdisk3 00cf2e7fea6a26e0
00cf2e7fea6a26e0 datavg
datavg active
active
hdisk4
hdisk4 00cf2e7fea6a318
00cf2e7fea6a318 datavg
datavg active
active

List the attributes of a PV.


## lspv
lspv hdisk3
hdisk3
PHYSICAL
PHYSICAL VOLUME:
VOLUME: hdisk3
hdisk3 VOLUME
VOLUME GROUP:
GROUP: datavg
datavg
PV
PV IDENTIFIER:
IDENTIFIER: 00cf2e7fea6a26e0
00cf2e7fea6a26e0
VG
VG IDENTIFIER
IDENTIFIER 00cf2e7f00004c000000011d68130bea
00cf2e7f00004c000000011d68130bea
PV
PV STATE:
STATE: active
active
STALE
STALE PARTITIONS:
PARTITIONS: 00 ALLOCATABLE:
ALLOCATABLE: yes
yes
PP
PP SIZE:
SIZE: 44 megabyte(s)
megabyte(s) LOGICAL
LOGICAL VOLUMES:
VOLUMES: 11
TOTAL
TOTAL PPs:
PPs: 511
511 (2044
(2044 megabytes)
megabytes) VG
VG DESCRIPTORS:
DESCRIPTORS: 11
FREE
FREE PPs:
PPs: 481
481 (1924
(1924 megabytes)
megabytes) HOT
HOT SPARE:
SPARE: no
no
USED
USED PPs:
PPs: 30
30 (120
(120 megabytes)
megabytes) MAX
MAX REQUEST:
REQUEST: 256K
256K
FREE
FREE DISTRIBUTION:
DISTRIBUTION: 103..72..102..102..102
103..72..102..102..102
USED
USED DISTRIBUTION:
DISTRIBUTION: 00..30..00..00..00
00..30..00..00..00
MIRROR
MIRROR POOL:
POOL: None
None
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-36. List physical volume information AN123.1

Notes:
From the smit pv fastpath, the List all Physical Volumes in System option uses the
undocumented command lspv | /usr/bin/awk {print$1}'' list the physical volumes in
the system.
The lspv command with no parameters can be used to list the physical volume name,
physical volume identifier, and volume group for all physical volumes in the system.
The lspv pvname command gives status information about the physical volume. The most
useful information here is:
State (active or inactive)
Number of physical partition copies that are stale (are not up to date with other copies)
Total number of physical partitions
Number of free physical partitions
Distribution of free space on the physical volume

8-44 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

List logical volumes on a physical volume


IBM Power Systems

## lspv
lspv -l-l hdisk0
hdisk0
hdisk0:
hdisk0:
LV
LV NAME
NAME LPs
LPs PPs
PPs DISTRIBUTION
DISTRIBUTION MOUNT
MOUNT POINT
POINT
hd2
hd2 35
35 35
35 00..00..03..20..12
00..00..03..20..12 /usr
/usr
hd9var
hd9var 55 55 00..05..00..00..00
00..05..00..00..00 /var
/var
hd8
hd8 11 11 00..00..01..00..00
00..00..01..00..00 N/A
N/A
hd4
hd4 15
15 15
15 00..00..15..00..00
00..00..15..00..00 //
hd5
hd5 11 11 01..00..00..00..00
01..00..00..00..00 N/A
N/A
hd6
hd6 88 88 00..08..00..00..00
00..08..00..00..00 N/A
N/A
hd10opt
hd10opt 44 44 04..00..00..00..00
04..00..00..00..00 /opt
/opt
hd3
hd3 33 33 00..03..00..00..00
00..03..00..00..00 /tmp
/tmp
hd1
hd1 11 11 00..01..00..00..00
00..01..00..00..00 /home
/home
hd11admin
hd11admin 22 22 00..02..00..00..00
00..02..00..00..00 /admin
/admin
fslv00
fslv00 22 22 02..00..00..00..00
02..00..00..00..00 /db2
/db2
loglv00
loglv00 11 11 00..01..00..00..00
00..01..00..00..00 N/A
N/A

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-37. List logical volumes on a physical volume AN123.1

Notes:
The lspv -l pvname command lists all the logical volumes on a physical volume including
the number of logical partitions, physical partitions, and distributions on the disk.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

List a physical volume partition map


IBM Power Systems

## lspv
lspv -p
-p hdisk0
hdisk0
hdisk0:
hdisk0:
PP
PP RANGE
RANGE STATE
STATE REGION
REGION LV
LV NAME
NAME TYPE
TYPE MOUNT
MOUNT
POINT
POINT
1-1
1-1 used
used outer
outer edge
edge hd5
hd5 boot
boot N/A
N/A
2-14
2-14 free
free outer
outer edge
edge
15-16
15-16 used
used outer
outer edge
edge fslv00
fslv00 jfs2
jfs2 /db2
/db2
17-20
17-20 used
used outer
outer edge
edge hd10opt
hd10opt jfs2
jfs2 /opt
/opt
21-28
21-28 used
used outer
outer middle
middle hd6
hd6 paging
paging N/A
N/A
29-29
29-29 used
used outer
outer middle
middle loglv00
loglv00 jfs2log
jfs2log N/A
N/A
30-31
30-31 used
used outer
outer middle
middle hd11admin
hd11admin jfs2
jfs2 /admin
/admin
32-32
32-32 used
used outer
outer middle
middle hd1
hd1 jfs2
jfs2 /home
/home
33-35
33-35 used
used outer
outer middle
middle hd3
hd3 jfs2
jfs2 /tmp
/tmp
36-40
36-40 used
used outer middle
outer middle hd9var
hd9var jfs2
jfs2 /var
/var
41-41
41-41 used
used center
center hd8
hd8 jfslog
jfslog N/A
N/A
42-56
42-56 used
used center
center hd4
hd4 jfs2
jfs2 //
57-59
57-59 used
used center
center hd2
hd2 jfs2
jfs2 /usr
/usr
60-79
60-79 used
used inner
inner middle
middle hd2
hd2 jfs2
jfs2 /usr
/usr
80-91
80-91 used
used inner
inner edge
edge hd2
hd2 jfs2
jfs2 /usr
/usr
92-99
92-99 free
free inner
inner edge
edge

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-38. List a physical volume partition map AN123.1

Notes:
The lspv -p pvname command lists all the logical volumes on a disk, and the physical
partitions to which its logical partitions are mapped. It is listed in physical partition order and
shows what partitions are free and which are used, as well as the location; that is, center,
outer middle, outer edge, inner edge, and inner middle.

8-46 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Add or move contents of physical volumes


IBM Power Systems

Today, virtually all disks are configured to AIX through


configuration manager (cfgmgr).

Move the contents of a physical volume:

migratepv [ -l lvname ] sourcePV targetPV ..

## migratepv
migratepv -l
-l lv02
lv02 hdisk0
hdisk0 hdisk6
hdisk6

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-39. Add or move contents of physical volumes AN123.1

Notes:
Although there is an option in SMIT to add a physical volume to the system SMIT >
Devices > Add a Disk, in reality the use of this function is not required. Today, virtually all
disks can be configured to AIX using the configuration manager (cfgmgr).
Preparation to remove a physical device
The migratepv command can be used to move all partitions, or partitions from a
selected logical volume, from one physical volume, to one or more other physical
volumes in the same volume group. This would be used if the physical volume is about
to be taken out of service and removed from the machine or to balance disk usage.

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Documenting the disk storage setup


IBM Power Systems

List the volume groups:


# lsvg

List the disks on the system (PVID and volume


group):
# lspv

List which logical volumes are contained in each


volume group:
# lsvg -l vgname

List the logical volumes on each disk:


# lspv -l pvname
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-40. Documenting the disk storage setup AN123.1

Notes:
It is important to have your storage information readily available in case you have a
problem with your system, or in the very worst case, a system crashes. The commands in
the visual help you to get this information.

8-48 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint
IBM Power Systems

1. True or False: A logical volume can span more than one physical
volume.

2. True or False: A logical volume can span more than one volume
group.

3. True or False: The contents of a physical volume can be divided


between two volume groups.

4. True or False: If mirroring logical volumes, it is not necessary to


perform a backup.

5. True or False: Striping can be combined with mirroring to provide


increased performance and availability.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-41. Checkpoint AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Exercise
IBM Power Systems

Working with LVM

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-42. Exercise AN123.1

Notes:

8-50 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Explain how to work with the Logical Volume Manager
Add, change, and delete:
Volume groups
Logical volumes
Physical volumes
Describe essential LVM concepts, such as:
Mirroring
Striping

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 8-43. Unit summary AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 8. Working with the Logical Volume Manager 8-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

8-52 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 9. File systems administration

What this unit is about


This unit covers important concepts and procedures related to AIX file
systems.

What you should be able to do


After completing this unit, you should be able to:
Identify the components of an AIX file system
Work with enhanced journaled file systems
- Add, list, change, and delete
Monitor file system disk space usage
Manage file system growth and control growing files
Implement basic file system integrity checks

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating system and device
management
AIX Version 7.1 File Reference
SG24-5432 AIX Logical Volume Manager, from A to Z: Introduction
and Concepts (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Identify the components of an AIX file system
Work with enhanced journaled file systems
Add, list, change, and delete
Monitor file system disk space usage
Manage file system growth and control growing files
Implement basic file system integrity checks

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-1. Unit objectives AN123.1

Notes:

9-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Journaled file system support in AIX


IBM Power Systems

Two types are supported:


Journaled file system (JFS)
Enhanced JFS, commonly referred to as JFS2
JFS is the original AIX file system.
Enhanced JFS JFS2) was introduced in AIX 5.1 and is now
the default file system (since AIX 5.3).
Journaling:
Before writing actual data, a journaling file system logs the metadata to
a circular JFS log on disk.
In the event of an OS crash, journaling restores consistency by
processing the information in the JFS log file.
There is no easy migration path from JFS to JFS2.
Conversion can only be achieved through backup and restore.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-2. Journaled file system support in AIX AN123.1

Notes:
Journaled file systems (JFS)
JFS was developed for transaction-oriented, high performance Power Systems. JFS is
both salable and robust. One of the key features of the file system is logging. JFS is a
recoverable file system, which ensures that if the system fails during power outage, or
system crash, no file system transactions will be left in an inconsistent state.
Migration
JFS file systems can co-exist on the same system with JFS2 file systems. However, to fully
utilize the JFS2 features, the following steps are necessary:
1. Back up JFS file system data.
2. Create new JFS2 file systems.
3. Restore JFS file system data to new JFS2 file systems.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Advantages of enhanced JFS


IBM Power Systems

Increased performance
Increased flexibility
File systems can be dynamically increased and decreased.
Support for larger enabled file systems
Internal or external JFS logging
Data encryption
Support for snapshots

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-3. Advantages of enhanced JFS AN123.1

Notes:
JFS2 is the default file system type on AIX, since version 5.3. JFS2 provides increased
performance and flexibility when compared to its predecessor, JFS.
JFS file systems:
Cannot be dynamically decreased
Can only support large files, greater than 2GB, if created in a special large enabled
filesystem
- Individual file size can be up to 64GB with JFS as opposed to 16TB with JFS2
Only support external JFS logging
Have no support for data encryption or snapshots. A snapshot is a point-in-time image,
like a photograph, of a JFS2 file system

9-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

JFS2 structural components


IBM Power Systems

Superblock
The superblock maintains information about the entire file system.
i-nodes
Each file has an i-node that contains access information, such as file type,
access permissions, owner's ID, and the number of links to that file.
Data blocks
Data blocks contain file data.
Each file system has a user settable fixed block size attribute.
512, 1024, 2048, or 4096 bytes
Allocation maps
Allocation maps record the location and allocation of all i-nodes and the
allocation state of each data block.
Allocation groups
Allocation groups are responsible for dividing the file system space into
chunks so that related data blocks and i-nodes can be clustered together to
achieve good locality.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-4. JFS2 structural components AN123.1

Notes:
Superblock
The first addressable logical block on the file system is the superblock. The superblock
contains information such as the file system name, size, number of i-nodes, and
date/time of creation. The superblock is critical to the file system and, if corrupted,
prevents the file system from mounting. For this reason, a backup copy of the
superblock is always written in block 31.
i-nodes
Each file and directory has an associated i-node which contains metadata such as
ownership and access times. JFS2 allocates i-nodes, as required.
Data blocks
An individual file within a file system, by default, has units allocated to it in blocks of
4096 bytes. The file system block size can be set to 512, 1024, 2048, or 4096 bytes. A
smaller block size uses less disk space for small files, but may degrade performance.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Some AIX commands often report file sizes in units of 512 bytes, to remain compatible
with other UNIX file systems. This is independent of the actual unit of allocation.
Allocation maps
A JFS2 file system has two allocation maps:
The i-node allocation map records the location and allocation of all i-nodes in the file
system.
The block allocation map records the allocation state of each file system block.
Allocation groups
Allocation groups divide the space on a file system into chunks. Allocation groups allow
JFS2 allocation policies to use well-known methods for achieving optimum I/O
performance. The allocation policies try to cluster related disk blocks and disk i-nodes
to achieve good locality for the disk, as files are often read and written sequentially, and
the files within a directory are often accessed together.

9-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing i-node and block size information


IBM Power Systems

To view i-node information:


## ls
ls -li
-li
total
total 33
12309
12309 -rw-r-----
-rw-r----- 11 adminusr
adminusr security
security 119
119 12
12 Feb
Feb 19:43
19:43 datafile1
datafile1
12307
12307 -rwxr-----
-rwxr----- 11 adminusr
adminusr security
security 254
254 27
27 Jan
Jan 18:19
18:19 .profile
.profile
12308
12308 -rw-------
-rw------- 11 adminusr
adminusr security
security 156
156 28
28 Jan
Jan 14:31
14:31 .sh_history
.sh_history

## istat
istat datafile1
datafile1
Inode
Inode 12309
12309 on
on device
device 10/8
10/8 File
File i-node
Protection:
Protection: rw-r-----
rw-r----- number
Owner:
Owner: 211(adminusr)
211(adminusr) Group:
Group: 7(security)
7(security)
Link
Link count:
count: 11 Length
Length 119
119 bytes
bytes

Last
Last updated:
updated: Thu
Thu 12
12 Feb
Feb 19:44:09
19:44:09 2009
2009
Last
Last modified:
modified: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009
Last
Last accessed:
accessed: Thu
Thu 12
12 Feb
Feb 19:43:42
19:43:42 2009
2009

To view file system block size information:


## lsfs
lsfs cq
cq /data
/data
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct
#MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct Block size.
/data:/dev/fslv00:jfs2:::204800:rw:no:no
/data:/dev/fslv00:jfs2:::204800:rw:no:no (Some output
(lv
(lv size
size 204800:fs
204800:fs size
size 204800:block
204800:block size
size 4096
4096 removed for
clarity.)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-5. Listing i-node and block size information AN123.1

Notes:
The istat command can be used to display the i-node information for a particular file or
directory. You can specify the file either by providing a file or directory name, or by
providing an i-node number using the i flag. I-node numbers can be discovered using the
i flag with the ls command.
The file system block size information can be discovered using the lsfs command.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Creating a JFS2 file system (1 of 2)


IBM Power Systems

# smit crfs_j2
# crfs -v jfs2 -g datavg -a size=1G m /data

Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System

[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name datavg
datavg
SIZE
SIZE of file
of file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
** Number
Number of
of units
units [1]
[1] ##
** MOUNT
MOUNT POINT
POINT [/data]
[/data]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY at at system
system restart?
restart? No
No ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log size (MBytes)
Log size (MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota Management?
Quota Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal
internal snapshots?
snapshots? no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-6. Creating a JFS2 file system (1 of 2) AN123.1

Notes:
The SMIT screen in the visual shows the creation of a 1GB filesystem (/data) in volume
group: datavg. The creation is done by the crfs command.
In this example, the crfs command will create a file system on a new logical volume, within
a previously created volume group. An entry for the file system is put into the
/etc/filesystems file.
The minimum size of a JFS2 filesystem is 16 MB.
For further information, see the crfs man page.

9-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Creating a JFS2 file system (2 of 2)


IBM Power Systems

When the file system is created, the lsfs command will


display the characteristics of the file system.
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data
File
File system
system created
created successfully.
successfully.
1048340
1048340 kilobytes
kilobytes total
total disk
disk space.
space.
New
New File
File System
System size
size is
is 2097152
2097152

## lsfs
lsfs /data
/data
Name
Name Nodename
Nodename Mount
Mount Pt
Pt VFS
VFS Size
Size Options
Options Auto
Auto
/dev/fslv00
/dev/fslv00 --
-- /data
/data jfs2 2097152
jfs2 2097152 --
-- no
no

## lsvg
lsvg -l
-l datavg
datavg
datavg:
datavg:
LV
LV NAME
NAME TYPE
TYPE LPs
LPs PPs
PPs PVs
PVs LV
LV STATE
STATE MOUNT
MOUNT POINT
POINT
loglv00
loglv00 jfs2log
jfs2log 11 11 11 closed/syncd N/A
closed/syncd N/A
fslv00
fslv00 jfs2
jfs2 256
256 256
256 11 closed/syncd
closed/syncd /data
/data
JFS log automatically created,
1 LP in size (if one does not
already exist) for the VG.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-7. Creating a JFS2 file system (2 of 2) AN123.1

Notes:
The visual shows the actual creation of the /data file system shown in the previous slide.
The lsfs command can be used to display the characteristics of the file system.
Prior to the creation of the file system, the contents of the datavg volume group were
empty. We can see two logical volumes created, loglv00 and fslv00. The loglv00 volume
acts as the JFS log for both the /data file system and by default any other file systems that
will be created. In creating a file system this way the underlying logical volume is created
using default options. Often it is preferable to first create the logical volume (using custom
values) and then create the file system on top. We shall see this procedure later in the unit.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Mounting a file system and the /etc/filesystems


file
IBM Power Systems

When a file system is created, the device and mount point


information is stored in the /etc/filesystems file.
## grep
grep -p
-p /data
/data /etc/filesystems
/etc/filesystems
/data:
/data:
dev
dev == /dev/fslv00
/dev/fslv00
vfs
vfs == jfs2
jfs2
log
log == /dev/loglv00
/dev/loglv00
mount
mount == false
false
account
account == false
false

The mount command reads the


stanza in the /etc/filesystems
file, therefore only the mount point
## mount
mount /data
/data is required.

## mount
mount |egrep
|egrep '/data|node'
'/data|node'
node
node mounted
mounted mounted
mounted over
over vfs
vfs date
date options
options
/dev/fslv00
/dev/fslv00 /data
/data jfs2
jfs2 13
13 Feb
Feb 10:32
10:32 rw,log=/dev/loglv00
rw,log=/dev/loglv00

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-8. Mounting a file system and the /etc/filesystems file AN123.1

Notes:
Upon creation of a file system, a stanza in appended to the /etc/filesystems file. The
stanza includes:
The device (dev) which is the underlying logical volume
The virtual file system type (VFS)
The path to the JFS log device (log)
Whether the file system should be mounted at system start time (mount) and processed
by the AIX accounting system (account).
Before the filesystem can be used it must first be mounted, using the mount command. As
there is a stanza in the /etc/filesystems file, the only parameter required is the name of the
file system. The mount command with no options, will display all file systems which are
currently mounted and available for use.

9-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

JFS2 logging options


IBM Power Systems

For JFS2 file systems, there are three logging options:


Use the global JFS log for the volume group.
Create a specific JFS log for each file system.
1 LP in size.
Format the log using the logform command.
## mklv
mklv y
y my_jfs2_log
my_jfs2_log t
t jfs2log
jfs2log datavg
datavg 11

## logform
logform /dev/my_jfs2_log
/dev/my_jfs2_log
logform:
logform: destroy
destroy /dev/rmy_jfs2_log
/dev/rmy_jfs2_log (y)?y
(y)?y

## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=my_jfs2_log
logname=my_jfs2_log

Create an inline log inside the file system.


0.4% of the file system space will be reserved for this option.
## crfs
crfs -v
-v jfs2
jfs2 -g
-g datavg
datavg -a
-a size=1G
size=1G -m
-m /data
/data -a
-a logname=INLINE
logname=INLINE \\
-a logsize=<value
-a logsize=<value in MB>
in MB>

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-9. JFS2 logging options AN123.1

Notes:
As we have seen by default, a JFS log file is created when the first file system is created in
a volume group. This JFS log will act as the global logging device for all file systems,
unless:
A specific external log is created for each file systems in the volume group. This
approach has several advantages. It will aide performance and availability. If the
logging device were to become corrupt, it would only affect the associated file system.
The JFS log device is internal to the filesystem (inline). This saves time having to
create, format, and manage a separate JFS log volume. Inline logging is only available
with JFS2 file systems.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Creating a file system on a previously defined


logical volume
IBM Power Systems

# smit crfs_j2
# crfs -v jfs2 d lv_for_data m /data2 A yes

Add
Add an
an Enhanced
Enhanced Journaled
Journaled File
File System
System

[Entry
[Entry Fields]
Fields]
** LOGICAL
LOGICAL VOLUME
VOLUME name
name lv_for_data
lv_for_data ++
** MOUNT POINT
MOUNT POINT [/data2]
[/data2]
Mount
Mount AUTOMATICALLY
AUTOMATICALLY atat system
system restart?
restart? yes
yes ++
PERMISSIONS
PERMISSIONS read/write
read/write ++
Mount
Mount OPTIONS
OPTIONS []
[] ++
Block
Block Size
Size (bytes)
(bytes) 4096
4096 ++
Logical
Logical Volume
Volume for
for Log
Log ++
Inline
Inline Log
Log size
size (MBytes)
(MBytes) []
[] ##
Extended
Extended Attribute
Attribute Format
Format ++
ENABLE
ENABLE Quota
Quota Management?
Management? no
no ++
Enable
Enable EFS?
EFS? no
no ++
Allow
Allow internal snapshots?
internal snapshots? No
No ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-10. Creating a file system on a previously defined logical volume AN123.1

Notes:
Adding a file system to a previously created logical volume provides greater control over
where the file system will reside on disk and provides options for availability and
performance. When creating file systems in highly available environments (for example,
using PowerHA or Veritas Cluster Services), one should always follow this method, in order
to use you own naming convention for the logical volume names.
On creation, the size of the filesystem is set to the size of the logical volume. For example,
if the PP size for the volume group is 64MB, and the logical volume was 4 LPs in size, then
the size of the file system would be (4 x 64MB) 256MB.
After the file system is created:
If the logical volume is expanded, the size of the file system is not increased.
The underlying logical volume policies can be dynamically changed. However, there will
be a performance hit, especially for large file systems.

9-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Changing the size of a JFS2 file system


IBM Power Systems

To increase the size of a file system:


## chfs
chfs -a
-a size=+1G
size=+1G /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 2179072
2179072

To shrink the size of a file system:


## chfs
chfs -a
-a size=-500M
size=-500M /data2
/data2
Filesystem
Filesystem size
size changed
changed to
to 1155072
1155072

Using SMIT: # smit chjfs2


Change
Change // Show
Show Characteristics
Characteristics of
of an
an Enhanced
Enhanced Journaled
Journaled File
File System
System
[Entry
[Entry Fields]
Fields]
File
File system
system name
name /data2
/data2
NEW
NEW mount
mount point
point [/data2]
[/data2]
SIZE
SIZE of
of file
file system
system
Unit
Unit Size
Size Gigabytes
Gigabytes ++
Number
Number of
of units
units [10]
[10] ##

Note:
Note: Advanced
Advanced options
options removed.
removed.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-11. Changing the size of a JFS2 file system AN123.1

Notes:
JFS2 file systems can be dynamically increased or decreased in size (subject to available
space and LVM rules). You can either choose to increase or decrease by a set amount,
using + or options respectively, or by providing a specific set number, as shown in the
SMIT example.
The minimum size you can decrease by is 16 MB.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Removing a JFS2 file system


IBM Power Systems

The file system must first be unmounted.


Using SMIT: # smitty rmfs2
# rmfs /data2

Remove
Remove an
an Enhanced
Enhanced Journaled
Journaled File
File System
System

[Entry
[Entry Fields]
Fields]
** FILE
FILE SYSTEM
SYSTEM name
name /data2
/data2 ++
Remove
Remove Mount
Mount Point
Point no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-12. Removing a JFS2 file system AN123.1

Notes:
Ways to remove a file system
The rmfs command or SMIT can be used to remove a file system.
Restrictions
In order to remove a file system, it must be unmounted from the overall file tree, and this
cannot be done if the file system is in use, that is, some user or process is using the file
system or has it as a current directory.
Effects of using rmfs command
The rmfs command removes any information for the file system from the ODM and
/etc/filesystems. When the file system is removed, the logical volume on which it
resides is also removed.
Syntax
The syntax of the rmfs command is:
rmfs [-r] [-i] FileSystem
r Removes the mount point of the file system
i Displays warning and prompts the user before removing the file system

9-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

File system space management


IBM Power Systems

File systems expand upon notice, not automatically.


To keep from running into problems:
Monitor file system growth
Determine causes
Control growing files
Manage file system space usage
Control user disk usage
Block size considerations
Fragmentation considerations

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-13. File system space management AN123.1

Notes:
The Resource Monitoring and Control (RMC) subsystem
You can also use the Resource Monitoring and Control (RMC) subsystem that is based
on the AIX Reliable Scalable Cluster Technology (RSCT) filesets. Web-based System
Manager can be used to configure RMC. The ctrmc subsystem is started in the
/etc/inittab. RMC is outside the scope of the course.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing file system utilization


IBM Power Systems

The df command displays information about total space and


available space on a file system.

# df [-k] [-m] [-g]


## df
df -g
-g
Filesystem
Filesystem GB
GB blocks
blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
/dev/hd4
/dev/hd4 1.44
1.44 1.10
1.10 24%
24% 9896
9896 2% /
2% /
/dev/hd2
/dev/hd2 2.50
2.50 0.10
0.10 97%
97% 49616
49616 8%
8% /usr
/usr
/dev/hd9var
/dev/hd9var 0.31
0.31 0.24
0.24 25%
25% 1308
1308 2%
2% /var
/var
/dev/hd3
/dev/hd3 0.12
0.12 0.12
0.12 6%
6% 128
128 1%
1% /tmp
/tmp
/proc
/proc -- -- -- -- -- /proc
/proc
/dev/hd10opt
/dev/hd10opt 0.25
0.25 0.03
0.03 88%
88% 4567
4567 7%
7% /opt
/opt
/dev/fslv00
/dev/fslv00 8.00
8.00 1.40
1.40 83%
83% 6888
6888 3%
3% /export
/export
/dev/fslv01
/dev/fslv01 9.00
9.00 2.33
2.33 75%
75% 4059
4059 1%
1% /aix
/aix
/dev/lv00
/dev/lv00 0.12
0.12 0.12
0.12 4%
4% 20
20 1%
1% /audit
/audit
/dev/hd11admin
/dev/hd11admin 0.12
0.12 0.12
0.12 4%
4% 18
18 1%
1% /admin
/admin
/dev/hd1
/dev/hd1 0.62
0.62 0.16
0.16 75%
75% 270
270 1%
1% /home
/home
grumpy:/nimback
grumpy:/nimback 25.00
25.00 3.26
3.26 87%
87% 99 1% /mnt
1% /mnt

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-14. Listing file system utilization AN123.1

Notes:
Importance of the df command
The df command lists the free space on all mounted file systems.
This is an important command to know about and use frequently. If you run out of space in
a file system (especially / or /tmp), system corruption could occur.
Useful df command flags
A number of flags (options) can be used with the df command. Some of the most useful of
these flags are shown below:
-i: Displays the number of free and used i-nodes for the file system; this output is the
default when the specified file system is mounted
-I: Displays information on the total number of blocks, the used space, the free space,
the percentage of used space, and the mount point for the file system
-k: Displays statistics in units of 1024-byte blocks
-m: Displays statistics in units of MB blocks
-g: Displays statistics in units of GB blocks

9-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Monitoring file system growth


IBM Power Systems

A simple script using the df command, which can be run at


regular intervals to warn against file systems becoming full.

#!/bin/ksh
#!/bin/ksh

df
df || egrep
egrep -v
-v '(used|proc)'
'(used|proc)' || awk
awk '{print
'{print $4"
$4" "$7}'
"$7}' \\
|| sed 's:%::g' | while read LINE
sed 's:%::g' | while read LINE
do
do
PERC=`echo
PERC=`echo $LINE
$LINE || awk
awk '{print
'{print $1}'`
$1}'`
FILESYSTEM=`echo
FILESYSTEM=`echo $LINE | awk
$LINE | awk '{print
'{print $2}'`
$2}'`

if
if [[ $PERC
$PERC -gt
-gt 70
70 ]]
then
then
mail
mail -s
-s "Filesystem
"Filesystem check
check on
on box:
box: `hostname`"
`hostname`" \\
admin@ibm.com
admin@ibm.com <<<< EOF
EOF
$FILESYSTEM
$FILESYSTEM isis $PERC%
$PERC% full,
full, please
please check
check
EOF
EOF
fi
fi
done
done

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-15. Monitoring file system growth AN123.1

Notes:
The need to monitor file system growth
Although AIX provides for dynamic expansion of a file system, it does not expand the
file system on the fly. The system administrator must continually monitor file system
growth and expand file systems as required before they get full. If a file system
becomes 100% full, then the users receive out of space messages when they try to
extend files.
Regular use of the df command
One useful technique is to run the df command through cron, the job scheduler, to
perform a regular check of the space available in the file system and produce a report.
cron is covered in a later unit.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing disk usage


IBM Power Systems

The du command lists the number of blocks used by a file


or a directory.
/export
/export ## du
du -sg
-sg ..
6.59
6.59 ..

/export
/export ## du
du FirstBoot.sh
FirstBoot.sh
88 FirstBoot.sh
FirstBoot.sh

/export
/export ## du
du sm
sm ** || sort
sort -rn
-rn

2131.16
2131.16 mksysbaix53
mksysbaix53
1846.36
1846.36 mksysbaix61
mksysbaix61
1373.11
1373.11 mksysbaix61.light
mksysbaix61.light
248.52
248.52 spot
spot
0.01
0.01 nim
nim
0.01
0.01 bosinst.data
bosinst.data
0.00
0.00 FirstBoot.sh
FirstBoot.sh
0.00
0.00 BUILD.sh
BUILD.sh

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-16. Listing disk usage AN123.1

Notes:
Use of the du command
There may be a number of files or users that are causing the increased use of space in
a particular file system. The du command helps to determine which files, users, or both,
are causing the problem.
Specifying the units du should use
By default, du gives size information in 512-byte blocks. Use the -k option to display
sizes in 1 KB units, use the -m option to display sizes in 1 MB units, or use the -g option
to display sizes in 1 GB units.
Specifying output by file
By default, du gives a hierarchical listing of directories only. With the -a option, the
hierarchical listing includes the non-directory files. With the -s option, only the specified
file is listed. For each listed directory, the size is the total amount of space for that
directory and all files underneath it, recursively.

9-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Using du in conjunction with sort


If the output of du is sorted numerically and in descending order (using the -n and r
flags of the sort command) by the value in the first column, this output can be an aid in
determining which files/directories are the largest. Then using an ls -l, you can
determine the file/directory's owner.
The -x flag
The -x flag/option is also very useful. When you use du -ax, the report only shows
information from the specified file system. This is the best way to determine what file is
filling a particular file system.
Using the find command to locate large files
The find command is useful for locating files that are over a certain size. For example,
to find all files that contain more than 1 000 000 characters, and then list them, use the
following command:
# find / -size +1000000c -exec ls -l {} ;

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Control growing files


IBM Power Systems

/var/adm/wtmp
/etc/security/failedlogin
/var/adm/sulog

/var/spool/*/*
/var/tmp/*

$HOME/smit*

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-17. Control growing files AN123.1

Notes:
Managing files that grow
Growing files should be monitored and cleaned out periodically. Some of the files that grow
are listed on the visual.
Records of login activity
The files /var/adm/wtmp, /etc/security/failedlogin, and /var/adm/sulog are needed
because they contain historical data regarding login activity. Thus, these files should
always contain a few days of login activity. If accounting is turned on, /var/adm/wtmp is
kept to a reasonable size. If accounting is not turned on, to capture the data to archive it,
use who -a on /var/adm/wtmp and /etc/security/failedlogin and redirect the output to a
save file. Then, the log file can be purged by overwriting it with a null string. Two ways of
overwriting a log file in this way are illustrated in the following examples:
Example 1:
# cat /dev/null > /var/adm/wtmp

9-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Example 2:
# > /etc/security/failedlogin
The file /var/adm/sulog can be edited directly.
The /var/spool directory
The directory /var/spool contains cron entries, the mail, and other items that grow on an
ongoing basis, along with printer files. If there is a problem with the printer files, you can try
to clear the queuing subsystem by executing the following commands:
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
rm /var/spool/qdaemon/*
startsrc -s qdaemon
Records of SMIT and Web-based System Manager activity
Files such as smit.log in the home directory of the root user, and other system
administration accounts, can also become quite large. These files need to be monitored
regularly and managed appropriately.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The skulker command


IBM Power Systems

The skulker command cleans up file systems by removing


unwanted or obsolete files.
Candidate files include:
Files older than a selected age
Files in the /tmp, /var/spool, /var/tmp, /var/news directories
a.out, *.bak, core, ed.hup files

skulker is normally invoked daily by the cron command as


part of the crontab file of the root user.
Disabled by default

Modify the skulker shell script to suit local needs for the
removal of files.
Test carefully!!
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-18. The skulker command AN123.1

Notes:
Function of the skulker command
The shell script /usr/sbin/skulker includes a series of entries containing commands that
remove unwanted or obsolete files of various types. To analyze the commands that are
executed by each entry, print out or view the contents of the /usr/sbin/skulker file.
Concerns related to skulker
A particular version of skulker is suited to the operating system and level with which it was
distributed. If the operating system has been upgraded or modified, it may be inadvisable to
use an old version of skulker. In addition, the skulker shell script is moderately complex.
When making modifications, you should make a copy of the shell script first - just in case!
Note that if skulker is modified, or if it is used on the incorrect version of the operating
system, it ceases to be a supported component of AIX.
Note: The skulker is disabled by default.

9-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Block size considerations


IBM Power Systems

Default block size for a JFS2 file system is 4 K.


Possible values are 512, 1024, 2048, 4096 bytes.
If a directory structure is to contain many small files, it is
beneficial to store them in a separate file system with a small
block size.
Otherwise, the file system might fill up and still contain lots of free
space.

4096 bytes 4096 bytes

2000 bytes 2000 bytes

1024 1024 1024 1024

This free space cannot These free blocks can


be used by another file. be used by other files.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-19. Block size considerations AN123.1

Notes:
Benefits of a small block size
In JFS, as many whole blocks as necessary are used to store a file or directory's data.
Consider that we have chosen to use a block size of 4 KB, and we are attempting to
store file data which only partially fills a block. Potentially, the amount of unused or
wasted space in the partially filled block can be quite high. For example, if only 500
bytes are stored in this block, then 3596 bytes are wasted. However, if a smaller block
size, say 512 bytes, was used, the amount of wasted disk space would be greatly
reduced - to only 12 bytes. It is, therefore, better to use small block sizes, if efficient use
of available disk space is required, in a filesystem which will consist of lots of small files.
Adverse effects of a small block size
Although small block sizes can be beneficial in reducing wasted disk space, they can
have an adverse effect on disk I/O activity. For a 4 KB file, stored in a single block of 4
KB, only one disk I/O operation would be required to either read or write the file. If the
choice of the block size was 512 bytes, a 4 KB file would only be allocated a 4 KB block
if one were available. If a single 4 KB block were not available, 512 byte blocks would

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

be used, with a potential to allocate eight blocks for this file. For a read or write to
complete, several additional disk I/O operations (disk seeks, data transfers, and
allocation activity) would be required. Therefore, for file systems which use a block size
of 4 KB, the number of disk I/O operations are far less, than file systems which employ
a smaller block size.

9-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Fragmentation considerations
IBM Power Systems

Over time, due to data relocation, extensions, reductions, and


deletions, contiguous free space can run out and data can
become fragmented.
File system

Used block

Free block
FileA

There are three options to deal with this situation.


Try to increases a file systems contiguous free space using the
defragfs command.
Back up, delete, recreate the file system and restore the data.
Create a new file system and migrate the data.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-20. Fragmentation considerations AN123.1

Notes:
Irrespective of the block size, over time data can become fragmented on disk. The
defragfs command will attempt to increases a file system's contiguous free space by
reorganizing free block allocations to be contiguous, rather than scattered across the disk.
The file system to be defragmented can be specified with the device variable, which can be
the path name of the logical volume (for example, /dev/hd4) or the name of the file system,
which is the mount point in the /etc/filesystems file.
Another approach, is to backup and restore the data in a new file system or backup the
data, delete, recreate the file system and restore. This method is certainly cleaner, but
requires some element of downtime.

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Verify and repair a file system


IBM Power Systems

fsck command
Checks file system consistency and interactively repairs the file system
If no file system name is specified, the fsck command checks all file
systems which have the check=true attribute set in the
/etc/filesystems.
Orphan files are placed in the lost+found directory.
Unmount the file system before running fsck.
## fsck
fsck /data
/data
The
The current
current volume
volume is:
is: /dev/fslv00
/dev/fslv00
Primary
Primary superblock
superblock is is valid.
valid.
J2_LOGREDO:log
J2_LOGREDO:log redo
redo processing
processing for
for /dev/fslv00
/dev/fslv00
Primary
Primary superblock
superblock is is valid.
valid.
***
*** Phase
Phase 11 -- Initial
Initial inode
inode scan
scan
***
*** Phase
Phase 22 -- Process
Process remaining
remaining directories
directories
*** Phase 3 - Process remaining
*** Phase 3 - Process remaining filesfiles
***
*** Phase
Phase 44 -- Check
Check and
and repair
repair inode
inode allocation
allocation map
map
***
*** Phase 5 - Check and repair block allocation
Phase 5 - Check and repair block allocation map
map
File
File system
system isis clean.
clean.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-21. Verify and repair a file system AN123.1

Notes:
Always run the fsck command on file systems after a system malfunction. The internal
integrity of a file system should be checked before the file system is mounted. By default,
the fsck command runs interactively, prompting the administrator for the action to perform
in order to repair the file system. If orphaned files or directories (those that cannot be
reached) are found, fsck will attempt to store them file in the /lost+found directory.
For further information, see the fsck man page.

9-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Documenting file system setup


IBM Power Systems

Run the lsfs command.


Save the contents of the /etc/filesystems file.
Run the df command to check space allocation.
Check all the mounted file systems by running the mount
command.

File System Records

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-22. Documenting file system setup AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System storage review


IBM Power Systems

LogicalVolume
Logical volume storage
Structure

hd2

hd4 /usr hd2 free hd1 free hd1 free


/(root) /usr /home /home
hd6 hd3 hd1 hd1
Page Space /tmp /home /home
hd8 hd2
log /usr free free
hd61 lv00 lv00
hd5 free Page Space lv00 special DB lv00 special DB
hd9var
/blv /var special DB special DB

hdisk0 hdisk1 hdisk2 hdisk3


rootvg datavg
File Systems
/(root)
File System

Directories File Systems

/bin /dev /etc /lib /usr /tmp /var /home

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-23. System storage review AN123.1

Notes:
Difference between file system and simple directory
It is important to understand the difference between a file system and a directory. A file
system is a section of disk that has been allocated to contain files. This section of disk is
the logical volume. The section of disk is accessed by mounting the file system over a
directory. Once the file system is mounted, it looks like any other directory structure to
the user.
File systems on the visual
The directories on the right of the bottom portion of the visual are all file systems. These
file systems are all mounted on the directories /usr, /tmp, /var and /home. Notice the
corresponding logical volume in the graphic at the top of the visual.
Simple directories
The directories on the left of the bottom portion of the visual are strictly directories that
contain files and are part of the /(root) file system. There is no separate logical volume
associated with these directories.

9-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint (1 of 2)
IBM Power Systems

1. Does the size of the file system change when the size of the logical
volume it is on is increased?

2. If you remove a file system, is the logical volume on which it sits


removed as well?

3. When a file system is created, what needs to be done in order to make


it available for use?

4. What size should an external JFS log be set to?

5. True or False: SMIT can be used to easily increase or decrease the


size of an enhanced JFS filesystem.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-24. Checkpoint (1 of 2) AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (2 of 2)
IBM Power Systems

6. A file system is 2 GB. How would you do the following?


a. Add 1 GB
b. Set the size to 5 GB

7. What command can you use to determine if a file system is full?

8. What command can produce a report listing the size (in MB) of all the
files and directories contained in a specific location?

9. What command checks and interactively repairs inconsistent file


systems?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-25. Checkpoint (2 of 2) AN123.1

Notes:

9-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

File system
administration

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-26. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 9. File systems administration 9-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Identify the components of an AIX file system
Work with enhanced journaled file systems
Add, list, change, and delete
Monitor file system disk space usage
Manage file system growth and control growing files
Implement basic file system integrity checks

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 9-27. Unit summary AN123.1

Notes:

9-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 10. Paging space

What this unit is about


This unit presents the key concepts related to paging space.

What you should be able to do


After completing this unit, you should be able to:
Explain the purpose of paging space
Modify the state or size of a paging space
Add or remove paging spaces
List and monitor the paging space utilization

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating system and device
management

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Explain the purpose of paging space
Modify the state or size of a paging space
Add or remove paging spaces
List and monitor the paging space utilization

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-1. Unit objectives AN123.1

Notes:

10-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

What is paging space?


IBM Power Systems

Divided into segments

Made up of page frames

Real
Virtual memory
memory (RAM)

Active
page,
Page resident in
frame memory Paging
table space
Inactive
page, paged
out

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-2. What is paging space? AN123.1

Notes:
How data is placed into Paging Space?
Memory under AIX is virtualized by the Virtual Memory Manager (VMM). The basic idea
behind virtual memory is that each program has its own address space which is
partitioned into segments. A segment is a 256 MB, contiguous portion of the
virtual-memory address space into which a data object can be mapped.
Virtual-memory segments are partitioned into fixed-size units called pages. Each page
in a segment can be in real memory (RAM), or stored on disk until it is needed.
Similarly, real memory is divided into page frames.
A page might be resident in memory (that is, mapped into a location in physical
memory), or a page might be resident on a disk (that is, paged out of physical memory
into paging space or a file system).
The role of the VMM is to manage the allocation of real-memory page frames and to
resolve references by the program to virtual-memory pages that are not currently in real

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

memory or do not yet exist (for example, when a process makes the first reference to a
page of its data segment).
Page Frame Table (PFT) is the data structure used by a VMM to store the mapping
between virtual addresses and physical addresses.
When the number of available real memory frames on the free list becomes low, a page
stealer is invoked. A page stealer moves through the PFT, looking for pages to steal
from Real Memory to Paging Space. The PFT includes flags to signal which pages have
been referenced and which have been modified. If the page stealer encounters a page
that has been referenced, it does not steal that page, but instead, resets the reference
flag for that page. The next time the clock hand (page stealer) passes that page and the
reference bit is still off, that page is stolen.
Paging space is not a substitute for sufficient real memory. A persistent shortage of real
memory can result in so much paging space page-in and page-out activity, that is will
severely impact the performance of that system. For more information about memory
and paging performance issue, attend the AIX Performance Management course.

10-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Paging space
IBM Power Systems

Is a secondary storage area for:


Inactive memory
Over-committed memory

Holds inactive pages on disk


Page size historically has been 4 KB in size.
AIX 7.1 running on POWER5+ processors supports four page sizes:
4 KB, 64 KB, 16 MB, and 16 GB.

Is not a substitute for real memory

To display the amount of real memory:


lsattr -El mem0
Or
lsattr -El sys0 -a realmem
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-3. Paging space AN123.1

Notes:
A secondary storage area
Paging space is disk storage for information that is resident in virtual memory, but is not
currently being accessed. As memory fills, inactive pages are moved to the paging
space on disk.
A temporary holding area for inactive pages
It is very important to remember that paging is a temporary holding area for inactive
pages; it is not a substitute for real memory. If your machine has many active
processes, it requires more real memory. You must ensure the machine has enough
memory to maintain all the active processes. If you run out of memory, your machine
reaches a constant state of paging called thrashing. As it attempts to make room in
memory, it completes a page-out; as soon as the page reaches the disk, it is needed
again because it is still active. Your machine's resources are wasted performing only
paging activity, and no real work gets done.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Thrashing indicates a need for additional memory


Increasing the amount of paging space when your machine is thrashing does not solve
the problem. Thrashing is a result of not enough real memory.
Displaying real memory size
Here are three ways of displaying real memory:
# bootinfo -r
# lsattr -E -l mem0 ??
# lsattr -E -l sys0 -a realmem
High performance environments
On Power4 (or later) environments, page size can be set to large enabled (16MB). This
is done through the vmo command, as follows:
# vmo -r -o lgpg_regions=10 -o lgpg_size=16777216
On Power5+ (or later), page size can be set to huge enabled (16 GB). This is done on
the HMC through manage system properties.
16 MB and 16 GB page frames are never paged out to disk. Even if totally unused, they
remain in memory. They are mainly used in High Performance Computing (HPC)
environments.

10-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Sizing paging space


IBM Power Systems

hd6 is created at installation time.


The default paging space formula will likely result in having more space than
is needed.
If real <256 MB then page space = 2 x real
If real >= 256MB then page space = 256MB
However, the amount needed is dependent on application and system
usage.
Running low on paging space is bad.
New processes will not start and the system may start killing processes.
Paging space should be continually monitored, using:
# lsps a or # lsps s
Can dynamically:
Add or remove paging space
Increase or decrease size of a paging space

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-4. Sizing paging space AN123.1

Notes:
Creation of paging space
Paging space is created during AIX installation. The initial size is dependent on various
factors, particularly the amount of RAM in your system. Currently, the initial paging
space size is determined according to the following standards:
If real memory <256 MB then page space = 2 x real
If real memory>= 256 MB then page space = 256 MB
no more than 20% disk
Adjusting the amount of paging space
The initial size of paging space is just a starting point. This is not necessarily the
amount of the paging space that is right for your machine. The number and types of
applications dictates the amount of paging space needed. Many sizing rules of thumb
have been published, but the only way to correctly size your machine's paging space is
to monitor the utilization of your paging space.
Monitoring paging space
Monitoring the utilization of the paging space is done with the command lsps -a. This
command and its output are covered shortly.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Paging space thresholds


IBM Power Systems

When paging space fills up, the OS can hang or crash.


Common warning: Messages about failures to fork new processes

Thresholds for free paging space pages try to avoid this:


vmo o npswarn, SIGDANGER is sent to all processes
vmo o npskill, SIGKILL is sent to certain processes

Monitor paging space and act before the thresholds are


reached.

Can exempt processes from SIGKILL for select UIDs .


vmo -o nokilluid=N
Processes owned by UIDs 0 through N-1 are exempt
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-5. Paging space thresholds AN123.1

Notes:
Impact and messages of low paging space
Running low on paging space can prevent new processes from starting. The affect can
even be a hung or crashed operating system.
You might see these warning messages:
"INIT: Paging space is low"
"ksh: cannot fork no swap space"
"Not enough memory"
"Fork function failed"
"fork () system call failed"
"unable to fork, too many processes"
"Fork failure - not enough memory available"
"Fork function not allowed. Not enough memory available."
"Cannot fork: Not enough space

10-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Results of low paging space


If your system runs low on paging space, a message is sent to the console and
sometimes to users as well. At this point, the system is unable to start new work until
memory is freed up, either by having processes explicitly free and release allocated
memory or by terminating processes (thus automatically freeing memory associated
with those processes). This situation should obviously be avoided.
The situation can get worse. If paging space continues to fill, non-system processes are
terminated, and the system may even crash. Ensure you have enough paging space.
The vmo command manages VMM tunable parameters. One parameter which may be
of interest is nokilluid. The parameter accepts an integer, which by default is 0 (off).
For example, if the value is set to 1, this will result in processes for user IDs lower than
this value (in this case, root) becoming exempt from getting killed due to low
page-space conditions.
npswarn and npskill thresholds
If available paging space depletes to a low level, then the operating system will try to
free up resources by first warning processes to free up paging space and finally by
killing processes if there still is not enough paging space available for the current
processes. It will kill one process at a time and an error log entry will be generated.
The npswarn and npskill thresholds are used by the VMM to determine when to first
warn processes and eventually when to kill processes. The default values of npswarn
and npskill will depend on how much paging space is configured on the system. The
default value of npskill is MAX [64, (Total number of paging space pages)/128]. The
default value of npswarn is the MAX [512, 4*npskill].
If the npswarn threshold is reached, then all active processes are sent a SIGDANGER
signal. If a process is handling this signal, then the process can choose to ignore it or do
some other action like exit or free up memory using disclaim().
If the shortage continues and falls below a second threshold, npskill, then the system
sends the SIGKILL signal to the youngest process that does not have a signal handler
for the SIGDANGER signal. (The default action for the SIGDANGER signal is to ignore the
signal). The system continues sending SIGKILL signals until the number of unallocated
paging space blocks is above the paging space kill level.
If the vmo low_ps_handling parameter is set to 2 and if no process is found to kill
(without the SIGDANGER handler), then the system sends the SIGKILL signal to the
youngest process that has a signal handler for the SIGDANGER signal. The
low_ps_handling parameter is new in AIX 5L V5.3.
nokilluid
By setting the nokilluid parameter to a nonzero value with the command
vmo -o nokilluid, user IDs lower than this value will be exempt from being killed
because of low page space conditions. The default is 0 (off).

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

vmo command
The vmo command manages VMM tunable parameters. To make a parameter update
persistent through reboots, add the -p flag.
pacefork parameter
If a process cannot be forked due to a lack of paging space pages, then it will retry the
fork five times. In between each retry, the calling thread will delay for a default of 10
clock ticks. This number of ticks is tunable via the schedo -o pacefork.
Factors that can affect paging space usage
The most obvious cause of the paging space being filled up is a large over commitment
of memory, where the total virtual memory allocations by the applications far exceeds
the real memory of the system, thus requiring the rest to be stored in paging space. For
this you can either allocate more memory or restrict the demand for memory.
A common source of excess memory demand is a program which has a memory leak. It
repeated allocates memory, briefly uses it, forgets it has that memory allocated. The old
allocations tend to end up in the paging space.
Applications can place greater demand on paging space by requesting an Early Page
Space Allocation policy (variable PSALLOC=early) for their memory allocations.
Normally the system does not allocate pages in paging space until it needs to actually
page out a page of memory (Deferred Page Space Allocation). With early allocation,
AIX will pre-allocate a page in paging when the application allocates a page of memory,
just in case that page needs to be paged out (it may never be paged out). That is great
insurance for the application, but will require more paging space to support that.
It should be noted that once a paging space page is allocated in order to page out a
page of memory, it stays allocated even when that data is paged back in. It is not freed
until the corresponding virtual memory page is freed.

10-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checking paging space


IBM Power Systems

## lsps
lsps -a
-a
Page Space
Page Space Physical
Physical Volume
Volume Volume
Volume Group
Group Size
Size %Used
%Used Active
Active Auto
Auto Type
Type
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 512MB
512MB 13
13 yes
yes yes
yes lv
lv

## lsps
lsps s
s
Total
Total Paging Space
Paging Space Percent
Percent Used
Used
512MB
512MB 13%
13%

## vmstat
vmstat 11 10
10

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-6. Checking paging space AN123.1

Notes:
The lsps command
The lsps command lists detailed information regarding the paging spaces on the
system, including whether they are in use at the time and, if so, what percentage of their
total space is allocated.
Another useful option available with the lsps command, is the -s option, which
specifies the summary characteristics of all paging spaces. The information consists of
the total size of the paging spaces (in MB) and the percentage of paging spaces
currently used.
The paging space created during system installation, is named hd6. Paging spaces
created by the system administrator after system installation, are named paging00,
paging01, and so on.
svmon is an advanced command which captures and analyzes the current snapshot of
virtual memory. It is the only system command which shows the breakdown of page
frame sizes.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Paging space placement


IBM Power Systems

Placement guidelines:
More than one page volume.
Paging spaces all the same size including hd6.
Only one paging space per physical disk.
Use disks with the least activity.
Do not extend a paging space over multiple physical volumes.
Place on SAN disks for better performance.
Mirror all page spaces that are on internal or nonraided disk.

hd6 paging00
paging01

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-7. Paging space placement AN123.1

Notes:
Introduction
Placement and size of your paging space does impact its performance. The following
material contains tips regarding placement and size of paging areas.
Configure only one paging space per disk
Do not have more that one paging space per disk. The paging space is allocated in a
round-robin manner, and uses all paging areas equally. If you have two paging areas on
one disk, then you are no longer spreading the activity across several disks.
Use disks with low levels of activity
Paging space performs best when it is not competing with other activity on the disk. Use
disks that do not have much activity.
Create paging spaces of roughly the same size
Paging spaces should be roughly the same size. Because of the round-robin technique
that is used, if they are not the same size, then the paging space usage is not balanced.
Smaller paging areas fill faster.

10-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Do not span multiple physical volumes


Do not extend a paging space to span multiple physical volumes. Although you can
spread a paging area (like a regular logical volume) across several disk, the round-robin
technique treats the paging area as a single paging area. Therefore, the activity is not
evenly spread across the disks.
Use SAN disks and Fibre Channel controllers
Using SAN disks generally results in better throughput when reading and writing to the
disk. SAN controllers have large cache which will store the frames, when paged-out, to
disk. If the page frames are required to be paged back-in, and the data is still in cache,
the system will not have to read from disk, improving performance. However, we do
have to balance this with the exposure that we may lose connection to the SAN storage.
Mirror paging space for availability
AIX will crash if he lost currently used paging volumes. AIX will not boot without hd6
present.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Adding paging space


IBM Power Systems

# smit mkps mkps s 10 -n -a rootvg hdisk1

Add
Add Another
Another Paging
Paging Space
Space

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
Volume
Volume group
group name
name rootvg
rootvg
SIZE
SIZE of paging space
of paging space (in
(in logical
logical partitions)
partitions) [10]
[10] ##
PHYSICAL
PHYSICAL VOLUME
VOLUME name
name hdisk1
hdisk1 ++
Start
Start using
using this
this paging
paging space
space NOW?
NOW? yes
yes ++
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?

# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 640MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-8. Adding paging space AN123.1

Notes:
Ways of adding extra paging space
To add extra paging space volumes to the system, you can use SMIT (as illustrated on
the visual), the mkps command, or the Web-based System Manager.
Using the mkps command
When using the mkps command, the syntax and options are:
mkps [-a] [-n] [-t Type] -s NumLPs Vgname [Pvname]
Vgname: The volume group within which to create the paging space
Pvname: Specifies the physical volume of the volume group
-s NumLPs: Sets the size of the new paging space in logical partitions
-a: Activate the paging space at the next restart (adds it to /etc/swapspaces)
-n: Activate the paging space immediately.
-t Type: Specifies the type of paging space (lv or nfs)
When a paging space is created, the /etc/swapspaces file is also updated, if needed.

10-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Change paging space


IBM Power Systems

# smit chps chps d 5 paging00

Change
Change // Show
Show Characteristics
Characteristics of
of aa Paging
Paging Space
Space

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
Paging
Paging space
space name
name paging00
paging00
Volume group name
Volume group name rootvg
rootvg
Physical
Physical volume
volume name
name hdisk1
hdisk1
NUMBER
NUMBER of
of additional
additional logical
logical partitions
partitions []
[] ##
Or
Or NUMBER
NUMBER of
of logical
logical partitions
partitions to
to remove
remove [5]
[5] ##
Use
Use this
this paging
paging space
space each
each time
time the
the system
system is
is yes
yes ++
RESTARTED?
RESTARTED?

# lsps -a
Page Space PV VG Size %Used Active Auto Type
paging00 hdisk1 rootvg 320MB 1 yes yes lv
hd6 hdisk0 rootvg 512MB 16 yes yes lv
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-9. Change paging space AN123.1

Notes:
Characteristics that can be changed
A paging space may have its size increased or decreased and may have its autostart
options changed while it is in use (this updates /etc/swapspaces).
These changes can be made through SMIT (as illustrated on the visual) or by using the
chps command.
Decreasing paging space
The ability to dynamically decrease paging space was introduced in AIX 5L V5.1. The
argument -d to the chps command calls the shrinkps shell script to reduce the size of
an active paging space. The use of a shell script reduces the possibility of getting into
an unbootable state because users are not allowed to run out of paging space. The
script checks paging space actually in use and adds a paging space warning threshold
buffer. The SMIT fastpath is smit chps.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The process chps decreases an active paging space as follows:


Step Action
Create a new, temporary space from the same volume group as the one being
1
reduced.
2 Deactivate the original paging space.
3 Reduce the original paging space.
4 Reactivate the original paging space.
5 Deactivate the temporary space.
The primary paging space (usually hd6) cannot be decreased below 32 MB.
When you reduce the primary paging space, a temporary boot image and a temporary
/sbin/rc.boot pointing to this temporary primary paging space are created to ensure the
system is always in a state where it can be safely rebooted.
Activating paging space
Inactive paging spaces may be activated dynamically once they have been defined. To
do this enter: swapon /dev/pagingnn
Note: This operation is supported through SMIT as well, fastpath pgsp. Alternatively,
use: swapon -a to activate all paging spaces defined in /etc/swapspaces. This
command is run in /etc/rc at system startup.
Examples of chps command use
The following examples illustrate use of the chps command:
Example 1: Delete one logical partition from the paging00 paging space.
# chps -d 1 paging00
Example 2: Add one logical partition to the paging00 paging space.
# chps -s 1 paging00
Refer to the entry for chps in the online AIX 7.1 Commands Reference (or the
corresponding man page) for more information regarding the chps command.

10-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Removing paging space


IBM Power Systems

First, deactivate the paging space. swapoff /dev/paging00

Remove the paging space. rmps paging00

# smit rmps
Remove
Remove aa Paging
Paging Space
Space

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press Enter AFTER making
Press Enter AFTER making all
all desired changes.
desired changes.
[Entry
[Entry Fields]
Fields]
PAGING
PAGING SPACE
SPACE name
name paging00
paging00 ++

# lsps -a
Page Space PV VG Size %Used Active Auto Type
hd6 hdisk0 rootvg 512MB 16 yes yes lv

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-10. Removing paging space AN123.1

Notes:
Deletion of surplus paging space
As we have discussed, paging space can be added to the system, if necessary.
Similarly, surplus paging space can be deleted to free up the disk space for other logical
volumes.
Deactivation of paging space
Inactive paging space can be activated dynamically to meet system demand. In order to
delete paging space, it must be inactive (that is, not used by the kernel.) Beginning with
AIX 5L V5.1, active paging spaces can be deactivated while the system is running using
the swapoff command or with the SMIT fastpath swapoff.
Reasons the swapoff command may fail
The swapoff command might fail due to:
Paging size constraints: The process to remove an active paging space is to move all
the pages of the paging space being removed to another paging space. If there is not
enough active paging space to do this, the command fails.
I/O errors.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Problems with paging space


IBM Power Systems

Monitor the system carefully.


If paging space is running low or gets to 100% full, the system will
panic. Errors will be seen on the console, such as INIT: Paging
space is low!
The kernel will randomly start to kill processes.
UNIX version 7 manual, quote: Absolute mayhem guaranteed.
Paging space too small:
Dynamically increase the size by allocating more partitions.
OR
Add an additional paging space definition to another physical disk.
Paging space too large:
Dynamically decrease the size by deallocating partitions.
OR
Remove a paging space definition.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-11. Problems with paging space AN123.1

Notes:

10-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Documenting paging space setup


IBM Power Systems

Run the lsps command.


Have a hardcopy of the /etc/swapspaces file.
** /etc/swapspaces
/etc/swapspaces
**
** This
This file
file lists
lists all
all the
the paging
paging spaces
spaces that
that are
are automatically
automatically put
put
** into
into service
service on
on each system restart ('swapon -a)
each system restart ('swapon -a)
**
** WARNING:
WARNING: Only
Only paging
paging space
space devices
devices should
should be
be listed
listed here.
here.
**
** This
This file
file is
is modified
modified by
by the
the chps,
chps, mkps
mkps and
and rmps
rmps commands
commands and
and
referenced
referenced by
by the
the lsps
lsps and
and swapon
swapon commands.
commands.
hd6:
hd6:
dev
dev == /dev/hd6
/dev/hd6
auto
auto = yes
= yes
paging00:
paging00:
dev
dev == /dev/paging00
/dev/paging00
auto
auto = yes
= yes
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-12. Documenting paging space setup AN123.1

Notes:
Running lsps
Run lsps to monitor paging space activity. Keep good documentation so that you know
what is normal for that system.
The /etc/swapspaces file
The file /etc/swapspaces contains a list of the paging space areas that are activated at
system startup.
Keep a copy of /etc/swapspaces so that you know what paging spaces are defined to
start at boot.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. What conclusions regarding potential paging space problems can you


reach based on the following listing?
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group

hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00

2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-13. Checkpoint AN123.1

Notes:

10-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Paging
space

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-14. Exercise AN123.1

Notes:
This lab allows you to add, decrease, monitor, and remove paging space.

Copyright IBM Corp. 2009, 2013 Unit 10. Paging space 10-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Explain the purpose of paging space
Modify the state or size of a paging space
Add or remove paging spaces
List and monitor the paging space utilization

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 10-15. Unit summary AN123.1

Notes:

10-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 11. Backup and restore

What this unit is about


This unit covers how to back up and restore volume groups and file
systems using the facilities built into the AIX operating system.

What you should be able to do


After completing this unit, you should be able to:
Back up the rootvg volume group using the mksysb utility
Explain how to restore the operating system using a mksysb
image
Explain the role of the image.data and bosinst.data files
Back up and restore a user defined volume group
Back up and restore file systems using various utilities

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating system and device
management
AIX Version 7.1 Installation and migration
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Back up the rootvg volume group using the mksysb utility
Explain how to restore the operating system using a
mksysb image
Explain the role of the image.data and bosinst.data
files
Back up and restore a user defined volume group
Back up and restore file systems using various utilities

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-1. Unit objectives AN123.1

Notes:

11-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Backup introduction
IBM Power Systems

Why back up?


Data is very important; expensive to re-create
Hardware failure
Accidental deletion
Damage due to software installation or hardware repair
Create a system image for installation cloning
Long term archive
Disaster recovery Generally handled by
enterprise backup
Types of backup: mgmt solutions, for
example TSM
Volume group
mksysb utility which records an image backup of the operating system
savevg utility which performs a full backup of a user-created VG
Full
Backs up all specified data
Incremental
Records changes since previous backups
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-2. Backup introduction AN123.1

Notes:
Why back up your data?
The data on a computer is usually far more important and expensive to replace than the
machine itself. Data loss can happen in many ways. The most common causes are
hardware failure and accidental deletion. AIX provides several ways in which we can
back up and restore data.
Volume group backup: AIX provides a mksysb utility which creates a back up
image of the operating system (that is, the root volume group) and the savevg
utility to backup user defined volume groups. It is very important that regular
mksysb backups are created as they allow us to reinstall a system to its original
state if it has been corrupted. If you create the backup on external media, for
example tape, the media is bootable and includes the installation programs
needed to install from the backup.
Full backup: A full backup (sometimes referred to as level 0 backup) will back
up all files and directories in the specified location. AIX provides the backup

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

command and several standard UNIX utilities for performing a full backup such
as tar, cpio and pax.
Incremental backup: An incremental backup, backs up all the files which have
changed since the last full or incremental backup. The backup command on AIX
is capable of providing this functionality.
AIX (and Unix) systems are often deployed in high performance, fault tolerant, 24x7
mission critical environments. As a result of this, often enterprise backup solutions are
deployed, like IBM Tivoli Storage Manager (TSM) for System Backup and Recovery
(Sysback). TSM for Sysback is designed to provide centralized, automated data
protection that can help reduce the risks associated with data loss while also helping to
reduce complexity, manage costs, and address compliance with regulatory data
retention requirements. TSM for Sysback is outside the scope of this class.

11-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System image backup


IBM Power Systems

Backs up rootvg only using the mksysb command.

Unmounted file systems are not backed up.


If device selected is tape, bootable tape is created in backup
format.
Can be completed over a network to a NIM server.
Provides facilities for a non-interactive installation.
Saves system-created paging space definitions.
Saves LV policies and file system attributes.
There should be minimal user and application activity.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-3. System image backup AN123.1

Notes:
The mksysb utility provides the following functions:
Saves the definition of the paging space
Provides a non-interactive installation that gives information required at installation time
through a data file
Saves the inter-disk and intra-disk policies for the logical volumes
Saves map files for logical volumes, if requested by the user
Provides the ability to shrink the file system and logical volume in a volume group at
system installation or mksysb recovery time
Saves the file system characteristics
Allows the user to restore single or multiple files from a system image
The volume group image is saved in backup format.
System backup or clone?
If the mksysb command is used for to backup the source system, it is considered a
system backup. However, if the intent of the backup is to provide a customized system

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

for use on other machines, the mksysb is considered a clone. Cloning means
preserving either all or some of a system's customized information for use on a different
machine. During install, the default option is Enable System Backups to install any
system = Yes. This means that mksysb files are not system specific. Otherwise, if the
mksysb by itself, is used to clone a machine or LPAR that is not a hardware clone, it
may not work, as it cannot provide support for hardware devices unique to the new
machine or LPAR. For example, loading a mksysb image made from a physical
machine will not install correctly on a virtual LPAR because they use different AIX
filesets. However, this is an easy problem to resolve. In addition to the mksysb, you
also need to boot using the AIX installation media to provide the filesets needed by the
other machine or LPAR. If using a NIM server, a bosinst.data file must be defined with
the option INSTALL_DEVICES_AND_UPDATES = yes and the lppsource allocated to the
client machine, must also have all the possible device support.
Non-interactive installation
If a system backup is being made to install another system or to reinstall the existing
system, a customer can predefine installation information so questions at installation
time are already answered. This keeps user interaction at the target node to a
minimum. The system backup and BOS install, interact through several files. The
mksysb saves the data, used by the installation, through taking a snapshot of the
current system, and its customized state.
System backup components
The components provided as part of the system backup utility, are packaged in the
bos.sysmgt.sysbr package.

11-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Creating a mksysb image


IBM Power Systems

smit mksysb /usr/bin/mksysb -i /backups/my_mksysb


Back
Back Up
Up the
the System
System
Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/backups/my_mksysb]
[/backups/my_mksysb]
/Create
/Create MAP
MAP files?
files? no
no
EXCLUDE
EXCLUDE files?
files? no
no
List
List files
files as
as they
they are
are backed
backed up?
up? no
no
Verify Back up to tape, for
Verify readability
readability if
if tape
tape device?
device? no
no example /dev/rmt0
Generate
Generate new
new /image.data
/image.data file?
file? yes
yes is also popular.
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no
Disable
Disable software
software packing
packing ofof backup?
backup? no
no
Backup extended attributes?
Backup extended attributes? yes
yes
Number
Number of
of BLOCKS
BLOCKS to
to write
write inin aa single
single output
output []
[]
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Location
Location of
of existing
existing mksysb
mksysb image
image []
[]
File
File system
system to
to use
use for
for temporary
temporary work
work space
space []
[]
(If
(If blank,
blank, /tmp
/tmp will
will be
be used.)
used.)
Backup
Backup encrypted
encrypted files?
files? yes
yes
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? yes
yes ++

SMIT also provides facilities to do a system backup to CD and


DVD, see smit sysbackup
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-4. Creating a mksysb image AN123.1

Notes:
Introduction
The SMIT screen shown in the visual, Back Up the System, performs a a mksysb
operation and only backs up mounted file systems in rootvg.
Create MAP files?
This option generates a layout mapping of the logical-to-physical partitions for each
logical volume in the volume group. This mapping is used to allocate the same
logical-to-physical partition mapping when the image is restored.
EXCLUDE files?
This option excludes the files and directories listed in the /etc/exclude.rootvg file from
the system image backup.
List files as they are backed up?
Change the default to see each file listed as it is backed up. Otherwise, you see a
percentage-completed progress message while the backup is created.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Verify readability if tape device?


Verifies the file header of each file on the backup tape, and reports any read errors as
they occur.
Generate new /image.data file?
If you have already generated a new /image.data file and don't want a new file created,
change the default to no. The default value is yes (-i flag) on the command line.
EXPAND /tmp if needed?
Choose yes if the /tmp file system can automatically expand if necessary during the
backup.
Disable software packing of backup?
The default is no, which means the files are packed before they are archived to tape.
Files that cannot be compressed are placed in the archive as is. Restoring the archive
automatically unpacks the files packed by this option. If the tape drive you are using
provides packing or compression, set this field to yes.
Backup extended attributes?
By default, the mksysb, savevg, and backup utilities save any extended attributes. If
you plan to restore to a back-level system which does not understand the format with
extended attributes, then this option allows you to override that default behavior.
Number of BLOCKS to write in a single output
This specifies the number of 512 bytes to write in a single output operation, referred to
as the block size. If a number is not specified, the backup command uses a default
value appropriate for the physical device selected. Larger values result in larger
physical transfers to tape devices. The block size must be a multiple of the physical
block size of the device being used.
Location of existing mksysb image
Specifies the full path name to the location of a previously-created mksysb image that
can be used to create a bootable tape backup.
File system to be used for temporary work space
Specifies the full path name to the location of a directory or file system to be used as
temporary space to create a bootable tape backup. The file system used must have at
least 100 MB of available free disk space for the creation of the bootable image. If this
field is left blank, the /tmp file system is used.
Back up encrypted files?
Specifies if encrypted files should be backed up. AIX 6.1 introduces the ability to
encrypt files on a per file basis without the need of third party tools.
Back up DMAPI file system files?
Specifies if DMAPI file system files are to be backed up.

11-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

image.data file
IBM Power Systems

The image.data file contains information describing the image installed


during the BOS installation process. This includes:
Sizes, names, maps, and mount points of logical volumes and file systems in
the root volume group
It is a large file arranged in stanza format
Is not recommended that the user modify the file, apart from the shrink field
New image.data can be created during a mksysb operation or by
calling the mkszfile command.
image_data:
image_data:
IMAGE_TYPE=
IMAGE_TYPE= bff
bff
DATE_TIME=
DATE_TIME= Mon
Mon 20
20 Oct
Oct 17:54:07
17:54:07 2008
2008
UNAME_INFO=
UNAME_INFO= AIX neo
AIX neo 11 66 00CBE2FE4C00
00CBE2FE4C00
PRODUCT_TAPE= no
PRODUCT_TAPE= no
USERVG_LIST=
USERVG_LIST=
PLATFORM=
PLATFORM= chrp
chrp The SHRINK field can be
OSLEVEL=
OSLEVEL= 6.1.1.0
6.1.1.0
OSLEVEL_R=
set to yes.
OSLEVEL_R= 6100-01
6100-01
CPU_ID=
CPU_ID= 00CBE2FE4C00
00CBE2FE4C00
LPAR_ID=
LPAR_ID= 44

logical_volume_policy:
logical_volume_policy:
SHRINK=
SHRINK= no
no
EXACT_FIT=
EXACT_FIT= no
no

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-5. image.data file AN123.1

Notes:
The image.data file contains information describing the image installed during the BOS
installation process. This information includes the sizes, names, maps, and mount points of
logical volumes and file systems in the root volume group. The mkszfile command
generates the image.data file. It is not recommended that the user modify the file.
Changing the value of one field without correctly modifying any related fields, can result in
a failed installation, and a corrupted backup image. The only exception to this
recommendation is the SHRINK field, which the user may modify to instruct the BOS
installation routines to create the file systems as specified in the image.data file, or to
create the file systems only as large as is required to contain all the data in the file system.
The BOS installation process also takes input from the image.data file regarding defaults
for the machine being installed. Any default values in the image.data file will override
values obtained when the BOS installation queries the hardware topology and existing root
volume group. The image.data file resides in the / directory.
To create a mksysb backup image with a customized image.data file:
Create a new image.data file: # mkszfile.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Edit the image.data file as appropriate.


Create mksysb with the customized image.data file: # mksysb /backup/my_mksysb.
This file is part of System Backup and BOS Install Utilities.

11-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

bosinst.data file
IBM Power Systems

Defines defaults for variables controlling an installation


Can be used to created non-prompted installations
Key options below, for a full description see:
/usr/lpp/bosinst/bosinst.template.README
control_flow:
control_flow:
CONSOLE
CONSOLE == Default
Default ALT_DISK_INSTALL_BUNDLE = no
INSTALL_METHOD
INSTALL_METHOD == overwrite
overwrite GRAPHICS_BUNDLE = yes
PROMPT
PROMPT == no
no MOZILLA_BUNDLE = no
EXISTING_SYSTEM_OVERWRITE
EXISTING_SYSTEM_OVERWRITE == yes
yes KERBEROS_5_BUNDLE = no
INSTALL_X_IF_ADAPTER
INSTALL_X_IF_ADAPTER == nono SERVER_BUNDLE = yes
RUN_STARTUP
RUN_STARTUP == yes
yes ALT_DISK_INSTALL_BUNDLE = no
RM_INST_ROOTS
RM_INST_ROOTS == no
no
ERROR_EXIT
ERROR_EXIT == locale:
CUSTOMIZATION_FILE
CUSTOMIZATION_FILE == SCREEN
SCREEN BOSINST_LANG = en_US
TCB
TCB == no
no CULTURAL_CONVENTION = en_GB
INSTALL_TYPE
INSTALL_TYPE == MESSAGES = en_US
BUNDLES
BUNDLES == KEYBOARD = en_GB
SWITCH_TO_PRODUCT_TAPE
SWITCH_TO_PRODUCT_TAPE ==
RECOVER_DEVICES
RECOVER_DEVICES == nono target_disk_data:
BOSINST_DEBUG
BOSINST_DEBUG == no
no PVID =
ACCEPT_LICENSES
ACCEPT_LICENSES == PHYSICAL_LOCATION =
DESKTOP
DESKTOP == CDE
CDE CONNECTION =
INSTALL_DEVICES_AND_UPDATES
INSTALL_DEVICES_AND_UPDATES == yes
yes LOCATION =
IMPORT_USER_VGS
IMPORT_USER_VGS == SIZE_MB =
ENABLE_64BIT_KERNEL
ENABLE_64BIT_KERNEL == Default
Default HDISKNAME = hdisk0
CREATE_JFS2_FS
CREATE_JFS2_FS == yes
yes
ALL_DEVICES_KERNELS
ALL_DEVICES_KERNELS == nono

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-6. bosinst.data file AN123.1

Notes:
/bosinst.data file
This file enables the administrator to specify the requirements at the target system and how
the user interacts with the target system. It provides flexibility by allowing unattended
installations. The system backup utilities simply copy the /bosinst.data into the second file
on the mksysb tape. If this file is not in the root directory, the
/usr/lpp/bosinst/bosinst.template is copied to the /bosinst.data.
Key fields (highlight in the visual):
PROMPT: Will determine if the installation is to be prompted (yes) or non-prompted (no)
INSTALL_DEVICES_AND_UPDATES: When installing a mksysb image to a system with a
different hardware configuration, boot from product media to get any missing device
drivers installed. In addition, if the product media is a later level of AIX than the mksysb,
software in the mksysb image will be updated. To prevent either of these additional
installations from occurring, set this field to no. The default is yes.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

INSTALL_METHOD: Specifies a method of installation: migrate, preserve,


erase_only, or overwrite
CREATE_JFS2_FS: Specifies whether you want to create enhanced journaled file
systems. The choices are yes and no
ALL_DEVICES_KERNELS: Specifies whether to install all device and kernel filesets
The choices are yes and no. If you select no, your system will be installed with the
devices and kernel specific to your system configuration. If you select yes, when you
create a system backup of your system, you can use that system backup to install any
system.
LOCALE STANZA: Will determine:
- The language to use during installation
- Primary cultural convention to use after reboot
- Primary message catalogs to use after reboot
- Keyboard map to use after reboot
TARGET DISK STANZA: Will determine where to create the root volume group.

11-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

mksysb tape image format


IBM Power Systems

Blocksize = Blocksize = Blocksize = Tape drive


512 512 512 blocksize

BOS boot mkinsttape dummy rootvg


image image backup image
.toc
1st Section 2nd Section 3rd Section 4th Section
0 1 2 3

Kernel ./image.data Dummy TOC Backup


device drivers ./bosinst.data by name
./tapeblksz

To list files in the backup image on a mksysb:


lsmksysb f /dev/rmt0

To restore individual files from the mksysb:


restorevgfiles f /dev/rmt0 ./etc/inittab
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-7. mksysb tape image format AN123.1

Notes:
This visual shows the tape layout of a mksysb image.
BOS boot image
The BOS boot image contains a copy of the system's kernel and device drivers needed
to boot from the tape.
mkinsttape image
The mkinsttape image contains the following files:
./image.data holds the information needed to re-create the root volume group
and its logical volumes and file systems.
./bosinst.data contains the customizable installation procedures and dictates
how the BOS installation program behaves. This file allows for the
non-interactive installations.
./tapeblksz contains the block size setting of the tape drive used during the
backup. This applies to the files in the fourth section.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Dummy TOC
The dummy TOC is used to make mksysb tapes have the same number of files as the
BOS installation tapes.
rootvg backup image
The rootvg backup image contains all the data from the backup. This data is saved
using the backup command which is discussed shortly
Listing and extracting files in a tape mksysb image
The easiest way to list files or to restore individual files from any media (tape or optical)
is to use the generic list and restore commands:
- # lsmksysb -f <device> , where <device> might be /dev/rmt0 or /dev/cd0.
- # restorevgfiles -f <device> <file name>,
<device> might be /dev/rmt0 or /dev/cd0.
<file> can be one of more files such as ./etc/inittab
For tape specific restores, a combination of tape control and AIX file system restore
commands can be used:
- # tctl -f /dev/rmt0 rewind
- # tctl -f /dev/rmt0.1 fsf 3
- # restore -Tvf /dev/rmt0
OR
- restore -Tv s4 -f /dev/rmt0
The tctl command can be used to rewind and fast forward the tape to the start of the
fourth section (third tape mark). Then, the restore command, as shown in the
example can be used to extract (-x) or list (-T) files on the tape. Alternatively, if the
tape is already rewound, then the restore command can be used directly to extract
files from the fourth section (-s4).
For further information regarding tape manipulation, see the tctl man page.

11-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Restoring a mksysb: From tape device (1 of 2)


IBM Power Systems

Using the SMS menus, boot the system from the tape device.
Restore mksysb image from the device, that is, tape
(/dev/rmt0), as follows:
Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
>> 3
>> 3 Start Maintenance Mode for System Recovery
Start Maintenance Mode for System Recovery
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)

11 Access
Access AA Root
Root Volume
Volume Group
Group
22 Copy
Copy a System Dump to
a System Dump to Removable
Removable Media
Media
33 Access
Access Advanced
Advanced Maintenance
Maintenance Functions
Functions
44 Erase
Erase Disks
Disks
>>
>> 66 Install
Install from
from aa System
System Backup
Backup

Tape
Tape Drive
Drive Path
Path Name
Name
>>
>> 11 tape/scsi/4mm/2GB
tape/scsi/4mm/2GB/dev/rmt0
/dev/rmt0

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-8. Restoring a mksysb: From tape device (1 of 2) AN123.1

Notes:
Start a mksysb restoration
To restore a mksysb image from tape, boot the machine into SMS just as if you were
performing an installation. As shown previously in the installation unit, select the device to
boot from (in this case tape). Then, insert the mksysb tape and start the machine or LPAR.
The machine boots from the tape and prompts you to define the console and select a
language for installation. Once you have answered those questions, then the Installation
and Maintenance menu is presented.
You can also boot from installation media which presents the same screens. Just be sure to
put the mksysb tape in the tape drive before answering the last question.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Restoring a mksysb: From tape device (2 of 2)


IBM Power Systems

Welcome
Welcome to
to Base
Base Operating
Operating System
System
Installation
Installation and
and Maintenance
Maintenance
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter. Choice
Choice is
is indicated
indicated by
by >>.
>>.
11 Start
Start Install
Install Now
Now With
With Default
Default Settings
Settings
>>
>> 22 Change/Show
Change/Show Installation
Installation Settings
Settings and
and Install
Install
33 Start
Start Maintenance
Maintenance Mode
Mode for
for System
System Recovery
Recovery
44 Configure
Configure Network
Network Disks
Disks (iSCSI)
(iSCSI)

System
System Backup
Backup Installation
Installation and
and Settings
Settings
Type
Type the
the number
number of
of your
your choice
choice and
and press
press Enter.
Enter.
11 Disk(s)
Disk(s) where
where you
you want
want to
to install
install hdisk0
hdisk0
Use Maps
Use Maps No
No
22 Shrink
Shrink Filesystems
Filesystems No
No
00 Install
Install with
with the
the settings
settings listed
listed above
above

Installing
Installing Base
Base Operating
Operating System
System
Please
Please wait...
wait...
Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)

33 00 Making
Making logical
logical volumes
volumes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-9. Restoring a mksysb: From tape device (2 of 2) AN123.1

Notes:
Changing installation settings
From the Installation and Maintenance menu, select option 2, Change/Show
Installation Settings and Install.
(Not all menu options are shown, due to format space limitations)
The options from the System Backup and Installation and Settings menu are:
1 Disk(s) where you want to install
- Select disks where you want to install.
Use Maps
- The option Use Maps lets you choose whether to use the map files created (if you
created any) during the backup process of the mksysb tape. The default is no. If the
selected disks do not have map files, then this option would not be available.
2 Shrink Filesystems

11-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty - The option Shrink Filesystems installs the file systems using the minimum required
space. The default is no. If yes, all file systems in rootvg are shrunk. So remember
after the restore, evaluate the current file system sizes. You might need to increase
their sizes.
0 Install with the settings listed above
- At the end, select option 0 which installs using the settings selected. Your mksysb
image is restored.
The system then reboots.
Additional options that you might see are:
Import User Volume Groups
- You have the option to have user volume groups imported after the installation
completes. The default is Yes.
Recover devices
- BOS installation program attempts to recreate the devices the same way they were
on the machine the mksysb was created on. This is normal procedure for regular
mksysb restores on the same system. However, for cloning (installing the mksysb
image on another system), you may not want these devices configured this way,
especially for network configuration. The default is Yes.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Restoring a mksysb: From a NIM server (1 of 2)


IBM Power Systems

Restore a mksysb image from a NIM server using the SMS


menu.
Note: NIM server configuration is covered in the AN22 NIM course.
PowerPC
PowerPC Firmware
Firmware
Version
Version SF240_338
SF240_338
SMS
SMS 1.6
1.6 (c)
(c) Copyright
Copyright IBM
IBM Corp.
Corp. 2000,2005
2000,2005 All
All rights
rights reserved.
reserved.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Main
Main Menu
Menu
1.
1. Select
Select Language
Language
2.
2. Setup
Setup Remote
Remote IPL
IPL (Initial
(Initial Program
Program Load)
Load) #then
#then select
select the
the adapter
adapter && IP
IP
Parameters
Parameters
3.
3. Change
Change SCSI
SCSI Settings
Settings
4.
4. Select
Select Console
Console
5.
5. Select
Select Boot
Boot Options
Options

IP Enter client and NIM


IP Parameters
Parameters server IP details.
Interpartition
Interpartition Logical
Logical LAN:
LAN: U9113.550.65F2E7F-V9-C3-T1
U9113.550.65F2E7F-V9-C3-T1
1.
1. Client IP Address
Client IP Address [10.47.1.21]
[10.47.1.21]
2.
2. Server
Server IP
IP Address
Address [10.47.1.33]
[10.47.1.33]
3.
3. Gateway
Gateway IP
IP Address
Address [000.000.000.000]
[000.000.000.000]
4.
4. Subnet
Subnet Mask
Mask [255.255.0.0]
[255.255.0.0]

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-10. Restoring a mksysb: From a NIM server (1 of 2) AN123.1

Notes:
First, the resources (mksysb image, bosinst.data, SPOT) have to be allocated to the client
on the NIM server and the NIM server must run a bosinst operation on your client machine.
This is covered in the NIM course, AN22.
Next, boot the client into SMS mode and select option 2, Setup Remote IPL. This option
allows us to define the network parameters of the NIM server and client. Once the IPL
details have been entered, press ESC to return to the main menu.

11-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Restoring a mksysb: From NIM server (2 of 2)


IBM Power Systems
Return to main menu, by selecting option 5 Boot Options. Then select the following:
1. Select Install/Boot Device
6. Network -- followed by the network adapter to the boot from
2. Normal Mode Boot
1. Yes -- to exit System Management Services
BOOTP:
BOOTP: chosen-network-type
chosen-network-type == ethernet,auto,none,auto
ethernet,auto,none,auto BOOTP R = 1 BOOTP S = 2
BOOTP: server FILE: /tftpboot/alex.lpar.co.uk
BOOTP: server IP IP == 10.47.1.33
10.47.1.33
BOOTP: requested FINAL Packet Count = 27900
BOOTP: requested filename
filename == FINAL File Size = 14284288 bytes.
BOOTP:
BOOTP: client
client IP =
IP = 10.47.1.21
10.47.1.21 load-base=0x4000
BOOTP:
BOOTP: client
client HW HW addr
addr == ea
ea 48
48 f0
f0 00 90
90 33 real-base=0x2000000
BOOTP:
BOOTP: gateway
gateway IPIP == 0.0.0.0
0.0.0.0
BOOTP:
BOOTP: device
device /vdevice/l-lan@30000003
/vdevice/l-lan@30000003
BOOTP:
BOOTP: loc-code
loc-code U9113.550.65F2E7F-V9-C3-T1
U9113.550.65F2E7F-V9-C3-T1 Client issues a bootp request
to NIM master and downloads
the boot image via TFTP
Installing
Installing Base
Base Operating
Operating System
System

Please
Please wait...
wait...

Approximate
Approximate Elapsed
Elapsed time
time
%% tasks
tasks complete
complete (in
(in minutes)
minutes)

33 00 Making
Making logical
logical volumes
volumes

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-11. Restoring a mksysb: From NIM server (2 of 2) AN123.1

Notes:
The visual shows the rest of the steps involved in completing the mksysb restore.
This example assumes that the NIM servers was configured to provide a bosint.data file
with PROMPT=NO and all the necessary information provided, Otherwise, the system
console would need to be used to walk through the Install and Maintenance panels shown
on the previous visuals.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Creating a backup of a data volume group


IBM Power Systems

smit savevg /usr/bin/savevg f /tmp/datavg_bk_svg -i datavg


Back
Back Up
Up aa Volume
Volume Group
Group to
to Tape/File
Tape/File
** Backup
Backup DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
** VOLUME
VOLUME GROUP to back
GROUP to back up
up [datavg]
[datavg] ++
List
List files
files as
as they
they are
are backed
backed up?
up? no
no ++
Generate
Generate new
new vg.data
vg.data file?
file? yes
yes ++
Create
Create MAP
MAP files?
files? no
no ++
EXCLUDE
EXCLUDE files?
files? no
no ++
EXPAND
EXPAND /tmp
/tmp if
if needed?
needed? no
no ++
Disable
Disable software
software packing
packing ofof backup?
backup? no
no ++
Backup
Backup extended
extended attributes?
attributes? yes
yes ++
Number
Number of
of BLOCKS
BLOCKS to
to write
write in
in aa single
single output
output []
[] ##
(Leave
(Leave blank to use a system default)
blank to use a system default)
Verify
Verify readability
readability ifif tape
tape device?
device? no
no ++
Back
Back up
up Volume
Volume Group
Group information
information files
files only?
only? no
no ++
Back
Back up
up encrypted
encrypted files?
files? yes
yes ++
Back
Back up
up DMAPI
DMAPI filesystem
filesystem files?
files? no
no ++

SMIT also provides facilities to do a VG backup to CD and DVD


(smit vgbackup).
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-12. Creating a backup of a data volume group AN123.1

Notes:
To back up non-rootvg volume groups, use smit savevg or smit savevg. The parameters
are virtually identical to creating a mksysb image.
The savevg command finds and backs up all files belonging to a specified volume group.
The volume group must be varied-on, and the file systems must be mounted. The savevg
command uses the data file created by the mkvgdata command. This data file can be one
of the following:
/tmp/vgdata/vgname/<vgname>.data
Contains information about a user volume group. The <vgname> variable reflects the
name of the volume group. The savevg command uses this file to create a backup
image that can be used by the restvg command to remake the user volume group.

11-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Restoring a backup of a data volume group


IBM Power Systems

smit restvg /usr/bin/restvg -q f /tmp/datavg_bk_svg


Remake
Remake aa Volume
Volume Group
Group
** Restore
Restore DEVICE
DEVICE or
or FILE
FILE [/tmp/datavg_bk_svg]
[/tmp/datavg_bk_svg] +/
+/
SHRINK the filesystems?
SHRINK the filesystems? no
no ++
Recreate
Recreate logical
logical volumes
volumes and
and filesystems
filesystems only?
only? no
no ++
PHYSICAL
PHYSICAL VOLUME
VOLUME names
names []
[] ++
(Leave
(Leave blank
blank to
to use
use the
the PHYSICAL
PHYSICAL VOLUMES
VOLUMES listed
listed
in
in the vgname.data file in the backup image)
the vgname.data file in the backup image)
Use
Use existing
existing MAP
MAP files?
files? yes
yes ++
Physical
Physical partition
partition SIZE
SIZE in
in megabytes
megabytes []
[] +#
+#
(Leave
(Leave blank
blank to
to have
have the
the SIZE
SIZE determined
determined
based on disk size)
based on disk size)
Number
Number of
of BLOCKS
BLOCKS to
to read
read in
in aa single
single input
input []
[] ##
(Leave
(Leave blank
blank to
to use
use aa system
system default)
default)
Alternate
Alternate vg.data
vg.data file
file []
[] //
(Leave
(Leave blank
blank to
to use
use vg.data
vg.data stored
stored in
in
backup image)
backup image)

Prior to restoring the VG


Unmount all file systems which are part of that VG.
Vary off and export the volume group.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-13. Restoring a backup of a data volume group AN123.1

Notes:
The visual shows the process of restoring a non-rootvg volume group. Standard out from
the smit screen is shown below:

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

COMMAND STATUS
Command: OK stdout: yes stderr: no
Before command completion, additional instructions may appear below.
Will create the Volume Group: datavg
Target Disks: hdisk1
Allocation Policy:
Shrink Filesystems: no
Preserve Physical Partitions for each Logical Volume: no
datavg
loglv01
fslv00
New volume on /tmp/datavf_bk_svg:
Cluster size is 51200 bytes (100 blocks).
The volume number is 1.
The backup date is: Mon 20 Oct 20:29:05 2008
Files are backed up by name.
The user is root.
x 11 ./tmp/vgdata/datavg/image.info
x 127 ./tmp/vgdata/vgdata.files598152
x 127 ./tmp/vgdata/vgdata.files
x 2444 ./tmp/vgdata/datavg/filesystems
x 2481 ./tmp/vgdata/datavg/datavg.data
x 340 ./tmp/vgdata/datavg/backup.data
x 0 ./data
x 0 ./data/lost+found
x 1024 ./data/file1
x 1024 ./data/file2
x 1024 ./data/file3
The total size is 5530 bytes.
The number of restored files is 11.

11-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Traditional UNIX and AIX backup commands


IBM Power Systems

AIX
Backup and restore

Other popular backup, restore commands across UNIX


platforms:
tar
cpio
pax
dd

Compression utilities
Compress, restore using uncompress or zcat
gzip, restore using gunzip
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-14. Traditional UNIX and AIX backup commands AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Backup by filename and restore


IBM Power Systems

File names are read from standard input.


## cat
cat listfile
listfile
/home/aix/file1
/home/aix/file1
/home/aix/file2
/home/aix/file2 Absolute paths
/home/aix/file3
/home/aix/file3
## backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0 << listfile
listfile

Relative paths
## find
find /home/aix
/home/aix || backup
backup -iqvf
-iqvf /dev/rmt0
/dev/rmt0

## cd
cd /home/aix
/home/aix
## find
find .. || backup
backup -iqvf
-iqvf /backup/aix.backup
/backup/aix.backup List files

## restore
restore -Tvf
-Tvf /backup/aix.backup
/backup/aix.backup
Extract (restore)
files
## restore
restore -xvf
-xvf /backup/aix.backup
/backup/aix.backup

## restore
restore -xvf
-xvf /tmp/aix.backup
/tmp/aix.backup ./file1
./file1 Extract individual
file
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-15. Backup by filename and restore AN123.1

Notes:
The backup command
The backup command is a useful command for making backups of AIX files and
directories. backup supports two different methods:
Backup by filename
Backup by i-node (also call a file system backup)
When performing a backup by filename, the files must be in a mounted file system to be
backed up. Backup by i-node, backs up file systems when they are unmounted.
Note: Relative versus full file names will impact the location of files on recovery!
Popular backup flags
-q: Media is ready
-i: Specifies that files be read from standard input and archived by file name.
-v: Verbose - display filenames during backup
-f: Device
Popular restore flags
-T: List files
-x: Extract files
For further information see the man pages.

11-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Backup and restore by inode


IBM Power Systems

Only supported if file systems are unmounted! Full backup

## backup
backup -u
-u -0
-0 -f
-f /tmp/databkup_21Oct_level0
/tmp/databkup_21Oct_level0 /data
/data

## backup
backup -u
-u -1
-1 -f
-f /tmp/databkup_21Oct_level1
/tmp/databkup_21Oct_level1 /data
/data

## cat
cat /etc/dumpdates
/etc/dumpdates
/dev/rfslv00
/dev/rfslv00 11 Tue
Tue Oct
Oct 21
21 15:45:21
15:45:21 2008
2008
Incremental backup
/dev/rfslv00
/dev/rfslv00 00 Tue
Tue Oct
Oct 21
21 15:40:54
15:40:54 2008
2008

Backup history

## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level0
/tmp/databkup_21Nov_level0

## restore
restore -rqvf
-rqvf /tmp/databkup_21Nov_level1
/tmp/databkup_21Nov_level1

Must restore first to the last level 0


then followed by each incremental

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-16. Backup and restore by inode AN123.1

Notes:
Backup by inode is useful for performing full (level 0) and incremental backups of file
systems. Backup by inode should only be completed when the filesystem is unmounted!
Note: The command will complete if the filesystem is in use, but the following warning
message is displayed, Backup: 0511-251 The file system is still mounted; data
may not be consistent.
Popular backup by inode flags
-u: update /etc/dumpdates will backup transaction history
-0-9: backup level, 0 is full, 1...9 represents incremental change since level n-1
-f: device
Popular restore by inode flags
-r: restore files
For further information see the man pages.
When restoring file system archives, the restore command creates and uses a file named
restoresymtable. This file is created in the current directory. The file is necessary for the
restore command to do incremental file system restores. Do not remove the
restoresymtable file if you perform incremental file system backups and restores.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

tar command
IBM Power Systems

tar is derived from tape archive


Create a tar backup (-c)
## tar
tar cvf
cvf /dev/rmt0
/dev/rmt0 /home
/home
## tar
tar -cvf
-cvf /backup/home.tar
/backup/home.tar /home
/home
List files in a tar backup (-t)
## tar
tar tvf
tvf /dev/rmt0
/dev/rmt0

Extract files from a tar backup (-x)

## tar
tar xvf
xvf /dev/rmt0
/dev/rmt0

Copying directories and files using tar


## cd
cd /data
/data
## tar
tar -cf
-cf -- .|
.| (cd
(cd /junk2
/junk2 &&
&& tar
tar xBpf
xBpf -)
-)
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-17. tar command AN123.1

Notes:
The tar command archives and restores files. tar is most commonly used in tandem with
an external compression utility, since it has no built-in data compression facilities.
Here is a list of the commonly used options:
-c creates a tar backup.
-x extracts (restores) one or more files from a tar file.
-t reads the content of the tar file (verify the backup).
-v verbose output - displays files as they are backed up and restored.
-f identifies the file or device holding the tar image.
-h follows symbolic links.
-u appends files to an existing archive.
-p preserves file permissions, ignoring the present umask value.
-B forces a consistent blocking factor to help ensure this copy is made correctly.
The final .tar file is usually called a tarball.

11-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

cpio command
IBM Power Systems

cpio is derived from copy in and out.


Create a cpio backup (-o)
## find
find /home
/home || cpio
cpio ov
ov >> /backup/home.bk
/backup/home.bk

List files in a cpio backup (-t)


## cpio
cpio -itv
-itv << /backup/home.bk
/backup/home.bk

Extract files from a cpio backup (-i)


## cpio
cpio idv
idv << /backup/home.bk
/backup/home.bk

Copy the contents of the current location to /mydir

## find
find .. -depth
-depth || cpio
cpio -pd
-pd /mydir
/mydir

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-18. cpio command AN123.1

Notes:
cpio copies file archives in from, or out to tape, disk, or another location on the local
machine.
Here is a list of the commonly used options:
-o command reads file path names from standard input and copies these files to
standard output, along with path names and status information.
-i command reads from standard input an archive file created by the cpio -o command
and copies from it the files with names that match the Pattern parameter.
-p copies files to another directory on the same system.
-d creates directories as needed.
-v verbose (print files)

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

pax command
IBM Power Systems

tar and cpio syntax differ slightly between UNIX platforms.


IEEE addressed this problem with pax, meaning peace in Latin

Create a pax backup of /home (-w)

## pax
pax -wf
-wf /backup/home_pax.ar
/backup/home_pax.ar /home
/home

List files in a pax backup (-v)

## pax
pax -v
-v f
f /backup/home_pax.ar
/backup/home_pax.ar

Extract files in a pax backup (-r)

## pax
pax -rvf
-rvf /backup/home_pax.ar
/backup/home_pax.ar

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-19. pax command AN123.1

Notes:
The pax command extracts, writes, and lists members of archive files; copies files and
directory hierarchies.
Rather than sort out the incompatible options that have crept up between tar and cpio,
along with their implementations across various versions of UNIX, the IEEE designed a
new archive utility. Pax means peace in Latin, so the utility is named to create peace
between the tar and cpio.

11-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

dd command
IBM Power Systems

The primary purpose of dd is the low-level copying and


conversion of raw data.
Copy tape to tape. Tape1 block size=1KB. Tape2 block size=2KB.
## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024
ibs=1024 obs=2048
obs=2048 of=/dev/rmt1
of=/dev/rmt1

Perform a raw data backup of /home to tape, then restore:

## tar
tar -cvf
-cvf -- /home
/home || dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0
## tar
tar -cvf
-cvf -- /home
/home || rsh
rsh <system>
<system> dd
dd obs=1024k
obs=1024k of=/dev/rmt0
of=/dev/rmt0

## dd
dd if=/dev/rmt0
if=/dev/rmt0 ibs=1024k
ibs=1024k || tar
tar xvf
xvf -- Writing to a tape
drive on a remote
machine

Convert /etc/passwd from ASCII to EBCDIC:


## dd
dd if=/etc/passwd
if=/etc/passwd of=/etc/passwd.ebcdic
of=/etc/passwd.ebcdic conv=ebcdic
conv=ebcdic

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-20. dd command AN123.1

Notes:
The dd command reads in standard input or the specified input file, converts it, and then
writes to standard out or the named output.
The common options are:
if= specifies the input file.
of= specifies the output file.
conv= designates the conversion to be done.
Copying specific blocks
The dd command is also useful when you need to copy specific blocks of data. For
example, if a file systems superblock (stored in the first block of the file system) is corrupt,
a copy is kept at the 31st block. The dd command can copy that 31st block back to the first
to repair the file system. The command is:
# dd count=1 bs=4k skip=31 seek=1 if=/dev/hd4 of=/dev/hd4

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Compression commands (1 of 2)
IBM Power Systems

Archives created with backup utilities are usually compressed.


Reduce the size of the backup.
This can be done using a number of utilities, such as compress.
Examples (using compress, uncompress, and zcat):
## compress
compress -v
-v /tmp/data.tar
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: Compression:
Compression: 95.50%
95.50% This
This file
file is
is replaced
replaced
with
with /tmp/data.tar.Z.
/tmp/data.tar.Z.

## uncompress
uncompress /tmp/data.tar.Z
/tmp/data.tar.Z
/tmp/data.tar.Z:
/tmp/data.tar.Z: This
This file
file is
is replaced
replaced with
with /tmp/data.tar.
/tmp/data.tar.

zcat expands a
compressed file to
## zcat
zcat /tmp/data.tar.Z
/tmp/data.tar.Z || tar
tar -xvf
-xvf -- standard out.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-21. Compression commands (1 of 2) AN123.1

Notes:
Files which are archived are usually further compressed to reduce their size. Compress,
uncompress and zcat commands are standard commands across UNIX platforms for
compressing and uncompressing files.

11-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Compression commands (2 of 2)
IBM Power Systems

Examples (gzip and gunzip)

## gzip
gzip -v
-v /tmp/data.tar
/tmp/data.tar
/tmp/data.tar:
/tmp/data.tar: 97.7%
97.7% --
-- replaced
replaced with
with
/tmp/data.tar.gz
/tmp/data.tar.gz

## gunzip
gunzip -v
-v /tmp/data.tar.gz
/tmp/data.tar.gz
/tmp/data.tar.gz:
/tmp/data.tar.gz: 97.7%
97.7% --
-- replaced
replaced with
with Creates a
/tmp/data.tar
/tmp/data.tar compressed
tarball
(.tar.gz) of the
## tar
tar -cvf
-cvf -- /data
/data || gzip
gzip -c
-c >> data_tar.gz
data_tar.gz /data directory.

## gunzip
gunzip -c
-c data_tar.gz
data_tar.gz || tar
tar xvf
xvf -- Decompresses
and extracts the
compressed
tarball (.tar.gz).

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-22. Compression commands (2 of 2) AN123.1

Notes:
gzip is a software application used for file compression. gzip is short for GNU zip. The
program is very popular and is a free replacement for the compress program which was
predominately used in early UNIX systems.
Another popular and free compression utility is bzip2 which is based on a lossless data
compression algorithm. Bzip2 compression is generally more effective than gzip. The
usage of bzip2 and bunzip2 (for decompression) is fairly similar to gzip and gunzip
respectively.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Good practices
IBM Power Systems

Take regular backups.

Verify your backups.


Check the tape device(s).
Label tapes.

Keep old backups.

Keep a copy of the backups securely offsite.

Test recovery procedures before you have to use them!

Consider deploying an enterprise storage management


solution like Tivoli Storage Manager (TSM).
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-23. Good practices AN123.1

Notes:
Take regular backups. Always take regular backups of data. The most efficient way of
doing this is through regular automated incremental backups, as done through products
like TSM.
Verify your backups. Always verify your backed up data. Use restore -T (or tar -t) to
view the contents. With mksysb tapes, you can position the tape to the correct marker
and verify the contents without having to restore the data.
Check the tape devices. The tapechk command can be used to check a number of
files on a tape. If no argument is specified, then the first block on the tape is checked. If
a number is specified, that number of files are checked. You can also position the tape
before tapechk is run by specifying a second number. For example, tapechk 2.1 reads
two files after skipping past the first file.The tapechk command can be used to detect
malfunctioning hardware.
Label your tapes. There is no way to know what is on the tape by looking at it. The
label should at least list the tape files, the commands used to create the tape, the date
created, and the block size.

11-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Keep old backups. Keep old backups in case something goes wrong with the new
ones.
Keep a copy of backups securely offsite. Store a set of backups off site in case
something happens to your site.
Test recovery procedures. Test your recovery procedure before you have to. Know
that you can recover before you have to recover.
Consider deploying an enterprise storage solution. Enterprise storage solutions like
Tivoli Storage Manager provide centralized, automated storage management and data
protection. TSM storage management software protects you from the risks of data loss
and helps you reduce complexity, manage costs, and address compliance with data
retention and availability requirements.

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. What is the difference between the following two commands?


a. find /home/fred | backup -ivf /dev/rmt0
b. cd /home/fred; find . | backup -ivf /dev/rmt0

2. On a mksysb tape, what command would you use to restore


individual files from a mksysb tape?

3. True or False: smit mksysb backs up all file systems,


provided they are mounted.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-24. Checkpoint AN123.1

Notes:

11-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Backup and restore

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-25. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 11. Backup and restore 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Back up the rootvg volume group using the mksysb utility
Explain how to restore the operating system using a
mksysb image
Explain the role of the image.data and bosinst.data
files
Back up and restore a user defined volume group
Back up and restore file systems using various utilities

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 11-26. Unit summary AN123.1

Notes:

11-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 12. Security and user administration: Part one

What this unit is about


This unit describes the key concepts related to AIX security and user
administration.

What you should be able to do


After completing this unit, you should be able to:
Define the concepts of users and groups, and explain how and
when these should be allocated on the system
Describe ways of controlling root access on the system
Explain the uses of SUID, SGID, and SVTX permission bits
Administer user accounts and groups

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX 7.1 Information
SG24-7424 AIX 7.1 Advanced Security Features: Introduction and
Configuration (Redbook)
SG24-7559 AIX Version 7.1 Differences Guide (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Define the concepts of users and groups, and explain how
and when these should be allocated on the system
Describe ways of controlling root access on the system
Explain the uses of SUID, SGID, and SVTX permission bits
Administer user accounts and groups

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-1. Unit objectives AN123.1

Notes:

12-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty 12.1.Security and user concepts

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Security and user concepts


IBM Power Systems

After completing this topic, you should be able to:


Understand user accounts and groups
Describe the role of RBAC
Understand and apply file permissions
Including the role of the umask parameter
Change file ownership and group assignment

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-2. Security and user concepts AN123.1

Notes:

12-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

User accounts
IBM Power Systems

Each user has a unique name, numeric ID, and password.


File ownership is determined by a numeric user ID.
The owner is usually the user who created the file, but
ownership can be transferred by root.
Default users:
root Superuser
adm, sys, bin, ... IDs that own system files but
cannot be used for login

## id
id
uid=0(root)
uid=0(root) gid=0(system)
gid=0(system)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-3. User accounts AN123.1

Notes:
Importance of user accounts
The security of the system is based on a user being assigned a unique name, a unique
user ID (UID) and password, and a primary group ID (GID). When the user logs in, the
UID is used to validate all requests for file access. The UID, associated groups, and
GIDs can be seen by the id command.
File ownership
When a file is created, the UID associated with the process that created the file is
assigned ownership of the file. Only the owner or root can change the access
permissions.
Automatically created user accounts
There are several user accounts automatically created. root, for example, is one. Some
user accounts are not made for login but only to own certain files. adm, sys, and bin
are examples of that type of account.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Controlling access to the root account


IBM Power Systems

roots password:
Carefully guard
Non-trivial passwords
Changed on an unannounced schedule
Assign different root passwords to different machines.
Always log in as an ordinary user first and then su to root
instead of logging in as root.
audit trail in /var/adm/sulog
Enforce use of the su method to use root authority:

## chuser
chuser login=false
login=false su=true
su=true sugroup=system
sugroup=system root
root

Do not include unsecured directories in root's PATH.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-4. Controlling access to the root account AN123.1

Notes:
Guidelines for root account password
If the root password is known by too many people, no one can be held accountable.
The root password should be limited to just two or three administrators. The fewer
people who know root's password, the better. The system administrator should ensure
that distinct root passwords are assigned to different machines. You may allow normal
users to have the same passwords on different machines, but never do this for root.
Use of the su command
Attempts to become root through su can be investigated. Successful and unsuccessful
attempts might be logged by the audit system.
PATH variable for root account
Do not include unsecured directories in the value of PATH for the root account. Note
that root's PATH is used by many implicit system functions, not just by a user logged in
as root.

12-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Groups
IBM Power Systems

A group is a set of users who need access to a set of files.


Group membership is commonly used to delegate system
administration authority.
Every user is a member of at least one group and can be a
member of several groups (a groupset).
The user has access to a file if any group in the users
groupset provides access.
To list the groupset, use the groups command.
The user's real group ID is used for file ownership on creation.
To change the real group ID, use the newgrp command.
Default groups are:
System administrators: system
Ordinary users: staff
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-5. Groups AN123.1

Notes:
Function of groups
Users that require shared access to a set of files are placed in groups. Each group has
a unique name and Group ID (GID). The GID, like the UID, is assigned to a file when it
is created. A user can belong to multiple groups.
Predefined groups
There are several groups predefined on an AIX system. For example, the system
group is root's group and the staff group is for all ordinary users.
Planning and administering groups
The creation of groups to organize and differentiate the users of a system or network is
part of systems administration. The guidelines for forming groups should be part of the
security policy. Defining groups for large systems can be quite complex, and once a
system is operational, it is very difficult to change the group structure. Investing time
and effort in devising group definitions before your system arrives is recommended.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Groups should be defined as broadly as possible and be consistent with your security
policy. Do not define too many groups because defining groups for every possible
combination of data type and user type can lead to impossible extremes.
A group administrator is a user who is allowed to assign the members and
administrators of a group. It does not imply that the user has any administrative abilities
for the system.
Types of groups
There are three types of groups on the system:
User groups
- User groups should be made for people who need to share files on the
system, such as people who work in the same department, or people who are
working on the same project.
System administrator groups
- System administrators are automatically members of the system group.
Membership of this group allows the administrators to perform some of the
system tasks without having to be the root user.
System defined groups
- Several system-defined groups exist. staff is the default group for all
non-administrative users created in the system. security is another
system-defined group with limited privileges for performing security
administration. The system-defined groups are used to control certain
subsystems.
Use of the newgrp command
A user's real group identification is used to determine the group ownership of a file
created by that user. The newgrp command changes a user's real group identification. If
you provide a group name as a parameter to the newgrp command, the system
changes the name of your real group to the group name specified (if the group name
specified is part of your groupset). If no group name is provided as a parameter, the
newgrp command changes your real group to the group specified as your primary group
in the /etc/passwd file.
Example:
$ id
uid=206(secc) gid=7(security) groups=1(staff)
$ newgrp staff
$ id
uid=206(secc) gid=1(staff) groups=7(security)

12-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System defined groups


IBM Power Systems

system security
Rights to
printq administrative
adm functions
audit
shutdown

staff Ordinary
users

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-6. System defined groups AN123.1

Notes:
Rights to administrative functions
As indicated on the visual, membership in some groups confers rights to the use of
certain administrative functions. Membership in the staff group does not provide rights
to the use of administrative functions.
Common groups
Common groups on the system (and their intended uses) are as follows:
system for most configuration and standard hardware and software maintenance
printq for managing queuing.
- Typical commands which can be run by members of this group are: enable,
disable, qadm, qpri, and so forth.
security to handle most passwords and limits control
- Typical commands which can be run by members of this group are: mkuser,
rmuser, pwdadm, chuser, chgroup, and so forth.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

adm most monitoring functions such as performance, cron, accounting staff, default
group assigned to all new users
- You may want to change this in /usr/lib/security/mkuser.defaults.
audit for auditors
shutdown allows use of the shutdown command.

12-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Role based access control


IBM Power Systems

Very granular delegation of system administration tasks


Authorizations to run privileged commands assigned to roles
For example, SysBoot role authorizes executing shutdown
Roles, such as SysBoot, assigned to users

1 Roles 2 Users

Authorizations Roles

Domain RBAC
Controls which objects can be administered

Network Intranet interface


Mgt.

Internet interface
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-7. Role based access control AN123.1

Notes:
Why do we need RBAC?
The difficulty with permission (or even access control list) based access control is that
you must secure the needed resource rather than the command. It was often difficult to
know which resources were the ones needed. In some cases we are dealing with kernel
resources. In addition, a given resource may have multiple uses and a single group
access to it may not work. Allowing a program to be root with suid allowed one to
bypass the resource permissions, but suid itself was a potential exposure. With
Enhanced Resource Based Access Control (RBAC), resource access is controlled
through privileged commands and then only users with the proper authorization are
allowed to execute the privileged command. The authorization and privileges are fine
grained.
Legacy RBAC
Starting with AIX 4.2.1, a form of RBAC was provided but was difficult to work with.
Even though a user was assigned a role, that user was often still unable to execute the
associated tasks until a requisite command was converted to a set uid executable and

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

the user was made a member of the associated group. In addition, the legacy
framework was implemented without involvement of the kernel.
Enhanced RBAC
Starting with AIX 6.1, an enhanced form of RBAC is provided. The enhanced RBAC
framework involves the kernel and thus is more secure. The new framework is also
more granular and extensive than the legacy RBAC. Once a role is assigned to a user,
they have the authorization to do the related tasks without having to play with file
permissions or group membership. While the framework supports user defined
privileged commands, authorizations, and roles, Starting with version 6.1, AIX provides
10 predefined roles that can be used without additional RBAC configuration. The details
of the RBAC framework is outside the scope of this course, however more detail with a
simple example is included in topic two of this unit.
Sudo
Sudo (su do) is free add-on software for UNIX systems which enables a system
administrator to delegate authority to give certain users, or groups of users, the ability to
run some, or all, commands as root or another user while providing an audit trail of the
commands and their arguments. Enhanced RBAC, eliminates the use of sudo like tools.

12-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

File/directory permissions
IBM Power Systems

File Perm. Bit Directory


Read content of file r List content of directory
Modify content of file w Create and remove files in
directory
Use file name to execute x Give access to directory
as a command
Run program with SUID --------
effective UID of owner
Run program with SGID Files created in directory
effective GID of group inherit the same group as
the directory
-------- SVTX Must be owner of files to
delete files from directory

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-8. File/directory permissions AN123.1

Notes:
Permission bits
There are a number of permission bits associated with files and directories. The
standard r (read), w (write), and x (execute) permissions, define three levels of access
for the user (owner), group, and others. In addition, there are three permission bits
known as SUID (set UID), SGID (set GID), and SVTX (sticky bit).
The SUID bit
SUID on an executable file means that when the file runs, the process runs with an
effective UID of the owner of the file. SUID is not supported on shell scripts.
SUID has no meaning on a directory.
The SGID bit
SGID on an executable file means that when the file runs, the process runs with an
effective GID of the group owner of the file.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

SGID on a directory means that any file or directory created within the directory will
have the same group ownership as the directory rather than the real group ID or
primary group of the user.
The SGID permission bits are propagated down through the directory structure, so that
any directory created in a directory with the SGID bit set, also inherits that bit.
The SVTX bit
SVTX on a file has no meaning in AIX. It was used in earlier versions of UNIX.
Traditional UNIX used SVTX to keep a program in memory after it had completed
running, but with memory management routines, this is no longer necessary. SVTX is
known as the sticky bit.
SVTX on a directory means that even if the directory has global write permission (for
example, /tmp), users cannot delete a file within it, unless they either own the file, or the
directory.

12-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Reading permissions
IBM Power Systems

owner group other


r w x r w x r w x

s s t
S S T

SUID SUID SGID SGID sticky sticky


only +x only +x bit bit
only +x
## ls
ls -ld
-ld /usr/bin/passwd
/usr/bin/passwd /usr/bin/crontab
/usr/bin/crontab /tmp
/tmp

-r-sr-xr-x
-r-sr-xr-x root
root security
security ...
... /usr/bin/passwd
/usr/bin/passwd
-r-sr-sr-x
-r-sr-sr-x root
root cron
cron ...
... /usr/bin/crontab
/usr/bin/crontab
drwxrwxrwt
drwxrwxrwt bin
bin bin
bin ...
... /tmp
/tmp
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-9. Reading permissions AN123.1

Notes:
How SUID, SGID, and SVTX settings are indicated
The SUID bit is indicated by an S or s in the slot normally reserved for the execute
permission for owner (user). The SGID bit is indicated by an S or s in the slot normally
reserved for the execute permission for group. The SVTX bit is indicated by a T or t in the
slot normally reserved for the execute permission for others. Since this slot must show if
execute is on/off and whether the additional permission bit is on/off, the uppercase S or T is
used to indicate that the execute permission is off. The lowercase s or t indicates the
execute permission is on.
Discussion of examples on visual
Three examples of files that use these additional permissions are shown on the visual:
The passwd command allows users to change their passwords even though
passwords are stored in a restricted area.
The crontab command allows users to create a crontab file even though access to the
directory where crontab files reside is restricted for ordinary users.
Permission bit settings for /tmp allow everyone to write to the directory, but only the
owner of a file can remove a file from the /tmp directory.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Changing permissions
IBM Power Systems

4 2 1
SUID SGID SVTX
owner group other
r w x r w x r w x
4 2 1 4 2 1 4 2 1

# chmod 4 7 7 7 file1 SUID


# chmod 2 7 7 7 file1 SGID
# chmod 1 7 7 7 dir1 SVTX
OR
# chmod u+s file1 SUID
# chmod g+s file1 SGID
# chmod +t dir1 SVTX
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-10. Changing permissions AN123.1

Notes:
Setting the additional permission bits
To set the additional permission bits, you use the same command (chmod) as you do to
set the regular permission bits.
Using octal notation to set the additional permission bits
Using the octal notation, you are probably familiar with setting permissions using a
command like: # chmod 777 file1. When you issue this command, the more complete
command would be: # chmod 0777 file1. The fourth number, a zero, is implied. This fourth
position determines whether the additional bits are turned on.
You normally use the numeric values of 4, 2, and 1 to set r, w, and x. That remains the
same. To set the additional bits, you are affecting the x position in either the user, group, or
other area. If you assign numeric values to user (4), group (2), and other (1), these are the
values that you insert into the fourth position to set the additional bit:
SUID is indicated in the user's area. Therefore use a 4 in the fourth position.
SGID is indicated in the group area. Therefore use a 2 in the fourth position.

12-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty SVTX is indicated in the others area. Therefore use a 1 in the fourth position.
Using the symbolic method to set the additional permission bits
You can also use the symbolic method to set the additional permission bits. The visual
shows how to set the values using the symbolic method.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

umask
IBM Power Systems

The umask governs permissions on new files and directories.


System default umask is 022.
022 calculation Files: 666 Directories: 777
umask: 022 umask: 022
644 755
rw-r--r-- rwxr-xr-x

A umask of 027 is recommended.


027 calculation Files: 666 Directories: 777
umask: 027 umask: 027
640 750
rw-r----- rwxr-x---

/etc/security/user specifies default and individual user


umask values.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-11. umask AN123.1

Notes:
Function of umask
The umask specifies what permission bits are set on a new file when it is created. It is
an octal number that specifies which of the permission bits are not set.
Default value of umask
If no umask was used, then files would be created with permissions of 666 and
directories would be created with permissions of 777. The system default umask is 022
(indicating removal of the 2 bit, or write from the group and others area). Therefore,
removing write from group and other, results in an initial permission for files of 644 and,
for directories, 755. Execute permission is never set initially on a file.
Changing the umask to enhance security
The default setting of the umask is 022. For tighter security you should make the
umask 027, or even 077. An initial umask value can be set as an attribute of the user
definition.

12-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty The umask command


To view or change the value of the umask for the current session, use the umask
command.
Values stored in /etc/security/user file
The umask is specified in /etc/security/user. The default stanza in this file specifies
the system wide default, but a value can be specified on a per-user basis.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Changing ownerships and groups


IBM Power Systems

The chown command:


## chown
chown fred
fred file1
file1

The chgrp command:


## chgrp
chgrp staff
staff file1
file1

Changing both user and group ownership:


## chown
chown fred:staff
fred:staff file1
file1
-- OR
OR --
## chown
chown fred.staff
fred.staff file1
file1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-12. Changing ownerships and groups AN123.1

Notes:
Using chown to change ownership
As illustrated on the visual, the chown command can be used by root to change the
ownership on a file.
Using chgrp to change group ownership
The chgrp command is used to change the group ownership of a file. Any owner of a
file can change the group ownership to any group in their groupset. The root user can
change the group ownership to any group on the system.
Changing both ownership and group ownership
The chown command can be used by root to set both the ownership, and group
ownership, of a file. As illustrated on the visual, this can be done two different ways.

12-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Security policy and setup


IBM Power Systems

Identify the different types of users and what data they will
need to access.
Consider using enhanced RBAC roles to perform system
administration tasks (as opposed to using root).
Organize groups around the type of work that is to be done.
Organize ownership of data to fit with the group structure.
Set SVTX on shared directories.
Security policy and implementation design should be formally
documented.
Security
Security
policy
policyand
and
setup
setup

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-13. Security policy and setup AN123.1

Notes:
Planning user and group administration
Plan and organize your user and group administration. Every user does not need their
own group. Good planning up front reduces any reorganizing of users and groups later
on.
Use of the sticky bit
Always protect your shared directories by setting the sticky bit. Then users will not
remove each others files accidentally, or intentionally.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Topic summary
IBM Power Systems

Having completed this topic, you should be able to:


Understand user accounts and groups
Describe the role of RBAC
Understand and apply file permissions
Including the role of the umask attribute
Change file ownership and group assignment

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-14. Topic summary AN123.1

Notes:

12-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty 12.2.User and group administration

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

User and group administration


IBM Power Systems

After completing this topic, you should be able to:


Understand how security commands are used to manage
security files
Add, list, change, and delete users and groups
Set and change passwords
Recover root password if lost or forgotten
Identify files that hold user and group definitions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-15. User and group administration AN123.1

Notes:

12-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Security files and security commands


IBM Power Systems

Many different commands can modify a security file.


mkuser chsec

/etc/security/user

chuser vi

A single command can result in an update to several files.


mkuser, chuser, rmuser

/etc/security/passwd /etc/security/limits

/etc/passwd /etc/security/user

Best practice: Avoid directly editing files.


Use high level management commands (or SMIT).
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-16. Security files and security commands AN123.1

Notes:
While the user and group definitions are kept in flat ASCII files, the proper way to work with
these definitions is by executing high level commands or SMIT). Thus, the best way to
update user attributes in /etc/security/user is to use the mkuser and chuser commands. In
situations where these cant be used (such as changing) default attributes, then you may
have to use a command such as chsec.
The tool of last resort is to use a file editor. Not only is it possible to make mistakes that can
violate the syntax of a file or value restrictions on the attributes, but you also might not
properly coordinate the multiple inter-related files.
The high level commands allow you to change a value without knowing in which file that
attribute is stored, will ensure that the files are consistent, and that values are within the
proper ranges.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Validating the user environment


IBM Power Systems

pwdck verifies the validity of local authentication information:


pwdck {-n|-p|-t|-y} {ALL | username}
Verifies consistency between /etc/passwd, /etc/security/passwd,
and /etc/security/user

usrck verifies the validity of a user definition:


usrck {-l|-b|-n|-p|-t|-y} {ALL | username}
Checks consistency between /etc/passwd, /etc/security/user,
/etc/security/limits, and /etc/security/passwd
Reasonability checks on attribute values
Option l will identify problems that would block a users access

grpck verifies the validity of a group:


grpck {-n|-p|-t|-y} {ALL | groupname }
Verifies that the files /etc/passwd, /etc/security/user, /etc/group,
and /etc/security/group are consistent
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-17. Validating the user environment AN123.1

Notes:
Use of validation commands
The commands listed on the visual can be executed by root or any user in the security
group to clean up after a change to the user configuration. Because they run with root
permissions, they give administrative users the ability to make necessary changes to
the /etc/security/passwd file in a controlled way, without knowing the root password.
The usrck command
The usrck command verifies the validity of the user definitions in the user database
files, by checking the definitions for all the users or for the users specified by the user
parameter. You must select a flag to indicate whether the system should try to fix
erroneous attributes.
Options for pwdck, usrck, and grpck commands
All the options for pwdck, usrck, and grpck are as follows:
-n Reports errors but does not fix them

12-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty -p Fixes errors but does not report them


-t Reports errors and asks if they should be fixed
-y Fixes errors and reports them
Additional options for usrck, are as follows:
-b Reports users who are not able to access the system and the reasons, with
the reasons displayed in a bit-mask format
-l Scans all users or the users specified by the User parameter to determine if
the users can access the system and if not - identify the cause of the problem

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

chsec, lssec, and stanza format security files


IBM Power Systems

File name /etc/security/user

Stanza name default:


admin = false
login = true

Attribute name umask = 022

root:
login = true

Syntax:
chsec f filename -s stanza_name -a attribute_name=value
lssec f filename -s stanza_name -a attribute_name
Example:
# lssec f /etc/security/user -s default -a umask
default umask=22
# chsec f /etc/security/user -s default -a umask=027
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-18. chsec, lssec, and stanza format security files AN123.1

Notes:
Many security files are in a stanza format with the stanza name as a label followed by
multiple attributes, one line per attribute. It is common in stanza file to have a default
stanza, followed by override stanzas such as individual users or individual terminals. While
high level commands can be used with specific users, the only command that can be used
with the default stanza is the chsec command.
The chsec and lssec commands work with many different files that are in this stanza
format. To locate the attribute the command requires you to identify the filename, stanza
name, and attribute name.

12-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Here is a more complete example of /etc/security/user showing the default stanza and a
user stanza:
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 000
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = "compat"
loginretries = 0
account_locked = false
registry = files
admgroups =

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

User and group administration hierarchy


IBM Power Systems

Some users and groups are set as administrative.


flag=ADMIN: Attribute in /etc/security/passwd stanza
admin=true: Attribute in /etc/security/group stanza
Default primary group of an admin user is system (guid 0).
UID and GID default values:
Standard users and groups have high values ( > 200)
Administrative users and groups have low values
Only root can add, remove, or change an admin user or admin group.

root
administer
root
admin user or group
root or administer
security group standard user or group

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-19. User and group administration hierarchy AN123.1

Notes:
Capabilities of members of certain groups
The ability to perform certain system tasks (like creating users) depends upon the standard
AIX file permissions. Most system administration tasks can be performed by users other
than root if those users are assigned to groups such as system, security, printq, cron,
adm, audit, or shutdown. In particular, a user in the security group can add, remove, or
change other users and groups.
Purpose of user hierarchy
To protect important users and groups from users in the security group, AIX has three
levels of user hierarchy: root, admin users and groups, and normal users and groups. Only
root can add, remove, or change an admin user or admin group. Therefore, you can define
a user that has a high level of access, but is protected from users in the security group.

12-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Security & Users


IBM Power Systems

# smit security

Security
Security && Users
Users

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Users
Users
Groups
Groups
Passwords
Passwords
Login
Login Controls
Controls
PKI
PKI
LDAP
LDAP
Role
Role Based
Based Access
Access Control
Control (RBAC)
(RBAC)
Trusted
Trusted Execution
Execution

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-20. Security & Users AN123.1

Notes:
The Security & Users menu
The Security & Users menu is used to manage user and group IDs on the system. The
menu consists of the seven options described below.
Users
This option is used to add users to the system, delete existing users and change the
characteristics of existing users.
Groups
This option is used to add groups to the system, delete groups, and change the
characteristics of existing groups.
Passwords
This option is used to change the password for a user. It is also required when setting
up a new user or when a user has forgotten their password.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Login Controls
This option provides functions to restrict access for a user account or on a particular
terminal.
PKI
PKI stands for X.509 Public Key Infrastructure certificates. This option is used to
authenticate users using certificates and to associate certificates with processes as
proof of a user's identity.
LDAP
LDAP stands for Light Directory Access Protocol. It provides a way to centrally
administer common configuration information for many platforms in a networked
environment. A common use of LDAP is the central administration of user
authentication. The SMIT option here allows us to configure this platform as either an
LDAP client or an LDAP server.
Roles Based Access Control (RBAC)
This option sets up user roles. User roles allow root to give authority to an ordinary user
to perform a portion of root's functions.
Trusted Execution
Trusted Execution (TE) refers to a collection of features that are used to verify the
integrity of the system and implement advanced security policies, which together can be
used to enhance the trust level of the complete system.

12-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

SMIT users
IBM Power Systems

# smit users

Users
Users

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Add
Add aa User
User
Change
Change aa User's
User's Password
Password
Change
Change // Show
Show Characteristics
Characteristics of
of aa User
User
Lock
Lock // Unlock
Unlock aa User's
User's Account
Account
Reset
Reset User's
User's Failed
Failed Login
Login Count
Count
Remove
Remove aa User
User
List
List All
All Users
Users

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-21. SMIT users AN123.1

Notes:
Add a User: Add user accounts.
Change a User's Password: Make password changes.
Change/Show Characteristics of a User: Changes the many characteristics that are
part of the user account. The password restrictions are part of this area.
Lock/Unlock a User's Account: This is used to temporarily disable an account. It is a
good security practice to disable accounts if they are not expected to be used for a
reasonably long period of time, as when someone is on an extended leave of absence.
Reset User's Failed Login Count: If the administrator has set a limit to the number of
failed attempts that can be made on an account before locking it, this resets that count.
Remove a User: Removes the user account, but not files owned by that user
List all users: Runs the lsuser command

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing users
IBM Power Systems

The lsuser command:


lsuser [-c | -f] [-a attribute ] {ALL | username }

Example:
## lsuser
lsuser -a
-a id
id home
home ALL
ALL
root
root id=0
id=0 home=/
home=/
daemon
daemon id=1
id=1 home=/etc
home=/etc
bin
bin id=2
id=2 home=/bin
home=/bin
sys
sys id=3
id=3 home=/usr/sys
home=/usr/sys
adm
adm id=4
id=4 home=/var/adm
home=/var/adm
uucp
uucp id=5
id=5 home=/usr/lib/uucp
home=/usr/lib/uucp
guest
guest id=100
id=100 home=/home/guest
home=/home/guest
alex
alex id=333
id=333 home=/home/alex
home=/home/alex

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-22. Listing users AN123.1

Notes:
Function of the lsuser command
The lsuser command is used to list the attributes of all users (ALL) or individual users on
the system.
Using SMIT to list users
When the List All Users option in SMIT is used, the user name, ID and home directory
are listed.
Commonly used lsuser flags
When the lsuser command is issued directly, the data may be listed in line format, in colon
format (-c), or in stanza format (-f). Individual attributes or all attributes may be selected.
The output can also be generated for individual users.
Sources of information listed
The information reported by lsuser is gathered from the security files: /etc/passwd,
/etc/security/limits, and /etc/security/user.

12-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Add or change a user


IBM Power Systems

# smit mkuser mkuser id=333 alex


Add
Add aa User
User
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired changes.
Enter AFTER making all desired changes.
[TOP]
[TOP] [Entry
[Entry Fields]
Fields]
** User
User NAME
NAME [alex]
[alex]
User
User ID ID [333]
[333] ##
ADMINISTRATIVE
ADMINISTRATIVE USER?
USER? false
false ++
Primary
Primary GROUP
GROUP []
[] ++
Group
Group SETSET []
[] ++
ADMINISTRATIVE
ADMINISTRATIVE GROUPS
GROUPS []
[] ++
ROLES
ROLES []
[] ++
Another
Another user
user can
can SU
SU TO
TO USER?
USER? true
true ++
SU
SU GROUPS
GROUPS [ALL]
[ALL] ++
HOME
HOME directory
directory []
[]
Initial
Initial PROGRAM
PROGRAM []
[]
.. .. ..

# smit chuser chuser groups='staff,security' alex


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-23. Add or change a user AN123.1

Notes:
Ways of adding a user
The mkuser command or SMIT can be used to add a user. User attributes can be specified
to override the default values.
User name
The only value that must be specified, is the user name. Traditionally, this name was
restricted to eight characters in length. Beginning with AIX 5L V5.3, this limit can be
changed to allow names as long as 255 characters. The limit is modified in the
Change/Show Attributes of the Operating System panel (smit chsys).
Changing user characteristics
The Change/Show Characteristics of a User option, which runs the chuser command, allows
any of the user characteristics listed previously, except the user name, to be changed. This
can only be executed by root or a member of the security group. Only root can change an
admin user. This SMIT screen holds exactly the same attributes as the Add a User screen.
The chuser command
The following command can be used to change characteristics of a user:
# chuser attribute=value username

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Assign a password
IBM Power Systems

root or members of security group can assign or change the password


of another user.
A new user ID is blocked until an initial password is assigned.
If user forgets password, a new password can be set.
User is prompted to change password at first login.
root or security
## pwdadm
pwdadm <username>
<username> group

OR
OR
## passwd
passwd [username]
[username] root only
OR
OR
## smit
smit passwd
passwd root or security
group

To avoid prompt to change password at first login:


## pwdadm
pwdadm cc <username>
<username>
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-24. Assign a password AN123.1

Notes:
Setting an initial password
When a user ID is created with SMIT or with the mkuser command, the user ID is disabled.
(An asterisk (*) is in the password field of /etc/passwd.) To enable the ID, the passwd or
pwdadm command must be used to set up the initial password for the user.
Entry of passwords (things to be aware of)
When passwords are entered, they are not displayed. When changing a password, the new
password is requested a second time for verification.
The ADMCHG flag
If root or a member of the security group sets the password for a user, the ADMCHG flag
is set in the flags field in /etc/security/passwd. The user is then prompted to change the
password at the next login.
Recovering from a forgotten password
There is no way to examine an existing password on the system. The only way to recover
from a forgotten password, is for an administrator or root, to set a new one for the user.

12-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Invocation of passwd command by SMIT


The option Passwords on the Users menu of SMIT uses the pwdadm command when
invoked by a member of security group to change someone elses password, but otherwise
uses the passwd command.
Using the passwd command
Ordinary users who use passwd to change their passwords, are first prompted for the old
password, and then they are asked twice for a new password. When root uses passwd to
set a user's password, passwd only prompts twice for the new password.
Using the pwdadm command
Members of the security group, can use pwdadm to change the passwords of
non-administrative accounts. Members of the security group are first prompted to enter
their own password, and then prompted twice to enter the user's new password. The root
user is only prompted twice for the new password.
Users with ADMIN flag set
Only root can change the password for a user who has the ADMIN flag set in
/etc/security/passwd.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Regaining roots password


IBM Power Systems

1. Boot from optical media, NIM, or a bootable tape.


2. Select Access a Root Volume Group from the Maintenance menu.

Maintenance
Maintenance

>>>
>>> 11 Access
Access aa Root
Root Volume
Volume Group
Group
22 Copy
Copy aa System
System Dump
Dump to
to Removable
Removable Media
Media
33 Access
Access Advanced Maintenance Functions
Advanced Maintenance Functions
44 Erase
Erase Disks
Disks

3. Follow the options to activate the root volume group and obtain a shell.
4. Once a shell is available, execute the passwd command to change
roots password.
5. Enter the following command:
# sync ; sync
6. Reboot the system.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-25. Regaining roots password AN123.1

Notes:
If the root password is lost, just follow the steps as shown in the visual.

12-38 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

/etc/passwd file
IBM Power Systems

Format: name:password:UID:principleGID:Gecos:HomeDirectory:Shell
## cat
cat /etc/passwd
/etc/passwd
root:!:0:0::/:/usr/bin/ksh
root:!:0:0::/:/usr/bin/ksh
daemon:!:1:1::/etc:
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
guest:!:100:100::/home/guest:
nobody:!:4294967294:4294967294::/:
nobody:!:4294967294:4294967294::/:
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
pconsole:*:8:0::/var/adm/pconsole:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
sshd:*:202:201::/var/empty:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
alex:!:333:1::/home/alex:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
tyrone:!:204:1::/home/tyrone:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh
ted:*:205:1::/home/ted:/usr/bin/ksh ! = Passwd is set in
/etc/security/passwd
* = no password set
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-26. /etc/passwd file AN123.1

Notes:
Role of the /etc/passwd file
The /etc/passwd file lists the users on the system and some of their attributes. This file
must be readable by all users, because commands such as ls access it.
Fields in the /etc/passwd file
The fields in the /etc/passwd file are:
User name: Up to eight alphanumeric characters (not all uppercase)
Password: On older UNIX systems, this contained the encrypted password. On AIX, it
either contains an exclamation mark (!) to refer to the /etc/security/passwd file or an
asterisk (*), which means the user has no password assigned.
UID: The user ID number for the user
GID: The ID of the primary group to which this user belongs
Information: Any descriptive text for the user

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Directory: The login directory of the user and the initial value of the $HOME variable
Login program: Specifies the initial program or shell that is executed, after a user
invokes the login command, or su command
Using index files for better login performance
In AIX, additional files can be created to be used as index files for the /etc/passwd,
/etc/security/passwd, and /etc/security/lastlog files. These index files provide for better
performance during the login process. Use the mkpasswd -f command to create the
indexes. The command mkpasswd -c can be used to check the indexes, and rebuild any
that look suspicious.

12-40 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

/etc/security/passwd file
IBM Power Systems

## cat
cat /etc/security/passwd
/etc/security/passwd
root:
root:
password
password == etNKvWlXX5EFk
etNKvWlXX5EFk
lastupdate
lastupdate = 1145381446
= 1145381446
flags =
flags =
daemon:
daemon:
password
password == **
bin:
bin:
password
password == **
alex:
alex:
password
password == XAkhucsiyVwAA
XAkhucsiyVwAA
lastupdate
lastupdate = 1225381869
= 1225381869
flags =
flags =
tyrone:
tyrone:
password
password == RWWoFp5iuL.JI
RWWoFp5iuL.JI
lastupdate
lastupdate = 1225381903
= 1225381903
flags = ADMCHG,ADMIN,NOCHECK
flags = ADMCHG,ADMIN,NOCHECK
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-27. /etc/security/passwd file AN123.1

Notes:
Role of the /etc/security/passwd file (commonly referred to as the shadow password
file)
The /etc/security/passwd file contains the encrypted user passwords and can only be
accessed by root. The login, passwd, pwdadm, and pwdck commands, which run
with root authority, update this file. This file is in stanza format with a stanza for each
user.
Index files
As previously mentioned, in AIX, additional files can be created to be used as index files
for /etc/security/passwd and some related files. These index files provide for better
performance during the login process. These indexes are created using the mkpasswd
command.
Entries in /etc/security/passwd
Valid entries in /etc/security/passwd are:

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Password: Either the encrypted password asterisk (*) for invalid, or blank for no
password
Lastupdate: The date and time of the last password update in seconds from 1 January
1970
Flags:
- ADMCHG: The password was last changed by an administrator or root.
- ADMIN: The user's password can only be changed by root.
- NOCHECK: Password restrictions are not in force for this user.
See /etc/security/user for password restrictions.

12-42 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

SMIT groups
IBM Power Systems

# smit groups

Groups
Groups

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

List
List All
All Groups
Groups
Add
Add aa Group
Group
Change
Change // Show
Show Characteristics
Characteristics of
of aa Group
Group
Remove
Remove aa Group
Group

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-28. SMIT groups AN123.1

Notes:
Purpose of groups
The purpose of groups is to give a common set of users the ability to share files. The
access is controlled using the group set of permission bits.
Group management restrictions
Only root and members of the security group can create groups. root and security
group members, can select a member of the group to be the group administrator. This
privilege allows the user to add and remove users from the group.
Predefined groups
There are a number of predefined groups on AIX systems, like the system group
(which is root's group), and the staff group (which contains the ordinary users).

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Listing groups
IBM Power Systems

The lsgroup command:


lsgroup [-c | -f] [-a attribute ] {ALL | groupname }

Example:
## lsgroup
lsgroup f
f -a
-a id
id users
users ALL
ALL
system:
system:
id=0
id=0
users=root,esaadmin,pconsole
users=root,esaadmin,pconsole
staff:
staff:
id=1
id=1
users=ipsec,ted,sshd,alex,local,tyrone,daemon
users=ipsec,ted,sshd,alex,local,tyrone,daemon
bin:
bin:
id=2
id=2
users=root,bin
users=root,bin
...
...
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-29. Listing groups AN123.1

Notes:
The lsgroup command
The lsgroup command is used to list all groups, or selected groups, on the system. The
data is presented in line format by default, in colon format (-c), or in stanza format (-f).
Commonly used options of the lsgroup command
The -c option displays the attribute for each group, in colon separated records.
The -f option displays the group attributes in stanza format with each stanza identified
by a group name.

12-44 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Add or change a group


IBM Power Systems

# smit mkgroup mkgroup id=101 users=alex,tyrone techies

Add
Add aa Group
Group

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** Group
Group NAME
NAME [techies]
[techies]
ADMINISTRATIVE
ADMINISTRATIVE group?
group? false
false ++
Group ID
Group ID [101]
[101] ##
USER
USER list
list [alex,tyrone]
[alex,tyrone] ++
ADMINISTRATOR
ADMINISTRATOR list
list []
[] ++
Projects
Projects []
[] ++
Initial
Initial Keystore
Keystore Mode
Mode []
[] ++
Keystore
Keystore Encryption
Encryption Algorithm
Algorithm []
[] ++
Keystore
Keystore Access
Access []
[] ++

# smit chgroup chgroup techies a users=tyrone techies


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-30. Add or change a group AN123.1

Notes:
The mkgroup command
The mkgroup command is the command used to create a new group. The group name,
traditionally, must be a unique string of eight or fewer characters. With AIX 5L V5.3 and
later, the maximum name length can be modified to be as large as 255 characters.
Limit on group membership
A user may belong to no more than 32 groups.
The mkgroup/SMIT options
The mkgroup -a option is used to indicate that the new group is to be an administrative
group. Only the root user can add administrative groups to the system.
ADMINISTRATOR list and USER list: In the SMIT screen shown on the visual,
ADMINISTRATOR list is a list of members from the USER list that are allowed to
change the characteristics of a group and add or remove members.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Projects: Starting with AIX 5L V5.3, the SMIT Add a Group screen has a new field,
Projects, for tracking resource usage in the Advanced Accounting subsystem.
The following fields are related to Encrypted File Systems. This topic is outside the scope
of this class. Attend AN57 AIX Security, for training in this area.
Initial Keystore Mode: The efs_initalks_mode of admin allows for root, or other
security privileged system users, to reset the user's key store password. Otherwise, if
the user forgets their key store password, they will not be able to access their Encrypted
File System files. If the guard mode is selected, then root cannot reset the user's key
store password.
Keystore Encryption Algorithm: This option specifies the algorithm for the user's
key, within the key store. This key protects the encrypting key of files the user creates,
within the Encrypted File System.
Keystore Access: The key store enables the user to utilize files in the Encrypted File
System. The selection of file will create a key store file associated with this user. It is
recommended that file is selected. Select none for no key store to be created. All other
EFS (efs_*) attributes will not have any effect.
The chgroup command
The chgroup command is used to change the characteristics of a group. It can only be
run by root or a member of the security group.
Group attributes
The group attributes that can be changed are the same as set with mkgroup.
The chgrpmem command
The chgrpmem command can be used by any user to change either the administrators,
or the members of a group, for which the user running the command, is a group
administrator.
The chsh command
The chsh interactive command can be used by any user to change that users login
shell.
The chfn command
The chfn interactive command can be used by any user to their GECOS information in
/etc/passwd.

12-46 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Group files
IBM Power Systems

## cat
cat /etc/group
/etc/group
system:!:0:root,esaadmin,pconsole
system:!:0:root,esaadmin,pconsole
staff:!:1:ipsec,sshd,alex,tyrone,ted
staff:!:1:ipsec,sshd,alex,tyrone,ted
bin:!:2:root,bin
bin:!:2:root,bin
sys:!:3:root,bin,sys
sys:!:3:root,bin,sys
adm:!:4:bin,adm
adm:!:4:bin,adm
uucp:!:5:nuucp,uucp
uucp:!:5:nuucp,uucp
...
...

## cat
cat /etc/security/group
/etc/security/group
system:
system:
admin
admin == true
true
staff:
staff:
admin
admin == false
false
bin:
bin:
admin
admin == true
true
...
...
techies:
techies:
admin
admin == false
false
adms = alex
adms = alex
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-31. Group files AN123.1

Notes:
The /etc/group file
The fields in the /etc/group file are:
Group: Up to eight alphanumeric characters (not all uppercase)
Password: This field is not used in AIX and should contain an exclamation mark (!)
ID: The group ID
Members: A comma-separated list of the users who belong to this group
The /etc/security/group file
The /etc/security/group file is a stanza file with one stanza for each group. The valid
entries are:
admin: Defines whether the group is an administrative group; values are true or false
adms: A comma-separated list of the users who are administrators for the group
If admin=true, this stanza is ignored because only root can change an administrative
group.
projects: A list of project names to be associated with the group

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Remove a user or group from the system


IBM Power Systems

Use the rmuser command or SMIT to delete a user from the


system.

## rmuser
rmuser p
p user01
user01

Use the rmgroup command or SMIT to delete a group from


the system.

## rmgroup
rmgroup finance
finance

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-32. Remove a user or group from the system AN123.1

Notes:
Ways to remove a user
The Remove a User from the System option in SMIT, or the rmuser command, can be
used to remove any user from the system. Only the root user may remove
administrative users.
The -p option of rmuser
The -p option removes authentication information from the /etc/security/* files.
Typically, this information is the user password, as well as other login restrictions which
have been previously set for the ID.
Removing the user's files
The user's home directory and associated files are not removed by this option. They
must be removed separately by the administrator. To do this, you can use the -r option
on the rm command to recursively remove files. Remember to back up any important
files before removing the user's home directory.

12-48 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Files owned by removed user or group


IBM Power Systems

Best handled prior to removing user or group


# ls l
-r-xr-xr-x 1 207 system 26732 Feb 1 01:10 file54
Home directory
Move needed files
Remove home directory
# rm R /home/user01
Other files
Use find to locate files
# find / -group <GID or groupname>
# find / -user <UID or username>
Change user or group ownership
# chown
# chgrp
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-33. Files owned by removed user or group AN123.1

Notes:
Removing a user or group does not remove the files owned by that user or group. The files
remain with the same UID and GID in the i-node as they had before.
The home directory files will be easy to locate, but that is not necessarily true for other files
that may be scattered around the system.
For ease of management it is recommended that you manage these file prior to deleting
the owner. If you do not, then you will need to know the UID or GID number to find the
related files.
For each file you need to decide whether to backup and delete the file or to transfer
ownership to a different user or group.

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Topic summary
IBM Power Systems

Having completed this topic, you should be able to:


Understand how security commands are used to manage
security files
Add, list, change, and delete users and groups
Set and change passwords
Recover root password if lost or forgotten
Identify files that hold user and group definitions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-34. Topic summary AN123.1

Notes:

12-50 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint (1 of 2)
IBM Power Systems

1. If the following command was run, what would the file


permissions be for file1: chmod 6754 file1

2. A binary executable with the SUID flag set is owned by


user root. User michael executes the binary. The
executable runs under which user, root or michael?

3. A shared directory is created on the system. What flag


must be set to ensure only the owner of the files can
delete them?

4. Why is a umask of 027 recommended?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-35. Checkpoint (1 of 2) AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (2 of 2)
IBM Power Systems

5. What is the difference between the commands pwdadm and


passwd?

6. Which command can be used to change the default


attributes for users?

7. True or False: When you delete a user from the system, all
the users files and directories are also deleted.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-36. Checkpoint (2 of 2) AN123.1

Notes:

12-52 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Security and user


administration: Part one

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-37. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 12. Security and user administration: Part one 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Define the concepts of users and groups, and explain how
and when these should be allocated on the system
Describe ways of controlling root access on the system
Explain the uses of SUID, SGID, and SVTX permission bits
Administer user accounts and groups

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 12-38. Unit summary AN123.1

Notes:

12-54 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 13. Security and user administration: Part two

What this unit is about


This unit describes the key concepts related to AIX security and user
administration.

What you should be able to do


After completing this unit, you should be able to:
Execute various user management tasks
Explain basic concepts of RBAC
Assign and use RBAC roles

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX 7.1 Information
SG24-7424 AIX 7.1 Advanced Security Features: Introduction and
Configuration (Redbook)
SG24-7559 AIX Version 7.1 Differences Guide (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Execute various user management tasks
Explain basic concepts of RBAC
Assign and use RBAC roles

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-1. Unit objectives AN123.1

Notes:

13-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty 13.1.Additional user administration tasks

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Additional user administration tasks


IBM Power Systems

After completing this topic, you should be able to:


Understand the login sequence and initialization process
Customize login and password prompt behavior
Use security logs
Customize the default user setup
Manage user access issues
Establish user password restrictions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-2. Additional user administration tasks AN123.1

Notes:

13-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Console login sequence


IBM Power Systems

getty process Settings in


Login: User ID and passwd /etc/security/login.cfg
Spawned by inittab

/etc/passwd
User verification check /etc/security/passwd

no
Login failed Valid?
yes
Log entry in: /var/adm/wtmp
/etc/security/failedlogin Update security logs
/etc/utmp

/etc/environment
Set up the environment. /etc/security/limits
/etc/security/user

Display /etc/motd
/etc/profile
Enter login shell $HOME/.profile
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-3. Console login sequence AN123.1

Notes:
Introduction
When a user attempts to log in, AIX checks a number of files to determine if entry is
permitted to the system and, if permitted, what parts of the system the user can access.
This section provides an overview of the checks performed during the login process.
The getty process
Ports set up for login are listed in the /etc/inittab. When init runs, a getty process is
started for each port in the list providing a login prompt on the terminal attached to that
port. The actual message displayed, also known as the herald, by the getty process is
defined in /etc/security/login.cfg. Once the message is displayed, the getty process
waits for a user to make a login attempt.
Non-console logins
If logging in using a network utility like telnet, its similar to a console login, except that
the service daemon (such as telnetd) is the parent process rather than a getty process.
In addition, some network services, such as ssh and rlogin, do not use login.cfg.

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Entry of username and password


When a user is ready to log in, they enter their user name at the login prompt. The login
program is passed the user name and password. The login credentials are checked
against /etc/passwd and /etc/security/passwd files.
Validation
If the password is incorrect or if an invalid user name was given, then the login fails, and
an entry is made in the file /etc/security/failedlogin. Use the command who
/etc/security/failedlogin to view this file. The number of failed attempts is also tracked
(by user account) in /etc/security/lastlog. The login prompt is redisplayed for another
attempt. It is possible to set the characteristics for a user to prevent unlimited attempts
on an account. If the number of attempts exceeds the maximum allowable failed
attempts, the account is locked. If a user successfully enters the user name and
password, the usw stanza in /etc/security/login.cfg is checked. This stanza sets the
maximum number of concurrent logins for a user account. If that number is exceeded,
the login is denied and a message is displayed to the user.
Setup of user's environment
If everything is successful to this point, then the user's environment is set using
/etc/environment, /etc/security/environ, /etc/security/limits, and /etc/security/user.
The login program sets the current directory to the user's HOME directory and displays
the content of /etc/motd (if no .hushlogin file is found in the HOME directory), the date
of the last successful login, and the number of unsuccessful login attempts since the
last successful login.
Passing of control to shell
Finally, control is passed to the login shell (as defined in /etc/passwd) which will read
/etc/environment and run /etc/profile and $HOME/.profile when using Korn or Bourne
shells.
Results of a user logging out
When a user logs out, the shell terminates and a new getty process is spawned for that
port.

13-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Login related attributes


IBM Power Systems

Change the login herald:


# chsec f /etc/security/login.cfg s default \
-a herald=Authorized use only. \n\rlogin:

Change the password prompt:


# chsec f /etc/security/login.cfg s default \
-a pwdprompt=\n\rAuthentication required:

Change max time to complete login after prompt:


# chsec f /etc/security/login.cfg s usw \
-a logintimeout=30

See login.cfg man page for other login attributes.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-4. Login related attributes AN123.1

Notes:
A herald is the message that is displayed at an enabled terminal or in response to any
initial network connection (telnet and login commands). It is a good practice to have words
that make it clear that only authorized persons should be logging into the system. This and
other login related attributes are defined in /etc/security/login.cfg. You can also customize
the login prompt. The only line command that will modify this file is chsec.
Some facilities make it practice of tightening up how long a login prompt can be
outstanding without an actual login,
Below are descriptions of the login related attributes.
herald: This attribute specifies the initial message to be printed out when getty or login
prompts for a login name. This value is a string that is written out to the login port. If the
herald is not specified, then the default herald is obtained from the message catalog
associated with the language set in /etc/environment.
logintimes: This attribute defines the times a user can use this port to login.

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

logindisable: This attribute defines the number of unsuccessful login attempts before
this port is locked. Use this in conjunction with logininterval.
logininterval: This attribute defines the number of seconds during which logindisable
unsuccessful attempts must occur before a port is locked.
loginreenable: This attribute defines the number of minutes after a port is locked, that it
automatically unlocked.
logindelay: This attribute defines the delay in seconds between unsuccessful login
attempts. This delay is multiplied by the number of unsuccessful logins. Therefore, if the
value is two, then the delay between unsuccessful logins is two seconds, then four
seconds, then six seconds, and so forth.
Other security attributes (usw stanza):
shells: The list of valid login shells for a user; chuser and chsh will only change a user's
login shell to one of the shells listed here.
maxlogins: This attribute defines the maximum number of simultaneous logins allowed
on the system.
logintimeout: This attribute defines the number of seconds the user is given to enter
their password.
auth_type: This attribute determines whether PAM or the standard UNIX authentication
mechanism will be used by PAM-aware applications. Valid values: STD_AUTH,
PAM_AUTH
The chsec command: Changes to the /etc/security/login.cfg file can be done by the
command chsec:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt="Password:"
To reset to the default value:
# chsec -f /etc/security/login.cfg -s default -a pwdprompt=

13-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Security logs
IBM Power Systems

/var/adm/sulog Audit trail of su activity

/var/adm/wtmp Log of successful logins

/etc/utmp List of users currently


logged in

/etc/security/failedlogin Information on failed


login attempts

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-5. Security logs AN123.1

Notes:
The sulog file
The sulog file is an ASCII text file that can be viewed with more or pg. In the file, the
following information is recorded: date, time, terminal name, and login name. The file
also records whether the login attempt was successful, and indicates a success by a
plus sign (+) and a failed login by a minus sign (-).
The utmp and wtmp files
The /etc/utmp file contains a record of users logged into the system, and the
/var/adm/wtmp file contains connect-time accounting records. To obtain information
from either file use the who command with the file name. The who command normally
examines the /etc/utmp file, but you can specify either one of the files just mentioned
as an argument to the command.
The last command
The last command can also be used to display, in reverse chronological order, all
previous logins and logoffs still recorded in the /var/adm/wtmp file. The

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

/var/adm/wtmp file collects login and logout records as these events occur, and holds
them until the records are processed by the accounting commands.
For example:
# last root displays all the recorded logins and logoffs by the user root.
# last reboot displays the time between reboots of the system.
The utmpd daemon
AIX 5L V5.2 introduced a new daemon called utmpd to manage the entries in the
/etc/utmp file. This daemon monitors the validity of the user process entries at regular
intervals. The default interval time would be 300 seconds. The syntax of the command
is:
/usr/sbin/utmpd [ Interval ]
To start utmpd from the /etc/inittab, add the following entry to the file:
utmpd:2:respawn:/usr/sbin/utmpd
The failedlogin file
The /etc/security/failedlogin file maintains a record of unsuccessful login attempts.
The file can be displayed using the who command with the file as an argument.

13-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

User environment setup


IBM Power Systems

LOGIN

Establishes base environment


/etc/environment sets PATH, TZ, LANG, and
NLSPATH

Shell script run at all logins


/etc/profile sets TERM, MAILMSG, and
MAIL

User's personal file to


$HOME/.profile customize their environment
PATH, ENV, PS1

User's personal file to customize


$HOME/.kshrc the Korn shell environment
set o vi, alias
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-6. User environment setup AN123.1

Notes:
The /etc/environment file
/etc/environment is used to set variables. No commands should be placed in this file.
Only root can change this file.
The /etc/profile file
/etc/profile will be read and executed during every login. Like the /etc/environment file,
this file can be changed only by root.
The $HOME/.profile and $HOME/.kshrc files can be customized by the user. The user can
overwrite any variable set in /etc/environment and /etc/profile.
Common Desktop Environment (CDE) considerations
If you are using CDE, .profile is not read by default. In the users HOME directory, the
.dtprofile file is used to establish the environment when working with CDE. .dtprofile
replaces the function of .profile in the CDE environment. If you want to use both, in the
.dtprofile, uncomment the line near the end of the file that references the
DTSOURCEPROFILE variable.

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Customizing default user setup


IBM Power Systems

/etc/security/mkuser.default
mkuser /etc/passwd
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER mkuser.sys
. shell script
Build home directory
/etc/security/.profile
Copies default .profile to home directory
Set permissions and ownerships

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-7. Customizing default user setup AN123.1

Notes:
Rather than require each user to learn how to setup their own .profile customization, many
system admins define how the user environments should be initially setup. Less common,
but possible, is changing the defaults of the /etc/passwd fields for new users
The /etc/passwd fields are determined by the stanza oriented mkuser.default file. It has a
stanza for ordinary users and another stanza for administrative users.
The mkuser command invokes the mkuser.sys shell script. This provided script will build
the users home directory, copy the /etc/security/.profile to the home directory, and then
set appropriate ownership and permissions on the home directory and its contents. After
making a copy of the original script, it can be modified to create additional files in the users
home directory. For example, you might want to create a .kshrc file.
Resources involved in user creation process
The following resources are involved in the user creation process:
Default ID numbers stored in /etc/security/.ids
The /usr/lib/security/mkuser.sys shell script used to set up a user ID.

13-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Default values for characteristics stored in /usr/lib/security/mkuser.default


Default values for characteristics stored in /etc/security/user
The default .profile stored in /etc/security/.profile
Some of these resources are discussed further in the material that follows.
The /usr/lib/security/mkuser.default file
The /usr/lib/security/mkuser.default file contains the defaults for the mkuser command.
This file can only be edited by the root user. This file contains the following information:
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER
admin:
pgrp = system
groups = system
shell = /usr/bin/ksh
home = /home/$USER
The user stanza of this file is picked up if an ordinary user is being added, and the admin
stanza is picked up, if an administrative user is being added.
The /etc/security/.ids file
If the user ID is not specified, then a default ID number is chosen from the
/etc/security/.ids file. Administrative users are given IDs starting from six, and normal
users are given IDs starting from 200.
The /usr/lib/security/mkuser.sys shell script
The shell script /usr/lib/security/mkuser.sys is run during the user creation process.
This creates the user's home directory and creates the .profile file. This shell script can be
modified to perform any function that is required when setting up the user.
List of user characteristics
The full list of user characteristics contains entries which are not often used. Many of these
fields may be left empty with no ill effect. For the complete list, refer to SMIT (fastpath smit
mkuser).

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Message of the day


IBM Power Systems

The file /etc/motd contains text that is displayed every time after a
user successfully logs in, prior to the shell prompt.
This file should only contain information necessary for the users to see.
Existence of a $HOME/.hushlogin file blocks MOTD display.

******************************************************************
******************************************************************
** **
** AIX
AIX Version
Version 7.1
7.1 TL
TL 01
01 **
** Education
Education AIX AN12 Build version
AIX AN12 Build version 318
318 **
** **
** The system will be down for maintenance from Saturday 23:00
The system will be down for maintenance from Saturday 23:00 **
** until
until Sunday
Sunday 22:00
22:00 **
******************************************************************
******************************************************************

nimmaster:/
nimmaster:/

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-8. Message of the day AN123.1

Notes:
Using the /etc/motd file
The message of the day (motd) is a convenient way to communicate information, such as
installed software version numbers or current system news, to all users. The message of
the day is contained in the /etc/motd file. To change the message of the day, simply edit
this file.

13-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Blocked user accounts


IBM Power Systems

Check on cause of user problem:


# usrck l n user_name
Also examine users $HOME/.profile

Locked account:
# chuser a account_locked=false user_name
# chsec f /etc/security/user s username \
a account_locked=false

Exceeded password retry limit:


# chsec f /etc/security/lastlog -s user_name \
-a unsuccessful_login_count=0

Adjust failed password retry limit:


# chuser a loginretries=5
# chsec -f /etc/security/user s user_name \
a loginretries=5
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-9. Blocked user accounts AN123.1

Notes:
In /etc/security/lastlog:
unsuccessful_login_count: Specifies the number of unsuccessful login attempts
since the last successful login. The value is a decimal integer. This attribute works in
conjunction with the user's loginretries attribute, specified in the /etc/security/user
file, to lock the user's account after a specified number of consecutive unsuccessful
login attempts. Once the user's account is locked, the user will not be able to log in until
the system administrator resets the user's unsuccessful_login_count attribute to be
less than the value of loginretries. To do this, enter the following:
chsec -f /etc/security/lastlog -s username -a \ unsuccessful_login_count=0
In /etc/security/user:
account_locked: This attribute defines whether the account is locked. Locked
accounts cannot be used for login or su. Possible values: true or false
loginretries: This attribute defines the number of invalid login attempts before a user is
not allowed to login. Possible values: a positive integer or 0 to disable this feature

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Prevent vulnerable passwords (1 of 3)


IBM Power Systems

Password restriction attributes in /etc/security/user


Update for a particular user with chuser or smit chuser
Update default stanza with chsec

Force periodic change of passwords


maxage: Password MAX. AGE
pwdwarntime: Days to WARN USER before password expires

Prevent reuse of previous passwords


histexpire: WEEKS before password reuse
histsize: NUMBER OF PASSWORDS before reuse

Discourage repeating characters


maxrepeats: Password MAX. REPEATED characters
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-10. Prevent vulnerable passwords (1 of 3) AN123.1

Notes:
Security is only as good as the passwords being used. The /etc/security/user files has
many attributes that assist you in enforcing best practices as regards password
management. While it is possible to set these on a user by user basis with chuser or SMIT,
you will likely want to set default values using the chsec command. The descriptions in the
visual provide first the attribute name and then the SMIT field name. This convention is also
used on the following visuals.
maxage: This attribute defines the maximum number of weeks a password is valid. The
default is 0, which is equivalent to unlimited. Possible values: 0 to 52
pwdwarntime: This attribute defines the number of days before a forced password
change warning informs the user of the impending password change. Possible values:
a positive integer or 0 to disable this feature
histexpire: This attribute defines the period of time in weeks that a user will not be able
to reuse a password. Possible values: an integer value between 0 and 260. 26
(approximately 6 months) is the recommended value

13-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty histsize: This attribute defines the number of previous passwords which cannot be
reused. Possible values: an integer between 0 and 50
minage: This attribute defines the minimum number of weeks between password
changes. The default is 0. Possible values: 0 to 52
maxexpired: This attribute defines the maximum number of weeks after maxage that
an expired password can be changed by a user. The default is -1, which is equivalent to
unlimited. Possible values: -1 to 52. maxage must be greater than 0 for maxexpired to
be enforced (root is exempt from maxexpired)
maxrepeats: This attribute defines the maximum number of times a given character
can appear in a password. The default is 8, which is equivalent to unlimited. Possible
values: 0 to 8

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Prevent vulnerable passwords (2 of 3)


IBM Power Systems

Prohibit particular words or substrings


dictionlist: path to Password DICTIONARY FILES listing
prohibited passwords
Sample dictionary:
/etc/security/aixpert/dictionary/English

Special dictionary entries:


$USER
Block use of the users login name as any part of a password
*<regular_expression>
Block use of any password that matches the regular expression
Must be preceded with the asterisk (*) character
For example, to block passwords ending in 123:
*.*123$
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-11. Prevent vulnerable passwords (2 of 3) AN123.1

Notes:
The dictionlist user attribute defines the password dictionaries used when checking new
passwords. The format is a comma separated list of absolute path names to dictionary
files. A dictionary file contains one word per line where each word has no leading or trailing
white space. Words should only contain 7 bit ASCII characters. All dictionary files and
directories should be write protected from everyone except root. The default is valueless
which is equivalent to no dictionary checking.
A sample dictionary list is provided and there are other variations available from other
sources.
AIX 7.1 introduced two enhancements to the dictionlist capability. One is the recognition of
a $USER entry. This will result in the rejection of not only a password which is the same as
the username, but of any password that has the username as a subset. The other
enhancement is the ability to pattern match passwords using regular expressions; this
provides a powerful method for identifying many passwords as easily guessed without
having to enumerating every possible variation. The regular expression must be proceeded
with an * (asterisk, splat) in the first column.

13-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Prevent vulnerable passwords (3 of 3)


IBM Power Systems

Encourage mixture of character types.


minlen
minalpha minother
minloweralpha minupperalpha mindigit minspecialcharacter

Subset minimums cannot exceed superset minimums.

Default encryption only supports the first eight characters.


See course AN57 on configuring for long passwords.

If using LDAP, the LDAP server will handle password rule


enforcement instead.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-12. Prevent vulnerable passwords (3 of 3) AN123.1

Notes:
Not only can a minimum number of characters be required in a password, but you can
requires a mixture of different types of characters, The major subset minimums are
minalpha (alphabetic) and minother (non-alphabetic). they can not total more than minlen.
AIX 7.1 induced the ability to be even more specific about the type characters. You can
now distinguish between upper and lower case alphabetic characters. You can also
distinguish between numbers and other non-alphabetic characters
Here are the user attributes with their descriptions.
minalpha: This attribute defines the minimum number of alphabetic characters in a
password. The default is 0. Possible values: 0 to 8
minother: This attribute defines the minimum number of non-alphabetic characters in a
password. The default is 0. Possible values: 0 to 8
minlen: This attribute defines the minimum length of a password. The default is 0.
Range: 0 to 8

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Note that the minimum length of a password is determined by minlen and/or minalpha
+ minother, whichever is greater. minalpha + minother should never be greater than
8. If minalpha + minother is greater than 8, then minother is reduced to 8 - minalpha.
minloweralpha: This attribute defines the minimum number of lower case alphabetic
characters that must be in a new password. The value is a decimal integer string. The
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
minupperalpha: This attribute defines the minimum number of upper case alphabetic
characters that must be in a new password. The value is a decimal integer string. The
default is a value of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.
mindigit: This attribute defines the minimum number of digits that must be in a new
password. The value is a decimal integer string. The default is a value of 0, indicating
no minimum number. Range: 0 to PW_PASSLEN.
minspecialchar: This attribute defines the minimum number of special characters that
must be in a new password. The value is a decimal integer string. The default is a value
of 0, indicating no minimum number. Range: 0 to PW_PASSLEN.

13-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Topic summary
IBM Power Systems

Having completed this topic, you should be able to:


Understand the login sequence and initialization process
Customize login and password prompt behavior
Use security logs
Customize the default user setup
Manage user access issues
Establish user password restrictions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-13. Topic summary AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

13-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty 13.2.Basics of enhanced RBAC

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Basics of enhanced RBAC


IBM Power Systems

After completing this topic, you should be able to:


Understand the key elements of enhanced RBAC
Identify the AIX predefined roles and assign one to a user
As a user: List roles, activate, and de-activate a role

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-14. Basics of enhanced RBAC AN123.1

Notes:

13-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

RBAC overview
IBM Power Systems

RBAC configuration is stored within the Kernel Security Tables (KST).

1
Roles

Authorizations
Manage Devices
Create 2
System WPARs
Operating System Administration
Users

Privileged commands and files


Command= /usr/sbin/shutdown
Auth = aix.system.boot.shutdown Roles

System Operator System


Administrator
User and Group Account
Administration

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-15. RBAC overview AN123.1

Notes:
There are over 250 built in pre-defined authorizations, such as manage devices, create
WPARs, and perform OS administration. To view all authorizations, type: # lsrole ALL.
Authorizations are assigned to commands and files which are considered privileged. By
privileged, we mean that we want to allow them to bypass traditional access controls.
These authorizations are then assigned to roles which, in turn, are assigned to users.
Users can then switch roles to perform the necessary administrative actions.
Custom user-defined authorizations and roles can also be created. However, this requires
the kernel security tables to be updated. To do this, execute the setkst command.

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

RBAC defined roles and authorizations


IBM Power Systems

## lsrole
lsrole -c
-c -a
-a dfltmsg
dfltmsg ALL
ALL |grep
|grep -v
-v "#name"|grep
"#name"|grep ":"
":"
AccountAdmin:User and Group Account Administration
AccountAdmin:User and Group Account Administration
BackupRestore:Backup
BackupRestore:Backup and
and Restore
Restore Administration
Administration
DomainAdmin:Remote Domain Administration
DomainAdmin:Remote Domain Administration
FSAdmin:File
FSAdmin:File System
System Administration
Administration
SecPolicy:Security
SecPolicy:Security Policy Administration
Policy Administration
SysBoot:System
SysBoot:System Boot
Boot Administration
Administration
SysConfig:System
SysConfig:System Configuration
Configuration Administration
Administration
isso:Information Roles
isso:Information System Security
System Security Officer
Officer
sa:System
sa:System Administrator
Administrator
so:System Operator
so:System Operator

## lsauth
lsauth -f
-f ALL
ALL |grep
|grep dfltmsg
dfltmsg |sed
|sed 's:dfltmsg=::g'
's:dfltmsg=::g'
Operating System Administration
Operating System Administration
Device
Device Administration
Administration
Configure
Configure Devices
Devices
Configure
Configure MPIO Devices
MPIO Devices
Configure
Configure Printers
Printers Authorizations
Configure
Configure the
the Random
Random Device
Device
.removed
.removed for
for clarify
clarify
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-16. RBAC defined roles and authorizations AN123.1

Notes:
There are, by default, 10 predefined system roles and 254 authorizations. They can be
listed with the lsrole and lsauth commands respectively.
To list the roles and the assigned authorizations, type:
# lsrole -f -a authorizations dfltmsg ALL |grep -p dfltmsg
Role Definitions:
isso - Information system security officer
The ISSO role is responsible for creating and assigning roles, and is thus the most
powerful user-defined role on the system. Some of the ISSO responsibilities include:
Establishing and maintaining security policy
Setting passwords for users
Network configuration
Device administration

13-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty sa - System administrator


The SA role provides the functionality for daily administration and is responsible for:
User administration (except password setting)
File system administration
Software installation update
Network daemon management
Device allocation
so - System operator
The SO role provides the functionality for day to day operations and is responsible for:
System shutdown and reboot
File system backup, restore, and quotas
System error logging, trace, and statistics
Workload administration
AccountAdmin - User and group account administrator
The AccountAdmin role provides the functionality for users and group definitions and is
responsible for:
Define, modify, and remove users
Define, modify, and remove groups
BackupRestore - Backup and restore administrator
The BackupRestore role provides the functionality for backup and restore operations for file
systems, using various commands such as:
cpio, pax, tar, backup and restore
DomainAdmin - Remote domain administrator
The DomainAdmin role provides the functionality for managing network security
mechanisms such as:
kerberos, ldap, NIS, and PKI
FSAdmin - File system administrator
The FSAdmin role provides the functionality for managing file systems and has the ability
to:
Create, modify, and remove file systems
Mount and unmount file systems
Defrag file systems
Format file system logs

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Manage file system user quotas


Create and manage JFS2 snapshots
SecPolicy - Security policy administrator
The SecPolicy role provides the functionality for security administration and is responsible
for most of what the ISSO covers, except for:
Domain Administration
System Configuration
SysBoot - System boot administrator
The SysBoot role provides the functionality for system shutdown and booting through the
facilities for:
halt, shutdown, and reboot
SysConfig - System configuration
The SysConfig role provides the functionality for system configuration and is responsible
for such components as:
inittab
System console
Kernel extensions
uname
Resource sets
Date and time zone
Software license management
Performance tunables
Diagnostics

13-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

RBAC (basic) implementation steps


IBM Power Systems

Steps to configure RBAC


1. Ensure RBAC is enabled (default true).
## lsattr
lsattr -El
-El sys0
sys0 || grep
grep RBAC
RBAC
enhanced_RBAC
enhanced_RBAC true
true Enhanced
Enhanced RBAC
RBAC Mode
Mode

2. Plan which predefined administration roles need to be assigned to


users.

3. Assign AIX predefined roles to the relevant users.


Using chuser command

4. User would then switch to the role and perform the necessary
operations.
To switch roles, use swrole command

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-17. RBAC (basic) implementation steps AN123.1

Notes:
A key part in implementing RBAC, is planning. Start by making a note of all the
administration tasks which may need to be performed, then allocate them to roles, and
assign the roles to user ids.
RBAC is enabled by default in AIX starting with version 6.1), and can be checked with the
lsattr command as shown on the visual.

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

RBAC example (1 of 2)
IBM Power Systems

Example: Let's give permission for user, alex, to start, stop,


and reboot the system.
First, find the predefined role.
## lsrole
lsrole -f-f -a
-a authorizations
authorizations dfltmsg
dfltmsg ALL
ALL |grep
|grep -p
-p dfltmsg
dfltmsg || \\
grep
grep -p
-p shutdown
shutdown
SysBoot:
SysBoot:
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
authorizations=aix.system.boot.halt,aix.system.boot.info,aix.syst
em.boot.reboot,aix.system.boot.shutdown
em.boot.reboot,aix.system.boot.shutdown
dfltmsg=System
dfltmsg=System Boot
Boot Administration
Administration

Add the SysBoot role to user alex.


## chuser
chuser roles=SysBoot
roles=SysBoot alex
alex Confirm the
SysBoot role has
been allocated to
## rolelist
rolelist -u
-u alex
alex user alex.
SysBoot
SysBoot System
System Boot
Boot Administration
Administration

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-18. RBAC example (1 of 2) AN123.1

Notes:
The visual demonstrates how to provide a user with the capability to start, stop, and reboot
the system.
If you are not sure if the system authorization, aix.system.boot.shutdown, contains the
shutdown command, then the RBAC privileged command file can be checked (stored in
/etc/security), as follows:
/etc/security # grep shutdown privcmds
/usr/sbin/exec_shutdown:
accessauths = aix.system.boot.shutdown
/usr/sbin/shutdown:
accessauths = aix.system.boot.shutdown

13-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

RBAC example (2 of 2)
IBM Power Systems

As user alex, shut down and reboot the system.


alex
alex $$ rolelist
rolelist Lists the assigned
SysBoot
SysBoot System
System Boot
Boot Administration
Administration roles
alex
alex $$ rolelist
rolelist -e
-e
rolelist: Lists the active
rolelist: There is no
There is no active
active role
role set
set roles
alex
alex $$ rolelist
rolelist -a
-a
SysBoot
SysBoot aix.system.boot.create
aix.system.boot.create
aix.system.boot.halt
aix.system.boot.halt Lists the assigned
aix.system.boot.info
aix.system.boot.info authorizations
aix.system.boot.reboot
aix.system.boot.reboot
aix.system.boot.shutdown
aix.system.boot.shutdown
alex Switch to role
alex $$ swrole
swrole SysBoot
SysBoot
SysBoot
alex
alex $$ alex's
alex's Password:
Password:
SysBoot role is
alex
alex $$ rolelist
rolelist -e
-e now active
SysBoot
SysBoot System
System Boot
Boot Administration
Administration
alex
alex $$ shutdown
shutdown Fr
Fr Perform a system
reboot.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-19. RBAC example (2 of 2) AN123.1

Notes:
The rolelist command provides role and authorization information to the invoker, about
their current roles, or the roles assigned to them.
The swrole command creates a new role session, spawned in a sub shell, with the roles
that are specified by the role parameter (in this example, SysBoot). To exit the new role sub
shell, type:
# exit rolelist e or # exit rolelist SysBoot

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Topic summary
IBM Power Systems

Having completed this topic, you should be able to:


Understand the key elements of enhanced RBAC
Identify the AIX predefined roles and assign it to a user
As a user: List roles, activate, and de-activate a role

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-20. Topic summary AN123.1

Notes:

13-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint (1 of 2)
IBM Power Systems

1. If an ordinary user forgets their password, can the system


administrator find out by querying the system as to what the users
password was set to? Why or why not?

2. True or False: An asterisk (mary:*:) in the second field of the


/etc/passwd file means there is a valid password set in the shadow
password file for user mary.

3. Password restrictions are set in which of the following files?


a. /etc/passwd
b. /etc/security/passwd
c. /etc/security/restrictions
d. /etc/security/user

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-21. Checkpoint (1 of 2) AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (2 of 2)
IBM Power Systems

4. True or False: Enhanced RBAC comes with several


predefined roles.

5. True or False: Once a user is assigned a role, the user


immediately can use the related authorizations.

6. What is the command that will list your assigned roles?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-22. Checkpoint (2 of 2) AN123.1

Notes:

13-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Security and user


administration: Part two

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-23. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 13. Security and user administration: Part two 13-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Execute various user management tasks
Explain basic concepts of RBAC
Assign and use RBAC roles

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 13-24. Unit summary AN123.1

Notes:

13-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 14. Scheduling and time

What this unit is about


This unit describes how jobs can be scheduled on the system.

What you should be able to do


After completing this unit, you should be able to:
Explain the role of the cron daemon
Use crontab files to schedule jobs on a periodic basis
Use the at command to schedule a job or series of jobs at some
time in the future
Use the batch command to schedule jobs in a queue in order to
alleviate immediate system demand
Explain and set the system time
Describe and set the time zone variable
Configure basic NTP clients

How you will check your progress


Checkpoint questions
Machine exercise

References
Online AIX 7.1 Commands Reference
AIX 7.1 Files Reference
AIX Version 7.1 Operating system and device
management
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Explain the role of the cron daemon
Use crontab files to schedule jobs on a periodic basis
Use the at command to schedule a job or series of jobs at
some time in the future
Use the batch command to schedule jobs in a queue in
order to alleviate immediate system demand
Explain and set the system time
Describe and set the time zone variable
Configure basic NTP clients

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-1. Unit objectives AN123.1

Notes:

14-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

The cron daemon


IBM Power Systems

Responsible for running scheduled jobs

Starts:

crontab command events


(regularly scheduled jobs)

at command events
(one time only execution at specified time)

batch command events


(run when CPU load is low)

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-2. The cron daemon AN123.1

Notes:
Function of the cron daemon
The system process that enables batch jobs to be executed on a timed basis, is the
cron daemon. Many people rely on cron to execute jobs. Jobs are submitted to the
cron daemon in a number of different ways:
The at and batch facilities are used to submit a job for one-time execution.
crontab files are used to execute jobs periodically - hourly, daily, weekly.
Starting of cron
The cron process is usually started at system startup by /etc/inittab. It runs constantly
as a daemon. If killed, it is automatically restarted.
Changing how cron event types are handled
The /var/adm/cron/queuedefs file defines how the system handles different cron
daemon event types. The file specifies the maximum number of processes per event
type to schedule at one time, the nice value of the event type, and how long to wait

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

before retrying to execute a process. This file is empty as shipped, but can be modified
to change how the cron daemon handles each event type.
For example, by default, crontab events are inspected every 60 seconds, run at a nice
value of 2 higher than the default, and there may be up to 100 executing
simultaneously.
This may be changed by modifying the /var/adm/cron/queuedefs file.
For example, if crontab jobs were to run at a nice value of 10 higher than the default,
with files inspected every two minutes, and with up to 200 jobs allowed, then the
following entry should be made to the file:
c.200j10n120w
| | | |
| | | wait period (in seconds)
| | |
| | nice value
| |
| jobs
|
cron

14-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

crontab files
IBM Power Systems

Used to start regularly occurring jobs

Schedule is defined in:


/var/spool/cron/crontabs/$USER

Files to control crontab privileges of users:


/var/adm/cron/cron.deny lists users who cannot use crontab
/var/adm/cron/cron.allow lists users who can use crontab

An empty cron.deny exists by default.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-3. crontab files AN123.1

Notes:
Scheduling a job
The cron daemon starts processes at specified times. It can be used to run regularly
scheduled jobs using files in the /var/spool/cron/crontabs directory, or it can be used
to schedule a command for one-time-only execution using the at command.
The /var/adm/cron/cron.deny file
All users by default have the privilege to set up scheduled jobs to be monitored by cron.
This is because the file /var/adm/cron/cron.deny, which denies privileges to users,
exists and is empty. As the administrator, you can restrict access to cron by adding user
names to this text file.
The /var/adm/cron/cron.allow file
Another file that also restricts users privileges, is /var/adm/cron/cron.allow. To use
this file, you should remove the cron.deny file and create the cron.allow file to list the
users that are allowed to use cron. If cron.allow exists and is empty, no user is able to
use cron, that includes root. If both cron.allow and cron.deny exist, then cron.allow
is the file that is used. If neither cron.allow nor cron.deny exists, then only root can
use cron.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Format of a crontab file


IBM Power Systems

Format of entries:
minute hour date-of-month month day-of-week command
To view current crontab:
# crontab -l

...
...
#0
#0 33 ** ** ** /usr/sbin/skulker
/usr/sbin/skulker
#45
#45 2 * * 0 /usr/lib/spell/compress
2 * * 0 /usr/lib/spell/compress
#45
#45 23 * * * ulimit
23 * * * ulimit 5000;
5000; /usr/lib/smdemon.cleanu
/usr/lib/smdemon.cleanu >> /dev/null
/dev/null
00 11 * * * /usr/bin/errclear -d
11 * * * /usr/bin/errclear -d S,O 30 S,O 30
00 12
12 ** ** ** /usr/bin/errclear
/usr/bin/errclear -d
-d HH 90
90
00 15
15 * * * /usr/lib/ras/dumpcheck >/dev/null
* * * /usr/lib/ras/dumpcheck >/dev/null 2>&1
2>&1
0,30,45
0,30,45 * * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
* * * * /usr/sbin/dumpctrl -k >/dev/null 2>/dev/null
...
...

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-4. Format of a crontab file AN123.1

Notes:
Viewing a crontab file
Each user can view their crontab file by using the command crontab -l.
The users crontab file contains the schedule of jobs to be run on behalf of that user.
There is a separate crontab file for each user of the crontab facility. This file is located
in /var/spool/cron/crontab/$USER.
Format of crontab file entries
The format for the lines in this file is as follows:
minute (0-59)
hour (0-23)
date of the month (1-31)
month of the year (1-12)
day of the week (0-6, where 0=Sunday, 1=Monday, and so forth)
command

14-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Fields are separated by spaces or tabs. To indicate a field is always true, use an
asterisk (*). To indicate multiple values in a field, use a comma (,). A range can also be
specified by using a hyphen (-).
Examples of crontab entries
Here are some examples of crontab entries:
To start the backup command at midnight, Monday through Friday:
0 0 * * 1-5 /usr/sbin/backup -0 -u -q -f /dev/rmt0
To execute a command called script1 every 15 minutes between 8 a.m. and 5 p.m.,
Monday through Friday:
0,15,30,45 8-17 * * 1-5 /home/team01/script1

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Editing a crontab file


IBM Power Systems

One way to edit a crontab file:


## crontab
crontab -e
-e

A safer method:
## crontab
crontab -l
-l >> /tmp/crontmp
/tmp/crontmp
## vi
vi /tmp/crontmp
/tmp/crontmp
## crontab
crontab /tmp/crontmp
/tmp/crontmp

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-5. Editing a crontab file AN123.1

Notes:
Creating or updating a crontab file
To schedule a job, you must create a crontab file. The cron daemon keeps the
crontab files in memory, so you cannot update the crontab entries by just modifying
the file on disk.
Using crontab -e to edit the crontab file
To edit the crontab file, one method is to use crontab -e. This opens your crontab file
with the editor set with the EDITOR variable. Edit the file as you normally would any file.
When the file is saved, the cron daemon is automatically refreshed.
Another method of updating your crontab file
The crontab -l command always shows the crontab file that cron is using on your
behalf. Another method to update the file is to use the command crontab -l >
mycronfile. This command creates a copy of the current crontab file and enables you
to safely edit the mycronfile file without affecting the current crontab file. To submit
your changes, use the command: crontab mycronfile. The content of the mycronfile

14-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty file replaces the content of your file in the crontab directory, and refreshes the cron
daemon, all at once. Now, you also have a backup of the crontab file in mycronfile.
Removing your crontab file
Use the command crontab -r if you would like to remove your current crontab file.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The at and batch commands


IBM Power Systems

The at command submits a uniquely occurring job to be run


by cron at a specified time.
## at
at 55 pm
pm Friday
Friday
banner
banner hello
hello >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
job
job user.time.a
user.time.a will
will be
be run
run at
at date
date

## for
for hosts
hosts in
in lpar50
lpar50 lpar51
lpar51 lpar52
lpar52
do
do
rsh
rsh $host
$host "echo
"echo '<<EOF
'<<EOF nohup
nohup shutdown
shutdown -Fr'
-Fr' || at
at now
now ""
done
done

The batch command submits a job to be run when the


processor load is sufficiently low.
## batch
batch
banner
banner hello
hello world
world >> /dev/pts/0
/dev/pts/0
<ctrl-d>
<ctrl-d>
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-6. The at and batch commands AN123.1

Notes:
Use of the at command
The at command submits a job for cron to run once, rather than on a recurring basis, at
a specified time. It reads the commands to execute from standard input. The at
command mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.
Examples of keywords or parameters that can be used with at are: noon, midnight, am,
pm, A for am, P for pm, N for noon, M for midnight, today, tomorrow.
The time can be specified as an absolute time or date (for example, 5 pm Friday), or
relative to now (for example, now + 1 minute).
The Bourne shell is used by default to process the commands. If -c is specified the C
shell is run, and if -k is specified the Korn shell is run. If you specify the -m option, at
sends you mail to say that the job is complete.
Controlling use of at
The at command can only be used by root unless one of the following files exists:

14-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty /var/adm/cron/at.deny
If this file exists, anybody can use at, except those listed in it. An empty at.deny file
exists by default. Therefore, all users can use at by default.
/var/adm/cron/at.allow
If this file exists, only users listed in it can use at (root included).
Use of the batch command
The batch command submits a job to be run when the processor load is sufficiently low.
Like the at command, the batch command reads the commands to be run from
standard input and mails you all output from standard output and standard error for the
scheduled commands, unless you redirect that output.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Controlling at jobs
IBM Power Systems

To list at jobs:
at -l [user]
atq [user]
## at
at l
l
root.1118077769.a
root.1118077769.a Mon
Mon Jun
Jun 66 10:09:29
10:09:29 2007
2007
root.1118078393.a
root.1118078393.a Mon
Mon Jun 6 10:19:53 2007
Jun 6 10:19:53 2007
test2.1118079063.a
test2.1118079063.a Mon
Mon Jun
Jun 66 10:31:03
10:31:03 2007
2007

To cancel an at job:
at -r job
atrm [job | user]
## at
at -r
-r test2.1118079063.a
test2.1118079063.a
at
at file: test2.1118079063.a
file: test2.1118079063.a deleted
deleted

To cancel all your at jobs:


atrm -
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-7. Controlling at jobs AN123.1

Notes:
Listing at jobs
To list at jobs use the at -l command or the atq command. The root user can look at
another user's at jobs by using the command atq <user>.
Removing at jobs
To cancel an at job, use at -r or atrm followed by the job number. Use the command
atrm - and place nothing after the hyphen (-), to cancel all of your jobs. The root user
can cancel all jobs for another user, using atrm <user>.

14-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Documenting scheduling
IBM Power Systems

Have a copy of each users crontab file


Have a copy of the /etc/inittab file

Scheduling Records

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-8. Documenting scheduling AN123.1

Notes:
Overview
It is important to have correct, up-to-date information regarding your system, in case of
an unexpected system failure.
Maintain as much documentation as possible about all aspects of the system by
following the recommendations we have given throughout the course.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System clock
IBM Power Systems

Internally, system time is the number of seconds since UNIX


epoch. ## date
date +"%s"
+"%s"
1368877237
1368877237

The UNIX epoch is the time 00:00:00 UTC, 1 January 1970.


For human comprehension, system time is converted into a
calendar time string. ## date
date
Sat
Sat May
May 18
18 13:40:37
13:40:37 CEDT
CEDT 2013
2013

Conversions can also deal with adjustments for time zones


(TZ) and Daylight Saving Time (DST).
TZ and DST are managed by the time zone variable.
## echo
echo $TZ
$TZ
CET-1CEDT-2,M3.5.0,M10.5.0
CET-1CEDT-2,M3.5.0,M10.5.0
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-9. System clock AN123.1

Notes:
Introduction
Computer systems tell time differently than people do. So it is helpful to understand how
time works within computers as well as in the real world in order to get a handle on the
things that can go wrong.
Although top scientific theory of our space and time estimated that the universe began 13.7
billion years ago Unix simply counts seconds since New Years Day 1970. All changes in
denoting the time are done by library functions linked into the system or applications that
convert between UTC and local time at runtime.
On AIX systems, the hardware clock is set to keep Universal Time (UTC), also called
Greenwich Mean Time (GMT), instead of the time of day in the systems actual time zone.
The system can be configured to keep track of UTC time and to adjust for the offset
between UTC and the local time, including daylight saving time.

14-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Setting date and time


IBM Power Systems

## smit
smit chtz_date
chtz_date
Change
Change // Show
Show Date,
Date, Time,
Time, and
and Time
Time Zone
Zone

Move
Move cursor
cursor to
to desired
desired item
item and
and press
press Enter.
Enter.

Change
Change // Show
Show Date
Date and
and Time
Time
Change
Change Time
Time Zone
Zone Using
Using System
System Defined
Defined Values
Values
Change
Change Time
Time Zone
Zone Using
Using User
User Entered
Entered Values
Values

## smit
smit date
date ## date
date 051814542013
051814542013

Change
Change // Show
Show Day
Day and
and Time
Time

YEAR
YEAR (00-99)
(00-99) [13]
[13]
MONTH
MONTH (01-12)
(01-12) [05]
[05]
DAY
DAY (01-31)
(01-31) [18]
[18]

HOUR
HOUR (00-23)
(00-23) [14]
[14]
MINUTES
MINUTES (00-59)
(00-59) [54]
[54]
SECONDS
SECONDS (00-59)
(00-59) [00]
[00]

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-10. Setting date and time AN123.1

Notes:
The date command writes the current date and time to standard output if called with no
flags or with a flag list that begins with a + (plus sign). Otherwise, it sets the current date.
Only a root user can change the date and time.
Attention: Do not change the date when the system is running with more than one user or
any critical application.
Using the date command:
The date command needs the proper arguments in the format of mmddHHMM[YYyy],
where mmdd is the two-digit month and two-digit day (0518); HHMM is the two-digit hour in
24-hour notation (14), two-digit minute (54) and YYyy is the four-digit year (2013):
# date 051814542013
For slowly adjusts the time by sss.fff seconds (fff represents fractions of a second) use
date -a [ + | - ]sss[.fff ]. This adjustment can be positive or negative. The system's clock
will be sped up or slowed down until it has drifted by the number of seconds specified by
date -a [ +
Note that you must be logged as root User.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Time zone variable


IBM Power Systems

The time zone variable defines the interpretation of AIX


system time.
Defines CUT offset and DST
Coordinated Universal Time (CUT)
The international time standard.
Daylight Saving Time (DST)
Practice of advancing clocks
Time zone variable should be:
System wide (for all processes)
defined in /etc/environment file
User wide (for user processes)
defined in user .profile file

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-11. Time zone variable AN123.1

Notes:
The functions for accessing the time zone are declared in time.h. You should not normally
need to set TZ. If the system is configured properly, the default time zone will be correct.
You might set TZ if you are using a computer over a network from a different time zone, and
would like times reported to you in the time zone local to you, rather than what is local to
the computer.
Environment variables are examined when a command starts running. The environment of
a process is not changed by altering the /etc/environment file. Any processes that were
started prior to the change to the /etc/environment file must be restarted if the change is to
take effect for those processes. If the TZ variable is changed, the cron daemon must be
restarted, because this variable is used to determine the current local time.
Daylight Saving Time (DST)
the Daylight Saving Time also summer time in British English is the practice of
advancing clocks during the lighter months so that evenings have more daylight and
mornings have less.

14-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty If the Daylight Saving Time option is enabled, the default in AIX is for the system time to
move forward 1 hour (to DST) at 2:00am the second Sunday in March, and move back one
hour (to Standard Time) at 2:00 a.m. on the first Sunday in November. The default is hard
coded and is not stored in any user accessible file. However, the date and time at which the
switch to DST and ST occurs can be customized by root (global environment) or by users
(user environment) by setting the $TZ environment variable. To see if DST is enabled, echo
$TZ; if the time zone variable ends in DT, DST is enabled.
Crontab consideration:
When the TZ environment variable is changed, the cron daemon must be restarted. This
enables the cron daemon to use the correct Time Zone and summer time change
information for the new TZ environment variable.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Time zone formats in AIX


IBM Power Systems

POSIX format specification


Explicitly specifies the TZ and DST details
Looks cryptic; can be difficult to set and interpret

Olson format specification


Uses known names of cities or regions
Specifies the TZ name in a simple, easy-to-understand form
Maintains a historical record of what the TZ rules were at given points
in time
Is slower than the POSIX format

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-12. Time zone formats in AIX AN123.1

Notes:
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
convention, AIX calls the ICU library to get the Olson time zone translation.

14-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Setting POSIX time zone


IBM Power Systems

## smit
smit chtz_user
chtz_user
Change
Change Time
Time Zone
Zone

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.

[Entry
[Entry Fields]
Fields]
** Standard
Standard Time
Time ID(only
ID(only alphabets)
alphabets) [CET]
[CET]
** Standard
Standard Time
Time Offset
Offset from
from CUT([+|-]HH:MM:SS)
CUT([+|-]HH:MM:SS) [-1]
[-1]
Day
Day Light
Light Savings
Savings Time
Time ID(only
ID(only alphabets)
alphabets) [CEDT]
[CEDT]
Day
Day Light
Light Savings
Savings Time
Time Offset
Offset from
from CUT([+|-]HH:MM:
CUT([+|-]HH:MM: [-2]
[-2]
SS)
SS)
Start
Start Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M3.5.0]
[M3.5.0]
Start Daylight Savings Time(HH:MM:SS)
Start Daylight Savings Time(HH:MM:SS) []
[]
Stop
Stop Daylight
Daylight Savings
Savings Day([Mmm.ww.dd|Jn])
Day([Mmm.ww.dd|Jn]) [M10.5.0]
[M10.5.0]
Stop
Stop Daylight
Daylight Savings
Savings Time(HH:MM:SS)
Time(HH:MM:SS) []
[]

F1=Help
F1=Help F2=Refresh
F2=Refresh F3=Cancel
F3=Cancel F8=Image
F8=Image
F9=Shell
F9=Shell F10=Exit
F10=Exit Enter=Do
Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-13. Setting POSIX time zone AN123.1

Notes:
This format is compliant with POSIX 1003.1 standards for Extensions to Time Functions.
AIX checks the TZ environment variable to determine if the environment variable follows
the POSIX specification rules. If the TZ environment variable does not match the POSIX
convention, AIX calls the ICU library to get the Olson time zone translation.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

POSIX time zone variable breakdown


IBM Power Systems

## echo
echo $TZ
$TZ
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00

CST6CDT is
the time zone
you are in

TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00

Date/time when
time shifts Date/time when
further time shifts back

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-14. POSIX time zone variable breakdown AN123.1

Notes:
If you wish to change the date or time at which the system switches to DST and back to
Standard Time from the defaults for your zone, edit the TZ line in /etc/environment. Change
the line to read something like the following:
TZ=CST6CDT,M3.2.0/2:00:00,M11.1.0/2:00:00
The above example would effect a change to Daylight Saving Time at 2:00 AM on the
second Sunday in March and change back at 2:00 AM on the first Sunday in November,
and keep the US Central Time Zone time offset from GMT. The breakdown of the string is:
CST6CDT is the time zone you are in;
M3 is the third month;
.2 is the second occurrence of the day in the month;
.0 is Sunday;
/2:00:00 is the time.

14-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty In more detail, the format is TZ = local_Time Zone,date/time,date/time. Here date is in the
form of Mm.n.d, day d(0-6) of week n (1-5, where week 5 means the last d day in month
m and which may occur in either the fourth or the fifth week) of month m of the year. Week
1 is the first week in which the day d occurs. Day zero is Sunday.
Time Zones Defined on the System is listed in Files reference.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Setting Olson time zone


IBM Power Systems

## smit
smit chtz_olson
chtz_olson
Select
Select COUNTRY
COUNTRY or
or REGION
REGION
Europe/Podgorica
Europe/Podgorica
Europe/Prague
Europe/Prague
Europe/Riga
Europe/Riga
Europe/Rome
Europe/Rome
Europe/Samara
Europe/Samara
Europe/San_Marino
Europe/San_Marino
Europe/Sarajevo
Europe/Sarajevo
Europe/Simferopol
Europe/Simferopol
Europe/Skopje
Europe/Skopje

Change
Change Time
Time Zone
Zone

Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter AFTER making all desired
Enter AFTER making all desired changes.
changes.

[Entry
[Entry Fields]
Fields]
TIME
TIME ZONE
ZONE name
name Europe/Prague
Europe/Prague
OFFSET
OFFSET from
from Greenwich
Greenwich Mean
Mean Time
Time GMT+01:00
GMT+01:00 // GMT+02:00
GMT+02:00

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-15. Setting Olson time zone AN123.1

Notes:
The Olson TZ database, also known as zoneinfo database /usr/share/lib/zoneinfo, is
updated with the latest time zone binaries.
You can list zoneinfo database by the /usr/lib/nls/lstz command.
The time zone compiler zic command and the command to dump the time zone
information, zdump, are modified to work with the updated time zone data files.

14-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Configuring NTP client


IBM Power Systems

Edit /etc/ntp.conf
server
server fr.pool.ntp.org
fr.pool.ntp.org Your ntp time
driftfile
driftfile /etc/ntp.drift
/etc/ntp.drift servers IP address
goes here

Run ntpdate
Start the xntpd daemon
## startsrc
startsrc -s
-s xntpd
xntpd

Set up xntpd to start automatically at boot time.


/etc/rc.tcpip
/etc/rc.tcpip file:
file:

start
start /usr/sbin/xntpd
/usr/sbin/xntpd $src_running
$src_running

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-16. Configuring NTP client AN123.1

Notes:
The Network Time Protocol (NTP) is an Internet standard protocol which synchronizes time
between systems on a TCP/IP network. Depending on circumstances, the precision is in
the microsecond range (one millionth of a second). If your network already has an
established time server, you can set up your system get the accurate time information from
it. Various public NTP servers on the Internet exist which can be used. As a last resort, if no
other means are available, you can connect your NTP server to the local clock of your
system. This is useful if you are on an isolated network and you need synchronized time
across your systems.
The NTP protocol in AIX implements an xntpd daemon which slaves itself to another time
source, continuously monitoring the other source and adjusting the local time.
The /etc/ntp.conf file configures the xntpd daemon.
server options specify which servers are to be used. Multiple server statements can be
used. If one of the statements has the prefer keyword, then this server has preference
over other servers.

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

driftfile is the name of the file where the drift of the local clock is stored. This drift is
automatically determined by measuring the adjustments needed to the local clock over
a period of time. In case the NTP server cannot be contacted, the ntpd daemon will
nevertheless keep applying the same adjustments (taken from the driftfile) to reach a
high degree of precision.
Important to note is that ntpd will not start if the time difference between itself and the time
server to be used is large. It is therefore common to run ntpdate before starting ntpd,
ntpdate connects to a time server, retrieves the correct time, sets the local clock to the
correct time, and exits.
It takes up to 6 minutes for the xntp client to sync up to the server. Therefore the time
difference between the NTP client and the server should not be any greater than 1000
seconds.
Detailed explanation of NTP protocol and configuration of NTP server is an advanced topic
which is covered in course AN21 TCP/IP for AIX Administrators.

14-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint
IBM Power Systems

1. True or False: The at.allow and at.deny files must be


used to specify which users are allowed and denied use of
the at command.

2. Give a crontab entry that would specify that a job should


run every Thursday at 10 past and 30 minutes past every
hour.

3. How would you schedule a script named myscript to run


10 minutes from now?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-17. Checkpoint AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Exercise
IBM Power Systems

Scheduling

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-18. Exercise AN123.1

Notes:
Introduction
This lab gives you the opportunity to schedule jobs using both at and crontab.
The exercise can be found in your Student Exercises Guide.

14-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Explain the role of the cron daemon
Use crontab files to schedule jobs on a periodic basis
Use the at command to schedule a job or series of jobs at
some time in the future
Use the batch command to schedule jobs in a queue in
order to alleviate immediate system demand
Explain and set the system time
Describe and set the time zone variable
Configure basic NTP clients

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 14-19. Unit summary AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 14. Scheduling and time 14-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

14-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 15. TCP/IP networking

What this unit is about


This unit describes the essential TCP/IP and networking concepts
required in order to work with and configure TCP/IP in AIX.

What you should be able to do


After completing this unit, you should be able to:
Define TCP/IP layering terminology
Describe the TCP/IP startup flow on AIX
Configure Virtual LANs
Describe IP addressing
Configure TCP/IP basic functions on AIX
- IP configuration, routing, aliasing
Explain how Ports and Sockets are used
Use standard TCP/IP facilities
- Log in to another system
- Transfer files
- Run commands
Configure NFS
Set up VNC

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 Operating system and device
management

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Define TCP/IP layering terminology
Describe the TCP/IP startup flow on AIX
Configure Virtual LANs
Describe IP addressing
Configure TCP/IP basic functions on AIX
IP configuration, routing, aliasing
Explain how Ports and Sockets are used
Use standard TCP/IP facilities
Log in to another system
Transfer files
Run commands
Configure NFS
Set up VNC
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-1. Unit objectives AN123.1

Notes:

15-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

What is TCP/IP?
IBM Power Systems

Transmission Control Protocol/Internet Protocol


Set of protocols (rules) which define how computers (hosts)
communicate on a network
Designed for heterogeneous systems
Supports different network types
Made up of Open Standards
Request for comments (RFCs)
Protocol of the Internet, defined in five layers

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-2. What is TCP/IP? AN123.1

Notes:
TCP/IP stands for Transmission Control Protocol/Internet Protocol. A more accurate name
is Internet Protocol Suite or IP Stack.
TCP/IP is a set of protocols or rules which define various aspects of how two computers in
a network may communicate with each other. A protocol is a set of rules which describes
the mechanisms and data structures involved. Using these definitions, vendors can write
software to implement the protocols for particular systems.
There are many different protocols which cover the aspects of addressing hosts in the
network, data representation and encoding, message passing, interprocess
communications, and application features, such as how to send mail or transfer files across
the network.
Where possible, the protocols are defined independently of any operating system, network
hardware, or machine architecture. In order to implement TCP/IP on a system, interface
software must be written to allow the protocols to use the available communications
hardware.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

This means that heterogeneous environments can be created where machines from
different manufacturers can be connected together, and different types of networks can be
interconnected.

15-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

TCP/IP layering
IBM Power Systems
Common
OSI 7 layer network
TCP/IP layer model
model devices
- Layer 7 switch
Application SNMP FTP DNS DHCP VNC
Application
SSH SMTP NFS LDAP MAIL
Presentation

- Firewall
Session TCP UDP
Transport Reliable delivery to
correct program
Unreliable delivery to
correct program
Transport

- Router
IP IPsec ICMP - Layer 3 switch
Network Internet

- Switch
LAN WAN
Data Link Network (Ethernet, FDDI, ....) (ATM, Leased lines, ....)
- Bridge
interface - NIC

Medium (connectors, cabling, distance) - NIC


Examples: Examples: - Repeater
Physical Physical 1000Base-TX/SX/LX SONET
IEEE 802.11x T/ E -carrier links
xDSL
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-3. TCP/IP layering AN123.1

Notes:
The TCP/IP protocol suite consists of lots of different protocols, which are described in
many thousands of RFCs. Most of these protocols and RFCs are either application specific
(such as RFC 959, which describes the FTP protocol), or describe how data should be
transferred over a specific architecture (such as RFC 894, which describes IP over
Ethernet). For now, it is important to understand the working and interdependency of only a
few core protocols. Since these protocols are built on top of each other, where one protocol
uses another protocol to get things done, the interdependency is almost as important as
understanding each protocol independently.
From top to bottom we find the following protocols:
Applications use either the User Datagram Protocol (UDP) or the Transmission
Control Protocol (TCP) to transmit their data. Both TCP and UDP deliver the data to
the right process, and make use of IP to arrange delivery to the right host. The
difference between UDP and TCP is that TCP implements a mechanism of
acknowledgments, whereby reliability can be guaranteed. UDP does not have such a
mechanism, making UDP less reliable.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The Internet layer is responsible for end-to-end (source to destination) packet delivery
including routing through intermediate hosts. Internet Control Message Protocol
(ICMP) messages are typically generated in response to errors in IP datagrams or for
diagnostic or routing purposes. The IPsec protocol is responsible for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a data
stream.
The Network interface is the protocol layer which transfers data between hosts. In
order to do this, a physical medium is required such as copper or fiber and hence the
network interface and physical layers are closely related.
Common network devices
Repeater. A repeater is an electronic device that receives a signal and retransmits
them at a higher level, higher power or both, so that the signal can cover longer
distances without degradation. Because repeaters work with the actual physical signal,
and do not attempt to interpret the data being transmitted, they operate on the Physical
layer, the first layer of the OSI model.
Network Interface Card (NIC). A NIC is a LAN adapter which is designed to allow
computers to communicate over a computer network. It is both a layer 1 (physical layer)
and layer 2 (data link layer) device, as it provides physical access to a networking
medium and provides a low-level addressing system through the use of MAC
addresses.
Bridge. A bridge is a hardware device for linking two networks that work with the same
protocol. Unlike a repeater, which works at the physical level, a bridge works at the
logical level (on layer 2), which means that it can filter frames so that it only lets past
data whose destination address corresponds to a machine located on the other side of
the bridge.
Switch. A network switch is a device that connects network segments. The term
commonly refers to a network bridge that processes and routes data at the Data link
layer (layer 2) of the OSI model.
- Layer 3. Switches that additionally process data at the network layer (layer 3 and
above), are often referred to as Layer 3 switches or multi-layer switches. A layer 3
switch can perform some or all of the functions normally performed by a router.
- Layer 4. Layer 4 switches process data a the transport layer and are always
vendor-dependent. An example of a layer 4 switch, is a Firewall which performs
transport layer function such as: Network Address Translation (NAT), IP filtering and
packet encryption/decryption.
- Layer 7. The most advanced switches, called layer 7 switches (corresponding to the
application layer of the OSI model), can redirect data based on advanced
application data contained in the data packets, for example, an awareness of the
type of the file being sent by FTP. For this reason, a layer 7 switch can be used for
load balancing, by routing the incoming data flow to the most appropriate servers,
which have a lower load or are responding more quickly.

15-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

LAN and broadcast domain


IBM Power Systems

LAN: Local area network


Group of local stations which share a layer 2 broadcast domain.
Broadcast domain: Stations that receive each others link level broadcasts
All stations have network interface cards (NIC) which use matching
physical, electrical, and layer 2 protocol abilities.
Each NIC has a unique hardware address.
Also known as a Media Access Control (MAC) address

host host host host

repeater
host host

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-4. LAN and broadcast domain AN123.1

Notes:
Generally, your server will connect to a local area network or LAN. A LAN is almost always
a collection of stations which are in relatively close physical proximity (such as in the same
building or even a single floor of a building). To extend the distance, digital repeaters are
sometimes inserted in the topology.
The stations connect to the LAN via a network interface card (NIC), commonly an Ethernet
adapter. As long as the NICs use the same signaling mechanism and link protocols, they
can talk to each other. Frames of data are addressed to the hardware address of the
adapter. The hardware address is also called the Media Access Control (MAC) address.
Broadcast mechanisms are used to discover the MAC address of the other stations. The
collection of stations which can receive a link level broadcast is referred to as a Broadcast
Domain
Originally, the stations shared cabling that allowed any station in the LAN to see all the
traffic on the LAN (even if not addressed to itself). Most current LANs have a central hub
that only repeats the signal to a station if it is either a broadcast frame or the frame is
addressed to the MAC address of that station.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Ethernet adapters and interfaces


IBM Power Systems

Each adapter (entX) has two interfaces (enX and etX).


enX interface uses the standard DIX Ethernet frame format.
Originally designed by Digital, Intel, and Xerox
etX interface uses IEEE802.3 frame format.
Interface: en0
Network Adapter Card port
Interface: et0
adapter device: ent0
(Layer three logical devices)
(Layer 1 and 2 physical device)
MAC
Address
## lsdev
lsdev -Cl
-Cl ent0
ent0
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter
## lscfg
lscfg -v
-v -l
-l ent0
ent0 |grep
|grep Network
Network IP addresses are
Network assigned to the
Network Address.............001125BF9018
Address.............001125BF9018 interfaces. In
## lsdev this case, en0.
lsdev -Cc
-Cc if
if
en0
en0 Available
Available 01-08
01-08 Standard
Standard Ethernet
Ethernet Network
Network Interface
Interface
et0
et0 Defined
Defined 01-08
01-08 IEEE
IEEE 802.3
802.3 Ethernet
Ethernet Network
Network Interface
Interface
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-5. Ethernet adapters and interfaces AN123.1

Notes:
Brief history of Ethernet
The original Ethernet is called Experimental Ethernet today. It was developed by Robert
Metcalfe in 1972 (patented in 1978) and was based in part on the ALOHAnet protocol. The
first Ethernet that was generally used was DIX Ethernet (known as Ethernet II) and was
derived from Experimental Ethernet. Today, there are many different standards, under the
umbrella of IEEE 802.3, and the technical community has accepted the term Ethernet for
all of them. Currently, under development is IEEE 802.3ba (40Gb/s and 100Gb/s Ethernet).
For further information see http://www.ieee802.org/3
Ethernet adapter support on AIX
TX 10/100/1000Mb up to 100m using traditional copper
SX 1000Mb up to 550m using multi-mode fiber
LX 1000Mb up to 5km using single-mode fiber (can also run on multi-mode fiber)
SR (short range) 10Gb up to 300m using multi-mode fiber

15-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty LR (long range) 10Gb up to 25km using single-mode fiber


In virtually all cases, on AIX you will configure the en (DIX) interface, et interfaces are rarely
(if at all) used.
Note: Fiber versus Fibre. When talking about networks and Fiber it is important to know
when to use the correct spelling. Fiber refers to the medium (wire), whereas Fibre refers to
the protocol, as in, Fibre channel.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Virtual LAN
IBM Power Systems

LAN membership set in the switch - specifies VLAN ID on the port


Typically, hosts are VLAN unaware
Host is restricted to VLAN assigned to the port.
Use of VLAN IDs (VID) is internal to the switching hub.
Switch tags frames from host with VID and strips VID when sent to host.
VLAN 3

host host host


VLAN 2

host host host

vid=2 vid=3 vid=2 vid=3 vid=2 vid=3

Ethernet switch
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-6. Virtual LAN AN123.1

Notes:
Virtual LAN (VLAN)
VLANs are used to support multiple networks even though the stations are connected to
the same central switching hubs. This helps to reduce the size of the broadcast domain
and helps with security through isolation. The switch administrator is responsible for
maintaining the isolation and controls access to each VLAN on a port by port basis.
When a station plugs into a network it is automatically on the LAN to which the port is
assigned. Originally, the LAN membership was maintained by switching physical circuits in
the hub. Today, the frame headers are modified or tagged to identify the VLAN
membership.
A host attached to a typical switch access port is unaware of this tagging. It simple sends
and receives frames that have no VLAN ID identification. The switching hub tags frames
coming in from the host with the port VLAN ID and removes that tagging when any frame
leaves the port destined for that host. Frames which do not match the ports assigned
VLAN ID are not sent out that port.

15-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Trunk ports and 802.1Q


IBM Power Systems

Trunks between switches


Extend VLAN domain beyond single switching hub
Carry VLAN ID in each frame to maintain VLAN membership
802.1Q: Industry standard for tagging frames with VLAN ID
Typically allow all tagged VLAN traffic
Can be restricted: Allow or deny list coded on the trunk port definitions

Tagged
frames
2 3 4 4 2 3 5 5
Ethernet switch Ethernet switch
6 6 2 3 trunk 6 6 2 3

Trunk ports -
VID allowed list: 2, 3
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-7. Trunk ports and 802.1Q AN123.1

Notes:
802.1Q VLAN
IEEE 802.1Q is the standard for VLANs. It aims to:
Define an architecture to logically partition bridged LANs and provide services to
defined user groups, independent of physical location.
Allow interoperability between multivendor equipment.
In 802.1Q, the VLAN information is written into the Ethernet packet itself. Each packet
carries a VLAN ID, called a Tag. This allows VLANs to be configured across multiple
switches. The ports used to connect two switches is defined as a trunk port. These
inter-switch trunk ports typically move tagged frames without striping those tags; the packet
travel on the trunk cable still tagged.
The switch administrator can configure the trunk port to restrict which VLAN it will carry by
coding VLAN ID allow or deny lists.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

VLAN aware hosts


IBM Power Systems

Host can use single port for multiple VLANs


Host can tag frames and process tagged frames with 802.1Q
Switch would define port as a trunk port; specify allow list
Tagged frames in the allowed list processed as-is
Tags not added or removed by the switch
Untagged frames processed normally using ports VLAN ID
Tagged Host
frames
2 3 4 4 ent1
3
Ethernet switch 4
6 6 2 3 trunk ent2
6

Trunk port -
VID allowed list: 2, 3
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-8. VLAN aware hosts AN123.1

Notes:
The main reason for a server being configured to identify its VLAN membership is to save
on hardware costs. Normally, the host would need to use a separate NIC (and a separate
switch port) for each LAN on which it needed to talk. A host which does its own VLAN
tagging can use a single NIC instead.
To support this the switch will usually define the port as a trunk port, as if it were connecting
to another switch. Due to security concerns, the switch administrator will typically code an
allow list of VLAN IDs for that port. The switch will discard any frames sent by the host
which are tagged with a VLAN ID which are not in the allowed list. Arriving packets, both
inbound and outbound, with tags that match the allowed list are passed along without
stripping the tag. It is common for a trunk connection to a host to also have a port VLAN ID,
just like a normal access port; when a frame from the host has no VLAN tagging, the switch
tags it with the port VLAN ID and when it sends a frame to the host, it strips the VLAN ID
when it matches the port VLAN ID.
The VLAN aware host in this situation is responsible for tagging frames being sent on
different VLANs and for separating the frames when they are received.

15-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX VLAN tagging


IBM Power Systems

To assign a VLAN ID in AIX, a VLAN adapter must be created.


Go to smit addvlan, and select a base Ethernet adapter.

Available
Available Network
Network Adapters
Adapters
Move
Move cursor to desired item
cursor to desired item and
and press
press Enter.
Enter. Use
Use arrow
arrow keys
keys to
to scroll.
scroll.

ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX
Base-TX PCI-X
PCI-X Adapter
Adapter (1410890)
(1410890)
ent0
ent0 Available
Available 01-08
01-08 10/100/1000
10/100/1000 Base-TX PCI-X Adapter (14106902)
Base-TX PCI-X Adapter (14106902)

Add
Add AA VLAN
VLAN
[Entry
[Entry Fields]
Fields]
VLAN
VLAN Base
Base Adapter
Adapter ent1
ent1
** VLAN
VLAN Tag ID
Tag ID [33]
[33] +#
+#
VLAN
VLAN Priority
Priority []
[] +#
+#

## lsdev
lsdev -Cc
-Cc adapter
adapter Packets which get
ent0
ent0 Available 01-08 10/100/1000 Base-TX PCI-X sent(14106902)
Adapter
Available 01-08 10/100/1000 Base-TX PCI-X Adapter from adapter
(14106902)
ent1
ent1 Available
Available 09-08
09-08 2-Port
2-Port 10/100/1000
10/100/1000 Base-TX PCI-Xent2,
Base-TX PCI-X are (14108902)
Adapter
Adapter sent
(14108902)
ent2
ent2 Available
Available VLAN
VLAN tagged (33) out of
ent1.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-9. AIX VLAN tagging AN123.1

Notes:
AIX can be configured to be VLAN aware. This is done by creating special VLAN adapters
which appear to be regular Ethernet adapters but which are based upon the actual physical
NIC. Each VLAN adapter has an associated VLAN ID which it will handle.
Use smit addvlan fast path to configure VLAN adapters. Start by selecting a base adapter,
which will be used to send the packets, and assign a VLAN tag. Optionally, you can also
specify a priority. This is used by the VLAN driver to prioritize packets if multiple VLANs are
created using the same base adapter. You can specify a value from 0-7, where 0 is the
default priority, 1 is the highest, and then in increasing numerical order from 2 through 7.
The VLAN adapter (in this case creating ent2) configuration will automatically create two
Ethernet interfaces in a defined state. Just as with the interfaces created when configuring
a physical adapter, you will need to configure an interface to use IP protocols. The example
in the visual, you would configure en2 for standard Ethernet.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IP and subnet addressing (1 of 2)


IBM Power Systems

Each host on a network has an assigned unique IP address


and associated subnet mask.
32 bits, divided into four octets

10000001 00100001 10010111 00000111


129 . 33 . 151 . 7
11111111 11111111 00000000 00000000 /16
255 . 255 . 0 . 0
Network identification Host identification

The network address = 129.33.0.0 (129.33/16)


The broadcast address = 129.33.255.255
The first host on the network = 129.33.0.1
The last host on the network = 129.33.255.254

Every TCP/IP host contains a special address called the


loopback which is assigned an address of 127.0.0.1.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-10. IP and subnet addressing (1 of 2) AN123.1

Notes:
In order to be able to deliver the IP packet to the correct destination host, every host needs
an IP address. These IP addresses are 32-bit values and have to be unique. In most cases,
the IP address is not written in its binary form, but in the so-called decimal dot notation,
where the 32 bits are grouped into four groups of eight bits each, and those eight bits are
written in decimal form, separated with dots. The subnet mask allows us to identify the two
key pieces of information in the IP address. The address of the network and the host
identification (host ID).
Several addresses and address ranges are reserved for special purposes. The most
important ones are listed here:
The IP address 127.0.0.1 (in fact, the whole 127.0.0.0/8 network) is reserved for the
loopback address. Hosts use the loopback address to send messages to themselves.
Any IP address with the hostname part all zeros, such as 129.33.0.0, is reserved as an
identification for the network itself. It is not a valid IP address to be assigned to a host.
Any IP address with the hostname part all ones, such as 129.33.255.255, is reserved as
the local broadcast address. Data sent to this address is delivered to all systems on the
local network.

15-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

IP and subnet addressing (2 of 2)


IBM Power Systems

Network addresses by default are divided into classes:

Class Default subnet mask Range No. of networks No. of hosts


A 255.0.0.0 (/8) 1-127 128 16.7 million
B 255.255.0.0 (/16) 128-191 16384 65534
C 255.255.255.0 (/24) 192-223 2.1 Million 254

Network assignment is managed by the IANA (Internet


Assigned Numbers Authority) through ISPs.
Network addresses are generally, either broken up and assigned to
physical networks (subnetting) or aggregated together (supernetting).
This is achieved by manipulating the subnet mask.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-11. IP and subnet addressing (2 of 2) AN123.1

Notes:
IP addresses need to be assigned in such a way that they are unique across the whole
Internet. That is why there is a special organization that does this. This is the Internet
Assigned Number Authority, or IANA. They are responsible for assigning groups of
addresses, called classes, to organizations. They do not do this directly, but have
contracted out that responsibility to the InterNIC (http://www.internic.net), who in turn
delegates this to local ISPs.
In additional to classes A to C, there are also classes D and E. Class D addresses are
reserved for multicasting. Multicasting is a limited area type of broadcasting. There is no
network or host portion in a multicast address. It is an integer number registered with the
InterNIC that identifies a group of machines. Class E, is for experimental use only.
Class A and B addresses contain lots of hosts, and therefore, need to be broken down into
smaller more manageable chunks. This is achieved through a process known as
subnetting. On the other hand, class C addresses contain very few hosts, which can also
be subnetted into smaller chunks, but very often need to be aggregated together to form
larger networks. This is achieved through a process known as supernetting.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Subnetting example
IBM Power Systems

Company bigbucks.com has acquired the class B network address of


129.33.0.0. They need to split the address range so they can have up to
128 physical networks and up to 510 hosts per network.

10000001 00100001 0000000 0 00000000


129 . 33 . 0 . 0
11111111 11111111 1111111 0 00000000 /23
255 . 255 . 254 . 0
Network identification Assigned by this Host identification
organization to the
network

The number of possible


physical (sub) networks
The number of hosts
is:
per network is:
2^7 = 128.
(2^9)-2 = 510.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-12. Subnetting example AN123.1

Notes:
The default subnet mask for a class B network is 255.255.0.0. This translates to one
network with ((2^16)-2) with 65534 hosts. Organizations with a class A and B address often
have hundreds, if not thousands of physical networks split across both local and
geographically dispersed locations. The only way to do this is to split the network address
into more manageable chunks. This is achieved by borrowing bits from the host ID and
using them for the network. Using seven bits from the host ID, allows for (2^7) 128 physical
networks. On each of the 128 networks, there can be ((2^9)-2) 510 hosts. We have to
subtract two from the number of hosts, because all zeros are reserved for the network and
all ones are reserved for the broadcast address.

15-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Supernetting example
IBM Power Systems

Company losechange.com has acquired four class C network


addresses: 222.180.108.0 through to 222.180.111.0. However, they
would like to aggregate these networks together to form one global
network.

11111100 10110100 011011 00 00000000


222 . 180 . 108 . 0
11111111 11111111 111111 00 00000000 /22
255 . 255 . 252 . 0
Network identification Host identification

One class C network


Network address = The number of
222.180.108.0/22 hosts
(2^10)-2 = 1022

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-13. Supernetting example AN123.1

Notes:
Having four class C addresses is four physical networks each with up to 254 hosts. Each
network would require a router to route packets between them. Supernetting is the
opposite to subnetting and borrows bits from the network portion of the IP address. In the
example, we have borrowed two bits, changing the subnet mask from 255.255.255.0 to
255.255.252.0. The result is that networks 222.180.109, 110 and 111 have become part of
the 222.180.108 network. The 222.180.108 network can have up to ((2^10)-2) 1022 hosts.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

How is TCP/IP configured on AIX? (1 of 2)


IBM Power Systems

There are many ways. However, in most cases you start with
smit mktcpip.
A one stop shop for
Minimum
Minimum Configuration
Configuration && Startup
Startup TCP/IP config on
AIX.
To
To Delete
Delete existing
existing configuration
configuration data,
data, please
please use
use Further
Further Configuration
Configuration
menus
menus
Type
Type or
or select
select values
values in
in entry
entry fields.
fields.
Press
Press Enter
Enter AFTER
AFTER making
making all
all desired
desired changes.
changes.
[Entry
[Entry Fields]
Fields]
** HOSTNAME
HOSTNAME [waldorf]
[waldorf]
** Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.18]
[10.47.1.18]
Network
Network MASK
MASK (dotted
(dotted decimal)
decimal) [255.255.0.0]
[255.255.0.0]
** Network
Network INTERFACE
INTERFACE en0
en0
NAMESERVER
NAMESERVER
Internet
Internet ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [10.47.1.33]
[10.47.1.33]
DOMAIN Name
DOMAIN Name [lpar.co.uk]
[lpar.co.uk]
Default
Default Gateway
Gateway
Address
Address (dotted
(dotted decimal
decimal or
or symbolic
symbolic name)
name) [10.47.0.1]
[10.47.0.1]
Cost
Cost [0]
[0] ##
Do
Do Active
Active Dead
Dead Gateway
Gateway Detection?
Detection? no
no ++
Your
Your CABLE
CABLE Type
Type N/A
N/A ++
START
START Now
Now no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-14. How is TCP/IP configured on AIX? (1 of 2) AN123.1

Notes:
AIX provides a very quick and easy configuration SMIT panel for configuring TCP/IP on the
system. The essential items you will require are:
Host name of the machine
IP address and network mask
Interface to be configured
Desirable items are:
Default Gateway for the environment
DNS parameters (nameserver and domain name)
This information populates the /etc/resolv.conf file, as follows:
nameserver 10.47.1.33
domain lpar.co.uk
Cable type is generally not required and can be left as N/A. Start now will refresh or start,
the TCP/IP subsystems. Note: they should already be running!

15-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

How is TCP/IP configured on AIX? (2 of 2)


IBM Power Systems

smit tcpip should only be used for the first adapter. In a multi-homed
host, subsequent adapters should be configured with smit chinet.

Change
Change // Show
Show aa Standard
Standard Ethernet
Ethernet Interface
Interface

[Entry
[Entry Fields]
Fields]
Network
Network Interface
Interface Name
Name en1
en1
INTERNET
INTERNET ADDRESS
ADDRESS (dotted
(dotted decimal)
decimal) [192.168.0.1]
[192.168.0.1]
Network
Network MASK
MASK (hexadecimal
(hexadecimal oror dotted
dotted decimal)
decimal) [255.255.255.0]
[255.255.255.0]
Current STATE
Current STATE up
up ++
Use
Use Address
Address Resolution
Resolution Protocol
Protocol (ARP)?
(ARP)? yes
yes ++
BROADCAST
BROADCAST ADDRESS (dotted decimal)
ADDRESS (dotted decimal) []
[]
Interface
Interface Specific
Specific Network
Network Options
Options
('NULL'
('NULL' will
will unset
unset the
the option)
option)
rfc1323
rfc1323 []
[]
tcp_mssdflt
tcp_mssdflt []
[]
tcp_nodelay
tcp_nodelay []
[]
tcp_recvspace
tcp_recvspace []
[]
tcp_sendspace
tcp_sendspace []
[]
Apply
Apply change
change to
to DATABASE
DATABASE only
only no
no ++

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-15. How is TCP/IP configured on AIX? (2 of 2) AN123.1

Notes:
If SMIT is being used to configure further interfaces, then the fastpath smit chinet should be
used. All fields are optional, but essential items are:
IP address and network mask
Interface to be configured
State of the interface, default is DOWN so do not forget to switch this to UP this is a
very common configuration error.
The network specific options are beyond the scope of this class.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Command line TCP/IP configuration


IBM Power Systems

There are two ways to configure network resources:


AIX ODM (chdev or SMIT)
Directly, using BSD UNIX commands: hostname, ifconfig, route
(valid until reboot)
Setting the host name
ODM: # chdev l inet0 a hostname=sys1
Directly: # hostname sys1
Defining an IP address for an interface
ODM: # chdev -l en0 -a netaddr=192.168.0.1 a \
netmask=255.255.255.0 -a state=up
Directly: # ifconfig en0 192.168.0.1 255.255.255.0 up
For direct method, append commands to:
/etc/rc.net
or
/etc/bsdnet (if inet0 bootup_option=yes)
Can use host name and ifconfig for display of values
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-16. Command line TCP/IP configuration AN123.1

Notes:
As well as SMIT, TCP/IP configuration can be driven from the command line. There are two
ways to handle this:
The AIX way, in which configuration is stored in the AIX internal database (ODM). This
way, the configuration remains after shutdown/restart.
The traditional BSD UNIX way. This way configuration does not survive restarts unless
the commands are entered into the /etc/rc.net file.
The /etc/rc.net file is executed by cfgmgr during system boot. The /etc/rc.net file
configures AIX style configuration and optionally traditional BSD UNIX configuration. If only
traditional BSD style networking is required, then the following command can be run: #
chdev -l inet0 -a bootup_option=yes. Doing this, causes AIX to process the
/etc/rc.bsdnet instead of rc.net file at boot time. Commands such as hostname, ifconfig,
route etc should be appended to /etc/rc.bsdnet as appropriate.
Even if using the ODM method, the hostname and ifconfig commands are still of great
use in displaying the current kernel network configuration.

15-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Verifying network interfaces


IBM Power Systems

netstat
## netstat
netstat -in
-in
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs Coll
Coll
en0
en0 1500
1500 link#2
link#2 ea.48.f0.0.b0.3
ea.48.f0.0.b0.3 3359653
3359653 00 238778
238778 00 00
en0
en0 1500
1500 10.47
10.47 10.47.1.23
10.47.1.23 3359653
3359653 00 238778
238778 00 00
lo0
lo0 16896
16896 link#1
link#1 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 127
127 localhost
localhost 1201
1201 00 1214
1214 00 00
lo0
lo0 16896
16896 ::1
::1 00 1201
1201 00 1214
1214 00 00

ifconfig
## ifconfig
ifconfig -a
-a
en0:
en0:
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CH
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
ECKSUM_OFFLOAD(ACTIVE),CHAIN>
inet
inet 10.47.1.23
10.47.1.23 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
tcp_sendspace
tcp_sendspace 262144
262144 tcp_recvspace
tcp_recvspace 262144
262144 rfc1323
rfc1323 11
lo0:
lo0: flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
flags=e08084b<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT>
inet
inet 127.0.0.1
127.0.0.1 netmask
netmask 0xff000000
0xff000000 broadcast
broadcast 127.255.255.255
127.255.255.255
inet6
inet6 ::1/0
::1/0
tcp_sendspace
tcp_sendspace 131072
131072 tcp_recvspace
tcp_recvspace 131072
131072 rfc1323
rfc1323 11

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-17. Verifying network interfaces AN123.1

Notes:
The netstat i command shows the state of all configured interfaces. The n flag shows
network addresses as numbers. When this flag is not specified, the netstat command
interprets addresses, where possible, and displays them symbolically.
The ifconfig a command is used to display information about all interfaces in the system.
The key flags are UP and RUNNING, which show the interface is available and active.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Name resolution
IBM Power Systems

Name resolution methods: Local, DNS, NIS, and LDAP.


Local - /etc/hosts file:
127.0.0.1
127.0.0.1 loopback
loopback localhost
localhost
10.10.1.1
10.10.1.1 system1
system1 nimserver
nimserver
10.10.1.2
10.10.1.2 system2
system2

DNS - /etc/resolv.conf
domain
domain lpar.co.uk
lpar.co.uk
nameserver
nameserver 10.47.1.33
10.47.1.33

The name resolution order is:


Default order: bind (DNS), NIS=auth, local
Override with /etc/netsvc.conf, append:
hosts = local, bind
Override both with environment variable NSORDER:
NSORDER=local,bind
Display resolution with: # host <name or IP addr>
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-18. Name resolution AN123.1

Notes:
Systems use different methods for mapping host names to IP addresses. The method
depends upon the environment in which a system is going to participate.
Flat Network: This method provides name resolution through the file /etc/hosts and
works well in small, stable environments.
DNS (Domain Name Server): DNS is a system that allows name and IP lookups, in a
tree like database structure. It was created due to the growth of the Internet and
designed for large networks.
NIS Server (Network Information System): This method provides a centralized server
for administration of configuration, and other files, within a LAN environment.
LDAP Server (Lightweight Directory Access Protocol): LDAP is an application protocol
for querying and modifying directory services running over TCP/IP. Tivoli Directory
Server (TDS) is IBM's version of an LDAP server
Default Name resolution
The existence of /etc/resolv.conf determines how a system resolves host names and IP
addresses within a domain or flat network.

15-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty If /etc/resolv.conf exists, then the system will attempt to query a DNS server.
If /etc/resolv.conf does not exist, the system will check to see if NIS is being used and
if the server is available. NIS is authoritative. This means, that if the NIS client
subsystem is running, and it is not successful in obtaining an answer, then the process
stops.
Finally, the local /etc/hosts file is checked.
Overriding the default name resolution
The default Name resolution can be overwritten in two ways:
Append to the /etc/netsvc.conf file and specify host ordering. Use the hosts attribute
followed by the name of the resource to use. The resources listed depend on what
name resolution processes are running on the network.
Create an environment variable NSORDER. NSORDER overrides any name resolution
specified in the /etc/netsvc.conf file.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Routing implementation (1 of 2)
IBM Power Systems

subnet mask 9.19.99.17


sys1
255.255.0.0 sys17
9.19.98.1
(/16)
subnet mask
9.19.99.20 9.19.99.11 sys5
sys11 255.255.255.0
Internet sys20
9.19.98.5 (/24)
sys20e sys11e
152.64.10.1 9.19.98.11
default router
sys13 sys10
9.19.99.13 9.19.98.10

destination deliver via


address gateway
Host Route 9.19.98.1 9.19.99.11
Network Route 9.19.98/24 9.19.99.11
Default Route default 9.19.99.20
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-19. Routing implementation (1 of 2) AN123.1

Notes:
A route does not define the complete path. It defines only the path segment from one host
to a gateway that can forward packets to a destination, or from one gateway to another.
Routes are defined in the kernel routing table. Each routing table entry has two
components:
Destination address, where you want to end up
Gateway address, where the packet gets sent on its way to its final destination
TCP/IP searches the route table for a best match on the destination in the following order:
A host route. defines a route to a specific host. The routing IP algorithm still sees a
host address as a network; it is simply a perfect match.
A network route. defines a route to any of the hosts on a specific network through a
gateway.
A default route. defines a route to use when the destination did not match any host
route or network specific route. In most hosts, the only type of route the administrator
needs to define is a default route, also known as the default gateway.

15-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Hosts should not forward IP datagrams unless specifically configured as a router. Most
BSD-derived implementations (AIX) include a kernel variable called ipforwarding, which is
used to control this behavior. The no command is used to view or change the value of
ipforwarding.
To change it: # no -o ipforwarding=<value>
The values are: ipforwarding=0 (do not forward), ipforwarding=1 (do forward).

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Routing implementation (2 of 2)
IBM Power Systems

Route syntax: route [add/delete/change] [destination] [gateway]


Add a default gateway
## route
route add
add 00 9.19.99.20
9.19.99.20

Add a host or network route


## route
route add
add 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11

## route
route add
add net
net 9.19.98
9.19.98 9.19.99.11
9.19.99.11

Delete a host route


## route
route delete
delete 9.19.98.1
9.19.98.1 9.19.99.11
9.19.99.11

Empty or flush the routing table


## route
route -f
-f

Configure an AIX host as a router


## no
no o
o ipforwarding=1
ipforwarding=1
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-20. Routing implementation (2 of 2) AN123.1

Notes:
See the route man page for further details about route options and parameters.
Please note that route command above is the traditional BSD UNIX so changes made by
route are not persistent after system restart unless the commands are entered into the
/etc/rc.net file (already discussed in Command line TCP/IP configuration). Routes can
also be manipulated through SMIT (smit route) or by command which change ODM which
is chinet route = type, [args,], destination, gateway, [metric]. See the chinet man page for
further details.

15-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Multipath routing
IBM Power Systems

AIX will allow you to add multiple routes to the same


destination. It is known as MPR (multipath routing).
This is for load balancing and high availability.

2
1 Primary Default Router1
Primary Default Router1 10.47.0.1
10.47.0.1
Host
Host 10.47.1.18
10.47.1.18
Default Router2
Default Router2 10.47.0.254
10.47.0.254 Primary
Backup

1
# route add 0 10.47.0.1 -hopcount 1 active_dgd
# route add 0 10.47.0.254 hopcount 10 active_dgd
2
# route add 0 10.47.0.1 hopcount 1 active_dgd
# route add 0 10.47.0.254 hopcount 1 active_dgd
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-21. Multipath routing AN123.1

Notes:
Since AIX5L, multiple routes can be configured to the same destination. This configuration
is known as multipath routing (MPR). MPR allows us to load balance between gateways or
prioritize paths using the weight option. MPR also allows us to do Dead Gateway Detection
(DGD). This enables the system to dynamically change the weight on a route if a router has
failed. There are two methods of DGD, active and passive. The passive mode has less
overhead on the network, but can be slow to respond to an outage. Active has more
overhead on the network but is more responsive to an outage, because icmp (ping)
packets are used to periodically poll/detect if a router is up or down. Active DGD is
deployed by using the active_dgd option on the route command.
By default, AIX will round-robin load balance between the available routes evenly. It is
possible to customize the load balancing but that will not be covered here. If a route is a
less desirable route to be used only for backup, then you can avoid the use of that route by
defining a high cost for that route. The route command option which identifies cost is the
hopcount option with a large value making that route less desirable. AIX will always use a
route that is lower cost.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

IP aliasing
IBM Power Systems

IP aliasing assigned multiple IP addresses to a single IP


interface
Commonly used with clustering (for example, PowerHA)
## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep v
v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500 192.168.0
1500 192.168.0 192.168.0.1
192.168.0.1 00 00 66 00

## ifconfig
ifconfig en1
en1 alias
alias 172.31.0.1
172.31.0.1 255.255.0.0
255.255.0.0
## ifconfig
ifconfig en1 alias 10.47.33.33 255.255.0.0
en1 alias 10.47.33.33 255.255.0.0

## netstat
netstat -in
-in -I
-I en1
en1 || grep
grep v
v link
link
Name
Name Mtu
Mtu Network
Network Address
Address ZoneID
ZoneID Ipkts
Ipkts Ierrs
Ierrs Opkts
Opkts Oerrs
Oerrs
en1
en1 1500 192.168.0
1500 192.168.0 192.168.0.1
192.168.0.1 00 00 77 00
en1
en1 1500
1500 172.31
172.31 172.31.0.1
172.31.0.1 00 00 77 00
en1
en1 1500
1500 10
10 10.47.33.33
10.47.33.33 00 00 88 00

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-22. IP aliasing AN123.1

Notes:
IP aliasing is used widely in clustering technologies (such as HACMP), and in WPARs. It is
very useful if the network is being converted to another IP subnet or network range.

15-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Testing for remote connectivity


IBM Power Systems

## ping
ping sys1
sys1
PING
PING sys1:
sys1: (192.108.14.2):
(192.108.14.2): 56
56 data
data bytes
bytes
64
64 bytes
bytes from
from 192.108.14.2:
192.108.14.2: icmp_seq=0
icmp_seq=0 ttl=255
ttl=255 time=0
time=0 ms
ms
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0
64 bytes from 192.108.14.2: icmp_seq=1 ttl=255 time=0 ms ms
^C
^C
----seraph
----seraph PING
PING Statistics----
Statistics----
22 packets
packets transmitted,
transmitted, 22 packets
packets received,
received, 0%
0% packet
packet loss
loss

## traceroute
traceroute sys1
sys1
trying
trying to
to get
get source
source for
for sys1
sys1
source should be 10.47.1.31
source should be 10.47.1.31
traceroute
traceroute to
to seraph
seraph (192.108.14.2)
(192.108.14.2) from
from 10.47.1.31
10.47.1.31 (10.47.1.31),
(10.47.1.31), 30
30 hops
hops
max
max
outgoing
outgoing MTU
MTU == 1500
1500
11 merovingian.lpar.co.uk
merovingian.lpar.co.uk (10.47.1.30)
(10.47.1.30) 11 msms 00 ms
ms 00 ms
ms
22 7.7.7.1
7.7.7.1 (7.7.7.1)
(7.7.7.1) 00 ms
ms 00 ms
ms 00 ms
ms
33 sys1
sys1 (192.108.14.2)
(192.108.14.2) 00 msms 00 ms
ms 00 ms
ms

Note: Sometimes the protocols used by ping (icmp) and


traceroute (udp) are blocked by firewalls or IPSec filters.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-23. Testing for remote connectivity AN123.1

Notes:
The ping command sends an ICMP ECHO_REQUEST to obtain an ICMP
ECHO_RESPONSE from a host or router. If the host is operational and on the network, it
responds to the echo.
The default is to continuously send echo requests until an interrupt is received with <ctrl-c>,
but there is an option (-c) to specify the number of packets sent. The ping command sends
one datagram per second and prints one line of output for every response received. It
calculates round trip times and packet loss statistics, and displays a brief summary upon
completion.
Be very careful of some options like f. This will cause ICMP packets to flood the network.
Ping is most useful to test basic connectivity between hosts, but that it can not tell us any
thing about where the break is in the path. On the other hand, if ping cannot get a
response, traceroute can sometimes still give us information that helps to identify the
outage.
traceroute is useful for displaying all the routers between end to end host connectively. It
may turn out that the remote host is OK but a router has failed along the path. Traceroute

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

works by increasing the time-to-live value of each successive batch of packets sent. The
first three packets sent have a time-to-live (TTL) value of one (implying that they are not
forwarded by the next router and make only a single hop). The next three packets have a
TTL value of 2, and so on. When a packet passes through a host, normally the host
decrements the TTL value by one, and forwards the packet to the next host. When a packet
with a TTL of one reaches a host, the host discards the packet and sends an ICMP time
exceeded (type 11) packet to the sender. The traceroute utility uses these returning
packets to produce a list of hosts that the packets have traversed en route to the
destination. The three time stamp values returned for each host along the path are the
delay (known as latency) values typically in milliseconds (ms) for each packet in the batch.
If a packet does not return within the expected timeout window, a star (asterisk) is
traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is
at one hop, the second host at two hops, and so on. IP does not guarantee that all the
packets take the same route. Also note, that if the host at hop number N does not reply, the
hop will be skipped in the output.

15-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Ports and sockets


IBM Power Systems

A port identifies the application on the host.


Server side ports are well-known and fixed.
The are stored in /etc/services.
Client side ports are dynamic > 1023.
Every client connection uses a new port.
A socket is a combination of IP address, protocol, and port
number.
A pair of sockets define a unique application network connection.
TCP and UDP implement ports independent of each other.
## grep
grep "^ftp
"^ftp "" /etc/services
/etc/services
ftp
ftp 21/tcp
21/tcp ## File
File Transfer
Transfer [Control]
[Control]
ftp
ftp 21/udp
21/udp ## File Transfer [Control]
File Transfer [Control]

neo:/
neo:/ ## ftp
ftp trinity
trinity Socket connection
resulting from the
neo:/
neo:/ ## netstat
netstat -a
-a |grep
|grep trinity
trinity ftp communication
tcp
tcp 00 00 neo.57413
neo.57413 trinity.ftp
trinity.ftp ESTABLISHED
ESTABLISHED

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-24. Ports and sockets AN123.1

Notes:
Each process that wants to communicate with another process needs to identify itself in
some way. The logical construct used by TCP/IP to accomplish this task is called a port.
A port uniquely identifies an application (also called network services). The source port
number and the destination port number are contained in the header of each TCP segment
or UDP packet.
Port numbers are defined in the /etc/services file. Port numbers from 0-1023 are called
well-known published ports and are reserved for standard applications like telnet and ftp.
When a datagram arrives at its destination based on the destination address, IP checks the
protocol. The data delivered to the transport protocol contains the destination port number
that tells the transport protocol to which application process the data needs to go.
A socket is a combination of IP address and port number and protocol family, which
uniquely identifies a single network process. A socket is also referred to as a
communication end point. A pair of sockets uniquely identifies the end to end connection.
Socket communication can be viewed with the netstat a command.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

inetd daemon
IBM Power Systems

Known as the super server daemon


Loads a network program based upon request
Example network programs
ftp, tftp, login, telnet, shell, exec, bootp, time.
To enable or disable a network program, comment or uncomment the
appropriate line, and refresh the inetd daemon.
Example: disable ftp
vi
vi /etc/inetd.conf,
/etc/inetd.conf, locate
locate and
and comment
comment out
out ftp
ftp line
line

## ftp
ftp stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/ftpd
/usr/sbin/ftpd ftpd
ftpd
telnet
telnet stream tcp6
stream tcp6 nowait root
nowait root /usr/sbin/telnetd
/usr/sbin/telnetd telnetd
telnetd -a
-a
shell
shell stream
stream tcp6
tcp6 nowait
nowait root
root /usr/sbin/rshd
/usr/sbin/rshd rshd
rshd

## refresh
refresh s
s inetd
inetd
0513-095
0513-095 The request for
The request for subsystem
subsystem refresh
refresh was
was completed
completed successfully.
successfully.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-25. inetd daemon AN123.1

Notes:
The inetd daemon is started at boot time from /etc/rc.tcpip. When it is started, inetd reads
its configuration from the /etc/inetd.conf file. This file contains the names of the services
that inetd listens for requests and starts as needed, to handle these requests. The file is
used to enable and disable network services, such as ftp. To disable ftp on the host, edit
the inetd.conf file, locate and comment out the ftp program, then refresh the inetd
daemon.

15-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

TCP/IP start-up flow


IBM Power Systems

Partition Activation

Run time init Process /etc/inittab

/sbin/rc.boot calls cfgmgr Process /etc/rc.net

/etc/rc.tcpip Starts TCP/IP subsystems


syslogd
/etc/rc.nfs snmpd
sendmail
portmap
Login
inetd /etc/inetd.conf

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-26. TCP/IP start-up flow AN123.1

Notes:
TCP/IP startup is initiated from the inittab processing. /sbin/rc.boot calls cfgmgr during the
second phase processing which will in turn initialize the network interfaces and set up
routing by processing the /etc/rc.net file. TCP/IP subsystems are started from /etc/rc.tcpip
script. This script can be edited directly to comment or uncomment subsystem startup. The
inetd daemon is responsible for loading network programs upon request, such as ftp, telnet
etc. Once the core TCP/IP subsystems have been initialized, further TCP/IP based
applications such as NFS, NIM, HACMP, can be started.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Remote UNIX commands


IBM Power Systems

Logging into a UNIX box remotely


## rsh
rsh trinity
trinity -l
-l root
root
## rlogin
rlogin trinity -l root
trinity -l root
## telnet trinity
telnet trinity
## ssh
ssh root@trinity
root@trinity

Running single commands remotely on a UNIX box


## rsh
rsh trinity
trinity -l
-l root
root date
date
## rexec trinity date
rexec trinity date
## ssh
ssh root@trinity
root@trinity date
date

r* single commands need trusted host definitions on the server side


Client identity can be spoofed
ssh commands need client key stored at server to be prompt-less
Data and passwords are transferred in clear text (except ssh)
There are several types of ssh software available for AIX.
OpenSSH is contained on the AIX Expansion Pack.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-27. Remote UNIX commands AN123.1

Notes:
The commands, telnet, rsh, rexec, and rlogin are all part of the bos.net.tcp.client fileset
which is installed by default. Any passwords entered using these commands are
transferred over the network in clear text and can be easily captured using packet sniffing
tools. rsh, rexec, and rlogin commands can be configured so that the client user does not
have to supply a password. This introduces further vulnerabilities in the system. Ideally all
r* commands, including telnet, should be disabled. They can be replaced by SSH.
Openssh, including secure copy and file transfer commands, can be installed using the AIX
expansion pack media.

15-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Transferring files over a network


IBM Power Systems

## ftp
ftp waldorf
waldorf
Connected
Connected to
to waldorf.lpar.co.uk.
waldorf.lpar.co.uk.
220
220 waldorf.lpar.co.uk
waldorf.lpar.co.uk FTP
FTP server
server (Version
(Version 4.2
4.2 Thu
Thu Apr
Apr 17
17 02:03:14
02:03:14 CDT
CDT 2008)
2008)
ready.
ready.
Name
Name (waldorf:root):
(waldorf:root):
331
331 Password
Password required
required for
for root.
root.
Password:
Password:
ftp>
ftp> prompt
prompt
Interactive
Interactive mode
mode off.
off.
ftp>
ftp> mput
mput file*
file*
200
200 PORT
PORT command
command successful.
successful.
150
150 Opening
Opening data
data connection
connection for
for file1.
file1.
226
226 Transfer
Transfer complete.
complete.
200
200 PORT
PORT command
command successful.
successful.
ftp> bye
ftp> bye
221
221 Goodbye.
Goodbye.

## rcp
rcp file*
file* waldorf:/tmp/files
waldorf:/tmp/files
## scp
scp file*
file* root@waldorf:/tmp/files
root@waldorf:/tmp/files
root@waldorf's
root@waldorf's password:
password:
file1
file1 100%
100% 2069
2069 2.0KB/s
2.0KB/s 00:00
00:00
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-28. Transferring files over a network AN123.1

Notes:
The ftp command is a commonly used program for transferring files across a network. The
remote user name specified at the login prompt, must exist, and have a valid password
defined at the remote host. To gain a list of all ftp sub-commands, type help in an
interactive session or see the man page.
The rcp command is used to copy one or more files between the local host and a remote
host. The scp command is part of OpenSSH and is designed to replace rcp.
ftp and rcp use unsecured protocols, as all data including passwords are transferred
across the network unencrypted. These passwords are very easy to sniff and capture.
AIX (starting with AIX6.1)also has an ftp secure feature (-s) which uses Transport Layer
Security (TSL) to encrypt data. To use the secure (s) option, OpenSSL must be installed,
minimum level 0.9.7.
In each case, the facilities support wild-carding for file names. In the example they only
matched to a single file, but this can be powerful when transferring a collection of files.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Network file system


IBM Power Systems

File sharing between heterogeneous systems in a TCP/IP


network
Transparent access to remote files and directories
Based on a client/server model
Filesets:
Server: bos.net.nfs.server
Client: bos.net.nfs.client
/home

/data client1 client2


/data

/data nfs_server /home

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-29. Network file system AN123.1

Notes:
Network file system (NFS) is a facility for sharing files in a heterogeneous environment of
machines, operating systems, and networks. The NFS function is built into the kernel of the
operating system so it is transparent to applications and users. NFS is based on a
client/server model, where the server stores files and provides clients with access.

15-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

NFS server configuration (1 of 2)


IBM Power Systems

Server configuration
Starting NFS (now and at system restart)
/usr/sbin/mknfs B
## lssrc
lssrc g
g nfs
nfs
biod
biod nfs
nfs 352444
352444 active
active
nfsd
nfsd nfs
nfs 221328
221328 active
active
rpc.mountd
rpc.mountd nfs
nfs 315524
315524 active
active
rpc.statd
rpc.statd nfs
nfs 364738
364738 active
active
rpc.lockd
rpc.lockd nfs
nfs 258262
258262 active
active
Stopping NFS (now)
/usr/sbin/rmnfs N
## lssrc
lssrc g
g nfs
nfs
biod
biod nfs
nfs inoperative
inoperative
nfsd
nfsd nfs
nfs inoperative
inoperative
rpc.mountd
rpc.mountd nfs
nfs inoperative
inoperative
rpc.statd
rpc.statd nfs
nfs inoperative
inoperative
rpc.lockd
rpc.lockd nfs
nfs inoperative
inoperative
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-30. NFS server configuration (1 of 2) AN123.1

Notes:
The mknfs command configures the system to run the NFS daemons. The mknfs command
accepts the following flags:
-BAdds an entry to the inittab file to execute the /etc/rc.nfs file on system restart and
executes the /etc/rc.nfs file immediately to start the NFS daemons
-IAdds an entry to the inittab file to execute the /etc/rc.nfs file on system restart
-NStarts the /etc/rc.nfs file to start the NFS daemons immediately, when started this
way, the daemons run until the next system restart
When NFS is started the follow daemons are invoked:
The biod daemon runs on all NFS client systems. When a user on a client wants to
read or write to a file on a server, the biod daemon sends this request to the server. The
biod daemon is activated during system startup and runs continuously.
The nfsd daemon runs on the server and handles client requests for file system
operations.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The rpc.mountd daemon answers client requests to mount file systems. The mountd
daemon finds out which file systems are available by reading the /etc/xtab file. The
/etc/xtab file is created when file systems are exported on the server. This process is
covered in the next visual.
The rpc.statd and rpc.lockd daemons work together to main stateful locking. NFS
implements an advisory locking mechanism, meaning if a program, and does not pay
any attention to the locking messages it receives, it can go ahead and access the file. In
the event of a server crash, the locking information will be recovered. The status
monitor maintains information on the location of connections as well as the status in the
/etc/sm directory, the /etc/sm.bak file, and the /etc/state file. When restarted, the statd
daemon queries these files and tries to reestablish the connection it had prior to
termination.
The rmnfs command changes the configuration of the system to stop running NFS
daemons. It accepts the same flags as mknfs.

15-38 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

NFS server configuration (2 of 2)


IBM Power Systems

/etc/exports
/home
/home
/usr/man
/usr/man -ro
-ro mknfsexp
/data
/data -root=sys1:sys2
-root=sys1:sys2
chnfsexp OR smit nfs
rmnfsexp
exportfs -a

exportfs /home
/etc/xtab /usr/man -ro
/data -root=sys1:sys2

rpc.mountd

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-31. NFS server configuration (2 of 2) AN123.1

Notes:
In order to configure an NFS server, you have to first decide:
What directories you want to export
Which clients you want to have access the directories and files
The permissions (for example, read-write, read-only) clients will have when accessing
the files
In the example shown in the visual:
/home is exported to the world with read-write permissions. For security reasons, the
clients root user does not have root privileges when accessing the files remotely. The
root user is mapped to the nobody user (UID = -2).
/usr/man directory is exported to the world with read-only permissions.
/data directory is exported to systems: sys1, sys2, and these systems have read-write
access with their root users having root privileges when accessing the files remotely.
Normally the clients root user is mapped to user nobody on the server.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Only when the NFS subsystem is activated, using the mknfs command, can directories be
made available. When the /etc/export file has been configured, the exportfs command is
used to make the directories available for client mounting. The exportfs -a command
exports all items listed in the /etc/exports file and automatically copies the entries to the
/etc/xtab file. /etc/xtab file entries are used by the system and always reflect what is
currently exported. This leaves the /etc/exports file available for updating at any time. The
/etc/xtab file must never the edited directly.
An easy way to maintain the NFS export list is to use SMIT or the AIX commands that are
issued by SMIT. These commands are mknfsexp, chnfsexp, and rmnfsexp. The SMT
panels will simplify the creation of otherwise complicated entries in the /etc/exports files.
The panel (and the underlying AIX command) provide an option to specify whether you
wish to only update /etc/exports or also export the change to /etc/xtab.

15-40 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Manual NFS client mounting


IBM Power Systems

The showmount command can be used to query the directories


exported by the NFS server.
kenny:/
kenny:/ ## showmount
showmount -e
-e nfs_server
nfs_server
export list for nfs_server:
export list for nfs_server:
/usr/man
/usr/man (everyone)
(everyone)
/data
/data kenny,kyle,eric
kenny,kyle,eric
/home
/home (everyone)
(everyone)

Mounting an NFS server directory:


## mkdir
mkdir /data_client_mnt
/data_client_mnt
## mount
mount nfs_server:/data
nfs_server:/data /data_client_mnt
/data_client_mnt

## df
df /data
/data
Filesystem
Filesystem 512-blocks
512-blocks Free
Free %Used
%Used Iused
Iused %Iused
%Iused Mounted
Mounted on
on
nfs_server:/data 278528
nfs_server:/data 278528 212920 24%
212920 24% 1317
1317 6% /data_client_mnt
6% /data_client_mnt

Predefined mounts can also be defined using smit mknfsmnt.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-32. Manual NFS client mounting AN123.1

Notes:
The showmount command is useful for viewing which directories are available for mounting
on a particular NFS server. To mount an NFS directory, first create a directory point and
then issue the mount command, as shown in the visual.
Syntax: mount <NFS_server_name>:<server mount point> <client directory mount
point>

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Predefined NFS client mounting


IBM Power Systems

smit mknfsmnt
Add
Add aa File
File System
System for
for Mounting
Mounting
** Pathname
Pathname of
of mount
mount point
point [/data_client_mnt]
[/data_client_mnt] //
** Pathname
Pathname of
of remote
remote directory
directory [/data]
[/data]
** Host
Host where
where remote
remote directory
directory resides
resides [nfs_server]
[nfs_server]
** Security
Security method
method [sys]
[sys] ++
** Mount
Mount now,
now, add
add entry
entry to
to /etc/filesystems
/etc/filesystems oror both?
both? Both
Both ++
** /etc/filesystems
/etc/filesystems entry
entry will
will mount
mount the
the directory
directory no
no ++
on
on system
system restart.
restart.
** Mode
Mode for
for this
this NFS
NFS file
file system
system read-write
read-write ++
** Attempt mount in foreground or background
Attempt mount in foreground or background background
background ++
** Mount
Mount file
file system
system soft
soft or
or hard
hard hard
hard
Note:
Note: Many
Many options
options removed
removed for
for clarity.
clarity.

/etc/filesystems
/data_client_mnt:
/data_client_mnt:
dev
dev == "/data"
"/data"
vfs
vfs == nfs
nfs
nodename
nodename == nfs_server
nfs_server
mount
mount == false
false
options
options == bg,hard,intr,sec=sys
bg,hard,intr,sec=sys
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-33. Predefined NFS client mounting AN123.1

Notes:
Predefined mounts are NFS mounts which are defined in /etc/filesystems for ease of use
when manual mounting or to enable remote file systems to be mounted during system start
time.
Key options are:
Security Method: Possible values are: sys, dh, krb5, krb5i, krb5p, which correspond to
Unix, DES, Kerberos 5, Kerberos 5 with integrity, and Kerberos 5 with privacy. The
default NFS security used in most implementations is standard Unix (sys). The other
methods are used in special situations where authentication and encryption is required.
These methods are supported by a new version of NFS, NFS version 4. NFS v4 is not
the default version used in AIX and is a large complex topic which is outside the scope
of this class but may wish to refer to the following IBM Redbook Implementing NFSv4 in
the Enterprise: Planning and Migration Strategies, available at:
http://www.redbooks.ibm.com/abstracts/sg246657.html.
Mode: Read-write or read-only.

15-42 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Attempt mount in: Values: background (default) or foreground


If the attempt to mount the directory fails, the mount will be retried in the background. If
foreground is selected, the mount request stays in the foreground even, if the mount
request fails.
Mount type: Values: hard or soft
If the mount is soft, the system returns an error if the server does not respond. If the mount
is hard, the client continues trying until the server responds. The hard mount is the default.
When a hard mount is selected, an extra option is included in /etc/filesystems: intr. The intr
option allow signals to interrupt an NFS call. This is useful for aborting an NFS mount
process when the server does not respond.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Virtual Network Computing


IBM Power Systems

VNC is a free graphical desktop sharing system which uses the RFB
protocol to remotely control another computer.
It is popular in both UNIX and Windows systems.

VNC viewer
eg. UltraVNC VNC traffic
realVNC
tightVNC
VNC AIX
Server

Can also be tunneled


over an ssh
connection for
improved security

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-34. Virtual Network Computing AN123.1

Notes:
Virtual Network Computing (VNC) is a graphical desktop sharing system which uses the
RFB (remote framebuffer) protocol to remotely connect to another host/server. It
transmits the keyboard and mouse events from one host to another, relaying the graphical
screen updates back in the other direction, over a network.
VNC is platform-independent. A VNC viewer on any operating system connects to a VNC
server, running in this case, on AIX. Multiple clients may connect to the VNC server at the
same time. Popular uses for this technology include remote technical support and
accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti Research Laboratory in Cambridge, United
Kingdom. The original VNC source code and many modern derivatives are open source
under the GNU General Public License.

15-44 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

VNC configuration
IBM Power Systems

In order to set up a VNC server on AIX, install vnc and zlib from the AIX
Toolbox for Linux Applications.
Start a VNC session by typing:
Note: The TCP/IP port
vncserver :<port number> started is actually
## vncserver
vncserver :33
:33 5933. The 59 is
New
New 'X' desktop is
'X' desktop is neo:33
neo:33 implied and is not
required to connect.
Starting
Starting applications
applications specified
specified in
in //.vnc/xstartup
//.vnc/xstartup
Log
Log file
file is
is //.vnc/neo:33.log
//.vnc/neo:33.log

To access the AIX desktop VNC session from:


UNIX, type: # vncview neo:33 (requires Xwindows environment)
PC VNC viewer

Also, access can be done through a web browser over http


URL: http://neo:5833
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-35. VNC configuration AN123.1

Notes:
To run VNC on AIX, install the following filesets from the AIX Toolbox for Linux Applications
CD. No further configuration is required.
# lslpp -l |egrep -i "vnc|zlib)"
freeware.vnc.rte 3.3.3.2 COMMITTED Virtual Network Computing
freeware.zlib.rte 1.1.3.2 COMMITTED Data compression library
zlib is a library of compression routines.
When a VNC session is started, two TCP/IP ports are opened, 59<number> and
58<number>. The 59 port must be used for the vncviewer application. The 59 prefix is
generally not required. It is implied and hard coded into the viewer application. The 58 port
is used to access VNC over http. To connect in the way, the full port number (including 58)
must be supplied.

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. What are the following used for?


a. /etc/rc.tcpip
b. ssh
c. VNC
d. /etc/services

2. What is multipath routing and why should we use it?

3. How can we disable the FTP protocol on AIX?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-36. Checkpoint AN123.1

Notes:

15-46 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

TCP/IP
implementation

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-37. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 15. TCP/IP networking 15-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Define TCP/IP layering terminology
Describe the TCP/IP startup flow on AIX
Configure Virtual LANs
Describe IP addressing
Configure TCP/IP basic functions on AIX
IP configuration, routing, aliasing
Explain how Ports and Sockets are used
Use standard TCP/IP facilities
Log in to another system
Transfer files
Run commands
Configure NFS
Set up VNC
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 15-38. Unit summary AN123.1

Notes:

15-48 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Unit 16. Introduction to workload partitions

What this unit is about


This unit provides an introduction to workload partitioning.

What you should be able to do


After completing this unit, you should be able to:
Explain nature and purpose of workload partitions (WPARs)
Create and activate a basic system WPAR
Describe the role of WPAR manager

How you will check your progress


Checkpoint questions
Machine exercises

References
Online AIX Version 7.1 IBM Workload Partitions for AIX
SG24-7559 AIX Version 6.1 Differences Guide (Redbook)
SG24-7656 Workload Partition Management in IBM AIX Version
6.1 (Redbook)
Note: References listed as Online are available at the following address:
http://publib.boulder.ibm.com/infocenter/systems/index.jsp

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Explain nature and purpose of workload partitions (WPARs)
Create and activate a basic system WPAR
Describe the role of WPAR manager

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-1. Unit objectives AN123.1

Notes:

16-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Workload partition overview


IBM Power Systems

Workload partitions (WPARs) enable consolidation of


applications to a single AIX system with application isolation:
Data isolation
IPC isolation
Separate configuration (has own /etc directory)
Resource controls to avoid dominating resources

Global environment AIX System

Hosting AIX system (AIX 6 or later)


Workload
Owns and allocates physical resources Partition
Workload
Partition
Defines and manages WPARs Application
Server
Billing

Workload
WPARs appear as AIX instances Partition
Workload Test
Have own daemons and services Partition Workload
Web Partition
Have own IP addresses Server BI

Have own file systems


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-2. Workload partition overview AN123.1

Notes:
Introduction
Workload Partition (WPAR) is a software-based virtualization feature introduced in AIX
6 that will provide new capabilities to reduce the number of AIX operating system
images that need to be maintained when consolidating multiple workloads on a single
server. WPARs provide a way for clients to run multiple applications inside the same
instance of an AIX operating system, while providing security and administrative
isolation between applications. WPARs complement logical partitions and can be used
in conjunction with logical partitions if desired. WPAR can improve administrative
efficiency by reducing the number of AIX operating system instances that must be
maintained. WPAR can increase the overall utilization of systems by consolidating
multiple workloads on a single system, and is designed to improve cost of ownership.
Global environment
Workload partitions are created within standard AIX system. The global environment
the hosting part of the AIX system and it does not belong to any workload partition. The

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

global environment is what you are working with when you login to the IP address of the
AIX system, as opposed to the IP address of one of the contained WPARs.
This global environment executes within a dedicated LPAR or physical system. The
global environment owns all physical resources of the LPAR: network adapters, disks
adapters, disks, processors, memory. It allocates CPU and memory resources to the
workload partitions. It provides them access to the network and storage devices.

16-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Comparing WPARs to LPARs for consolidation


IBM Power Systems

Rapid provisioning

Can have thousands of WPARs per AIX system

Less resource needed per AIX instance

Less work to maintain AIX software

Lower AIX licensing costs

Can use older hardware (POWER4 or later)


Provides dynamic CPU and memory sharing
Provides Live Application Mobility (using WPAR Manager)

Common kernel presents a potential single point of failure


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-3. Comparing WPARs to LPARs for consolidation AN123.1

Notes:
WPARs provide unique partitioning values.
Smaller number of OS images to maintain
Performance efficient partitioning through sharing of application text and kernel data
and text
Fine-grain partition resource controls
Simple, lightweight, centralized partition administration
WPARs enable multiple instances of the same application to be deployed across partitions.
Many WPARs running DB2, Web Sphere, or Apache in the same AIX image
Greatly increases the ability to consolidate workloads because often the same
application is used to provide different business services
Enables the consolidation of separate discrete workloads that require separate
instances of databases or applications onto a single system or LPAR

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Reduced costs through optimized placement of work loads between systems to yield
the best performance and resource utilization
WPAR technology enables the consolidation of diverse workloads on a single server
increasing server utilization rates.
Hundreds of WPARs can be created. Far exceeding the capability of other partitioning
technologies.
WPARs support fast provisioning and fast resource adjustments in response to
normal/unexpected demands. WPARs can be created, and resource controls modified,
in seconds.
WPAR resource controls enable the over-provisioning of resources. If a WPAR is below
allocated levels, the unused allocation is automatically available to other WPARs.
WPARs can be migrated to another partition in response to normal shift in or
unexpected change in demand.
WPARs enable development, test, and production cycles of one workload to be placed on
a single system.
Different levels of applications (production1, production2, test1, test2) can be deployed
in separate WPARs.
Quick and easy roll out or roll back to production environments
Reduced costs through the sharing of hardware resources
Reduced costs through the sharing of software resources such as the operating
system, data bases, and tools

16-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Default WPAR network configuration


IBM Power Systems

WPAR name used as host name and its name resolution as the IP address.
IP address defined as alias on en0 in global environment.
Can customize network configuration for WPAR.
WPARs only see their own IP address in configuration.
Packets with destination address of WPAR are routed to that WPAR by global
environment.

glob_env
10.47.110.1/16
glob_env:
glob_env: ## ifconfig
ifconfig en0
en0 || egrep
egrep en0|inet0
en0|inet0
en0: Workload
en0:
inet Partition: wpar1
inet 10.47.110.1
10.47.110.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255
inet 10.47.33.1/16
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255

en0 (net)
wpar1:
wpar1: ## ifconfig
ifconfig en0
en0 || egrep
egrep en0|inet0
en0|inet0
en0:
en0:
inet
10.47.0.0
inet 10.47.33.1
10.47.33.1 netmask
netmask 0xffff0000
0xffff0000 broadcast
broadcast 10.47.255.255
10.47.255.255

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-4. Default WPAR network configuration AN123.1

Notes:
The network connection for a WPAR is implemented using the network alias feature on the
global environment level's physical or virtual network interface. The network alias is a
standard feature that is used to implement an IP address for each WPAR. By using an IP
address that is different from the hosting global environment, the applications can move
form system to system while keeping the same IP address.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

WPAR resource control


IBM Power Systems

Mainly controls CPU and memory allocation


Target percentage of system resources:
WPAR that wants more and is below target gets high priority
WPAR that is over target gets low priority

W1 W2 W3
20 shares 30 shares 50 shares
20% 30% 50%

Limit percentages of system resources


Maximum limits can restrict resources
Minimum limits will guarantee resources

min normal soft Hard


limit range max max
limit limit
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-5. WPAR resource control AN123.1

Notes:
Resource allocation control for each WPAR is performed by the global administrator, to
prevent a resource hungry WPAR from negatively impacting the performance of other
WPARs.
There are two approaches of specifying CPU and memory allocation:
Share-based target percentage.
Each workload partition receives its part of the specified resource, according to the ratio of
its own share to the sum of shares of all currently active workload partitions.
Limit percentages.
There are three parameters that should be specified:
Minimum percentage is the minimum amount of a resource that a WPAR is guaranteed
to have available at all times.
Soft maximum percentage is the maximum amount of a resource that a WPAR can
have when multiple WPARs contend for that type of resource. If there is a sufficient

16-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty amount of that type of resource available, and resource contention does not occur, the
WPAR can exceed this limit.
Hard maximum percentage is the maximum amount of a resource that a WPAR can
ever have. Even if there is a sufficient amount of that type of resource available, and
resource contention does not occur, the WPAR cannot exceed this limit.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System versus application WPARs


IBM Power Systems

System WPARs
Self contained, virtual AIX instance
Own init process hierarchy including system service daemons
Such as network services (for example: Telnet and ssh)
Private copies of system file systems
Has own configuration, users, and more
Persistent and independent of the application processes
Can be stopped and restarted
Has restricted access to devices and storage
Application WPARs
Application launched using WPAR
Shares global process, device, and system file systems environment
WPAR stops when application process stops
Both types
Allow resource controls
Can use Live Application Mobility (with WPAR Manager)
Have own IP address for client access
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-6. System versus application WPARs AN123.1

Notes:
System WPAR
System workload partitions are autonomous virtual system environments with their own
private root file systems, users and groups, login, network space, and administrative
domain.
The systems administrator accesses the WPAR through the administrator console or
through regular network tools such as telnet or ssh. Inter-process communication for a
process in a WPAR, is restricted to those processes in the same WPAR.
System workload partitions are complete virtualized OS environments, where multiple
services and applications run. It takes longer to create a system WPAR compared to an
application WPAR, as it builds its own file systems. A system WPAR is removed only when
requested. It has its own root user, RBAC privileges, and system services like inetd, cron,
syslog, and so on.
A system WPAR does not share writable file systems with other workload partitions or the
global environment.

16-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Application WPAR


An application filesystem is set up to host only a single application or process. It provides
an AIX runtime environment that is suitable for execution of one or more processes that
can be started from a single command. As soon as the command exits, the workload
partition is also automatically terminated (or shut down).
An application WPAR shares the file system of the global environment. It does not own
any dedicated storage.
An application WPAR can run daemons, but it will not run any of the system service
daemons such as inetd, cron, or srcmstr.
It is not possible to remotely log in to an application partition or remotely execute an
action into an application WPAR.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

System WPAR process space


IBM Power Systems

root@global_env /: ps -eaf |grep E rcmstr|315476


Global Environment
errdemon UID PID PPID C STIME TTY TIME CMD
init
xmwlm /etc/init
root 1 0 0 Jun 29 - 0:00 /etc/init
syncd root 204946 1 0 Jun 29 - 0:00 /usr/sbin/srcmstr
cron root 282812 315476 0 Jul 03 - 1:57 /usr/bin/xmwlm -L
root 315476 204946 0 Jul 03 - 0:00 /etc/init
biod srcmstr root 348392 315476 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 315476 0 Jul 03 - 0:01 /usr/sbin/cron
portmap
rpc.statd
syslogd inetd
Others
PID=1
init
PID=315476 /etc/init
# root@wpar1 /: ps ef
UID PID PPID C STIME TTY TIME CMD wpar1
root 1 0 0 Jul 03 - 0:00 /etc/init cron
root 233674 348392 0 Jul 03 - 0:00 /usr/sbin/inetd wmwlm
root 241740 348392 0 Jul 03 - 0:00 /usr/sbin/syslogd srcmstr
root 258278 348392 0 Jul 03 - 0:00 /usr/sbin/portmap biod
root 266444 348392 0 Jul 03 - 0:00 /usr/sbin/biod 6 Others
root 282812 1 0 Jul 03 - 1:55 /usr/bin/xmwlm -L
portmap inetd rpc.statd
root 307220 1 0 23:06:20 ? 0:00 clogin wpar1
root 348392 1 0 Jul 03 - 0:00 /usr/sbin/srcmstr
root 364660 1 0 Jul 03 - 0:01 /usr/sbin/cron syslogd

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-7. System WPAR process space AN123.1

Notes:
The visual shows an example of the processes structure in a system workload partition,
and its interaction with the global environment.
The global srcmstr daemon starts a process that will act as the WPARs init process,
parenting all other processes in the WPAR. Within the WPAR the PID of this process is
virtualized to appear as PID 1, just like the init process in the global environment.
Each system workload partition has its own inittab file, so that it appears to be a
stand-alone operating system. The WPAR init parents a standard set of processes
including its own srcmstr and inetd. Having its own inetd daemon means that each system
WPAR can have its own telnetd or sshd to allow someone to log into the WPAR
environment and receive an interactive shell prompt for that environment.

16-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System WPAR file systems space


IBM Power Systems

{sys02_p2} / # mount
AIX global Node mounted mounted over vfs date options
environment -------- -------------- --------------- ------ ------------ ----------
/dev/hd4 / jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd2 /usr jfs Aug 27 14:05 rw,log=/dev/hd8
/dev/hd9var /var jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd3 /tmp jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/hd1 /home jfs Aug 27 14:06 rw,log=/dev/hd8
/proc /proc procfs Aug 27 14:06 rw
/dev/hd10opt /opt jfs Aug 27 14:06 rw,log=/dev/hd8
/dev/fslv01 /wpars/wpar1 jfs2 Sep 03 14:55 rw,log=INLINE
/dev/fslv02 /wpars/wpar1/home jfs2 Sep 03 14:55 rw,log=INLINE
/opt /wpars/wpar1/opt namefs Sep 03 14:55 ro
/proc /wpars/wpar1/proc namefs Sep 03 14:55 rw
/dev/fslv03 /wpars/wpar1/tmp jfs2 Sep 03 14:55 rw,log=INLINE
/usr /wpars/wpar1/usr namefs Sep 03 14:55 ro
/dev/fslv04 /wpars/wpar1/var jfs2 Sep 03 14:55 rw,log=INLINE

{wpar1} / # mount
System WPAR Node mounted mounted overvfs date options
-------- ------------- --------------- ------ ------ ---------
Global / jfs2 Sep 03 14:55 rw,log=INLINE
Global /home jfs2 Sep 03 14:55 rw,log=INLINE
Global /opt namefs Sep 03 14:55 ro
Global /proc namefs Sep 03 14:55 rw
Global /tmp jfs2 Sep 03 14:55 rw,log=INLINE
Global /usr namefs Sep 03 14:55 ro
Global /var jfs2 Sep 03 14:55 rw,log=INLINE

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-8. System WPAR file systems space AN123.1

Notes:
The visual shows an example of the default storage model of a system WPAR. The system
WPAR includes the creation of a base directory. This base directory is the root of the chroot
system WPAR environment. By default, the path to this base directory is
/wpars/<name_of_wpar> in the global environment.
From the global environment, the file systems and mount points associated with the system
WPAR, are seen as being located within a WPAR-specific sub-directory tree of the global
environment (for example, /wpars/wparname/).
From within the WPAR, the file systems are seen as being rooted at /.
By default the WPAR /usr and /opt file systems are shared with the global environment
(read only). Alternatively, if the application requires read/write access to these directories,
the WPAR can have its own non-shared copies. However, this will significantly increase the
time required to create, backup, or restore the WPAR.
Other WPAR file systems such as /, /home, /tmp and /var are real read-write filesystems
and dedicated to the workload partition.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The private red-write file systems can also be hosted through NFS. NFS provides one way
that the private file systems can be shared between departure system and an arrival
system when implementing Live Application Mobility to move WPARs from box to box
(LPAR to LPAR).

16-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System WPAR storage and device access


IBM Power Systems

Storage access:
Default: Accessed through mounts defined by global administrator
Global admin can export virtual SCSI or Fibre Channel attached disks
Global admin can export Fibre Channel adapters
WPAR can directly administer LVM and file system on exported devices

Device access:
Can only access devices permitted by global environment
Permits a limited set of safe pseudo devices, such as /dev/null,
/dev/zero, /dev/random, and /dev/tty
Forbids devices that could bypass isolation, such as /dev/mem or
/dev/kmem
Default: Cannot load kernel extensions (cannot make devices available)
Global admin can identify a list of kernel extensions which the WPAR can
load
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-9. System WPAR storage and device access AN123.1

Notes:
Direct access to storage devices allows a WPAR more control over its storage. A WPAR
with an exported storage device can define its own volume groups, logical volumes, and file
systems and have more control over the management of that space.
Another advantage of WPAR storage device access is the ability to support Live
Application Mobility (LAM) without placing the private file systems on an NFS server. The
private file systems can be made sharable by using a SAN disk managed by the WPAR.
The ability to export FC attached devices to a WPAR was introduced in AIX 6.1 TL03. The
ability to exporting virtual SCSI disks and FC adapters was introduced in AIX 7 and AIX 6.1
TL6. (If updating an AIX system to AIX6.1 TL6, you must explicit install the new base fileset
wio.vscsi; a smit update_all operation will not install it.)
Staring with AIX 7, the AIX global administrator can identify kernel extensions (KE) that
may be loaded by a WPAR. A process inside the WPAR would need to handle the KE
loading. This solves a problem that prevented some applications form running in a WPAR
environment. WPARs which load kernel extensions can not be relocated using Live
Application Mobility.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Types of system WPARs


IBM Power Systems

Default environment: AIX maintenance in global, sync WPARs


Detached: WPAR does AIX maintenance, must match global
SAN based rootvg WPAR used to allow mobility without NFS

Shared /usr Private /usr

Private system file


systems defined by Default
global environment
Detached WPAR
system WPAR
(rootvg or NFS)

Private system file


systems defined by Detached
WPAR on an
rootvg WPAR
rootvg WPAR
exported disk

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-10. Types of system WPARs AN123.1

Notes:
In the default system WPAR environment, the /usr file system is shared with the global
environment and is accessed through a read-only mount. This reduces the overhead of
defining the WPAR and reduces the time needed to build the WPAR. It also reduces the
AIX software maintenance effort, since we only need to update the global copy of the
software and then synchronize the WPARs to the new level.
A detached WPAR has its own private read-write copy of the /usr filesystem. This provides
the WPAR with the flexibility of installing and maintaining its own software that may not be
needed in the Global environment or by other WPARs. The down side is that we lose the
benefits that are provided by the default configuration. Since the WPAR is still using a
shared kernel, if the WPAR maintenance is not matched to the level of the kernel, the
WPAR could become unusable.
A rootvg WPAR stores the private filesystems on a disk that has been exported to the
WPAR. The advantage of a rootvg WPAR is that the disk can be located on a SAN and
shared between departure and arrival system using Live Application Mobility.

16-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty By default, the rootvg is not a detached WPAR; In other words, while most filesystems will
be on the exported disk, the /usr file system will still be read-only and shared with the global
environment.
The rootvg WPAR can be defined as a detached WPAR, in which case all of its filesystems
are stored on the exported disk.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Versioned WPAR
IBM Power Systems
Detached WPAR running old AIX release in a compatibility environment
Requires separate LPPs:
AIX5.2 WPARs for AIX7
AIX5.3 WPARs for AIX7

AIX 7 Global Environment (LPAR)

Native VWPAR
Native
WPAR AIX52
VWPAR
Native VWPAR
WPAR Native
WPAR
WPAR

CRE Native OS Support


Native system calls + new compatibility syscalls
AIX 7 Kernel
CRE = Compatibility Runtime Environment
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-11. Versioned WPAR AN123.1

Notes:
AIX 5.2 LPARs cannot run on POWER7 hardware. To allow applications that are only
certified for this withdrawn AIX level, versioned WPARs provide a path to move off old
equipment to the newer POWER7 hardware.
To allow this, AIX7 provides a Compatibility Runtime Environment for WPARs where the
commands and libraries used by the WPAR do not have to match the level of the common
kernel. This support is provided by a licensed program product called AIX 5.2 Workload
Partitions for AIX7 that only runs on a POWER7 platform.
The AIX 5.2 environment has renewed limited software support (AIX 5.2 without this is no
longer serviced). The versioned WPAR also benefits from sharing the AIX7 kernel which
provides benefits of: SMT4, micro partitioning, Virtual I/O Server support, Live Partition
Mobility, Live Application Mobility (with WPAR Manager), and more.
Most applications should run in this environment. But there are exceptions (see the
production documentation). A proof of concept study is recommended before committing to
use a versioned WPAR.
Note: The support for versioned WPARs has also been extended to AIX version 5.3
systems, requiring a license for the AIX 5.3 WPARs for AIX 7 LPP.

16-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Basic system WPAR commands


IBM Power Systems

Create a system WPAR: Global:


Global: ## mkwpar
mkwpar n
n wpar1
wpar1
Defines the workload partition
Creates and loads system file systems

Global:
Global: ## startwpar
startwpar wpar1
wpar1
Start a system WPAR:
Mounts file systems, imports device
Starts WPAR init process
Global:
Global: ## stopwpar
stopwpar [F]
[F] wpar1
wpar1
Stop a system WPAR:
wpar1:
wpar1: ## shutdown
shutdown F
F
Remove a system WPAR:
Global:
Global: ## rmwpar
rmwpar wpar1
wpar1

List status of the WPARs:


Global:
Global: ## lswpar
lswpar
A: Active
D: Defined
For more extensive WPAR training attend: AN17
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-12. Basic system WPAR commands AN123.1

Notes:
The system WPAR creation takes the longest to complete because it not only defines new
file systems, it also clones the global filesystem contents into them. But this is still
significantly less time than installing AIX into an LPAR, because (by default) the /usr
filesystem is shared with the global environment and does not need to have its content
cloned into a WPAR private filesystem.
The displayed commands are the bear essentials. Each of them has many additional
options to customize device access, filesystems access, resource controls, network
configuration, ability to save and clone configuration details, and more. For more
information, see the man pages for the commands.
There are additional commands (not covered in this course) that provide additional abilities
including the ability to modify a WPAR, backup and restore a WPARs private filesystems,
and more.
For a more complete training in using AIX workload partitions, attend AN17 AIX Workload
Partitions Installation and Management.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Application WPARs
IBM Power Systems

Isolate individual applications


Create and run
Light weight; quick to create and remove
Created with wparexec command
# wparexec -n MyAppWpar /start_myapp
Removed when stopped Stop and remove
Stopped when the application finished
File systems and device resources are shared with the global environment
System daemons and services shared with global environment
Does not provide standard network services

Children processes automatically part of WPAR


Has IPC isolation from other WPARs
Has WPAR resource controls
Has network support for connecting to the application
Can be relocated to another server (using WPAR Manager)
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-13. Application WPARs AN123.1

Notes:
Application workload partitions do not provide the highly virtualized system environment
offered by system workload partitions, rather they provide an environment for segregation
of applications and their resources to enable resource control, some isolation, and (with
WPAR Manager) application checkpoint, restart, and relocation.
The Application WPAR represents an envelope around a specific application process or
processes which provides the manageability and some of the isolation that a system
WPAR provides. Since it uses the global environment system file system and device
resources, it is light weight, quick to create and remove, and does not take a lot of
resources. On the other hand this prevents separate configuration and reduces the
isolation.
Once the application process or processes are finished, the WPAR is stopped.
There are no login capabilities for the user. If you need to access the application, you must
use an application provided mechanism.
All file systems are shared with the global environment. If an application is using devices, it
will use global environment devices.

16-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Workload Partition Manager overview


IBM Power Systems

Provides centralized management of WPARs


WPAR Manager components: Browser
WPAR Manager plug-in to Systems Director
WPAR Manager subagent on managed LPAR

Functions: IBM Systems Director


Basic lifecycle administration
Create, view, modify, start, stop, remove
WPAR Manager
Advanced management Plug-in
Agent Manager
Static and live relocation
Checkpoint, restart
Automated relocation,
policy driven LPAR X
Monitoring, performance LPAR Y Common Agent
reporting Common Agent WPAR sub-agent
WPAR sub-agent
Global load balancing
WPAR A WPAR B WPAR C
Recovery WPAR1 WPAR2 WPAR3

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-14. Workload Partition Manager overview AN123.1

Notes:
IBM Workload Partition (WPAR) Manager for AIX is a platform management solution that
provides a centralized point of control for managing workload partitions or WPARs, across
a collection of managed systems running AIX.
It is an optional product, part of the IBM Systems Director family, designed to facilitate the
management of WPARs and application mobility. WPAR Manager also provides advanced
features such as policy-based mobility for the automation of WPAR relocation, based on
current performance state.
WPAR Manager is a separate chargeable licensed program product; it is not part of AIX.
Additional training on the installation, configuration and use of the IBM Workload Partition
(WPAR) Manager for AIX product is available in the course AN74.

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint
IBM Power Systems

1. True or False: Workload partitions require POWER7 systems.

2. What are the two types of workload partitions?

3. What command builds and starts an application workload partition?

4. True or False: Live Application Mobility (LAM) requires that the WPAR
private file systems reside on an NFS server.

5. True or False: By default, a system WPAR has shared read-only


access to the /usr file system in the global environment.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-15. Checkpoint AN123.1

Notes:

16-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Exercise
IBM Power Systems

Introduction to
workload partitions

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-16. Exercise AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Unit 16. Introduction to workload partitions 16-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Explain nature and purpose of workload partitions (WPARs)
Create and activate a basic system WPAR
Describe the role of WPAR manager

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure 16-17. Unit summary AN123.1

Notes:

16-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Appendix A. Printers and queues

What this unit is about


This unit describes the concepts behind the AIX print spooling
mechanisms in AIX 6.1.

What you should be able to do


After completing this unit, you should be able to:
Describe the purpose and the benefits of a queuing system
Identify the major components that are responsible for processing
a print request
Add a printer queue and device under different circumstances
Submit jobs for printing
View the status of the print queues

How you will check your progress


Checkpoint questions

References
Online AIX 6.1 System Management Guide
Online AIX 5L Version 5.3 Guide to Printers and Printing

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit objectives
IBM Power Systems

After completing this unit, you should be able to:


Describe the purpose and the benefits of a queuing system
Identify the major components that are responsible for
processing a print request
Add a printer queue and device under different circumstances
Submit jobs for printing
View the status of the print queue

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-1. Unit objectives AN123.1

Notes:

A-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX 6.1 printing environments


IBM Power Systems

Print subsystems:
AIX print subsystem
System V print subsystem

Print directly to a local printer device.

Print directly to a remote printer through a socket program.

Infoprint Manager, or similar advanced print management


system

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-2. AIX 6.1 printing environments AN123.1

Notes:

Introduction
The visual gives an overview of the different approaches that can be taken to printing
under AIX 5L and later. In the next two visuals, System V printing is compared to the
traditional AIX print subsystem. The remainder of this unit will focus on using the AIX
print subsystem.

Note

You can use either the AIX print subsystem or the System V print subsystem. They will not
run concurrently.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Print directly to a local printer device


This is the simplest form of printing. If your printer is directly attached to a serial or
parallel port on the local machine, it is possible to print by sending a file directly to the
device. For example:
# cat /home/karlmi/myfile > /dev/lp0
In this approach, you lose the ability to serialize (spool) print requests. Only one user
may print at a time. On the other hand, if a printer is dedicated to one use, this may be a
good solution. Examples might be logging to a printer, or printing checks.

Print directly to a remote printer through a socket program


This is similar to printing to a device driver, except that in this case, you are sending the
output to a program which makes a connection to the printer over the network.

Print using the System V print subsystem


In this environment, files to be printed are sent to the System V print service daemon,
lpsched, using the lp or lpr commands. The print service daemon serializes the jobs,
so they will be printed in the order in which they were submitted. The print service may
filter the file to format the data so that it matches the types of data acceptable to the
printer. The print service then sends files, one at a time, to the interface program, which
may do additional filtering before sending the file to the local printer driver or network
printing application.

Print using the AIX print subsystem


In this environment, files to be printed are sent to the AIX print spooler daemon,
qdaemon, using any of the AIX print commands (enq, qprt, lp, or lpr). The spooler
daemon serializes the jobs. The spooler sends jobs, one at a time, to programs that
may filter the data, before sending it to the local printer driver or network printing
application.

Print using IBMs Infoprint Manager (or similar advanced print


management system)
Infoprint Manager provides serialization and filtering similar to the System V or AIX print
subsystems. In addition, it adds extra capabilities of security, customization, and control
not provided by either System V printing or AIX printing. For additional information, refer
to the Infoprint Manager Web site:
http://www.printers.ibm.com/internet/wwsites.nsf/vwwebpublished/ipmaix_ww

A-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

AIX print subsystem: Advantages


IBM Power Systems

Powerful and flexible printer drivers

System management tools:


Limits fields and options validation
Easy printer customization
Single step print device and queue creation

Customizable spooling subsystem

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-3. AIX print subsystem: Advantages AN123.1

Notes:

Powerful and flexible printer drivers


AIX printer drivers provide many printing options that can be easily controlled using
command line options to the qprt command. Printer defaults can be easily managed
using SMIT or the command line.

System management tools


The AIX print subsystem includes mature and powerful system management using
either the Web-based System Manager or SMIT, as well as the command line. Some
specific system management advantages using the AIX print subsystem are:
Limits fields and options validation
Gives the user or administrator a range of valid values for print options and
prevents the user from using an invalid value
Easy printer customization

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Printers can be customized using menu selections or command line options.


Under System V printing, customizing printers often requires a knowledge of
shell programming.
Single step print device and queue creation
Under System V printing, you must first add a print device and then create the
print queue.

Customizable spooling subsystem


The AIX print subsystem is specifically designed so that it can be used to serialize other
types of jobs beyond just printing.

A-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System V print subsystem: Advantages


IBM Power Systems

Compatibility

Availability of interface programs

Security

Support for forms

Standard PostScript filters

Long term strategy

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-4. System V print subsystem: Advantages AN123.1

Notes:

Compatibility
System administrators with experience in other UNIX variants that use System V
printing, will find it easy to manage printing under AIXs System V print subsystem.

Availability of interface programs


Many printer manufacturers provide interface shell scripts to support using their
products under System V printing. Usually, only minor modifications are required for
individual UNIX variations. Because the AIX print subsystem is proprietary, an interface
program written for another operating system cannot be used in the AIX print
subsystem. It must be completely rewritten. This has led to a limited number of printers
supported under AIX. With the support of System V printing in AIX 6.1, it is easier for
manufacturers to include support for AIX printing.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Security
Controlling user access to printers can be an important issue. For example, you might
need to limit access to the printer used to print checks. System V printing includes
built-in capabilities for restricting user access to certain printers. Using the AIX print
subsystem, the backend program must be customized to restrict user access.

Support for forms


If you are printing to preprinted forms, its important that other users not be able to print
while the expensive forms are loaded on the printer. The System V print subsystem
provides a mechanism for mounting forms on printers, and allowing or denying, user
access based on the form which is mounted. To provide this capability under AIX
printing, you must create multiple queues and manage which queues are enabled while
a form is mounted.

Standard PostScript filters


The System V print subsystem includes a number of filters for converting different file
formats to PostScript. Some formatting and page selection capabilities are also
included.

Long term strategy


IBMs long term printing strategy for AIX is to maintain compatibility with other UNIX
systems. This means that new features and functions are added to the System V print
subsystem in later releases, while the AIX print subsystem is supported, but not
enhanced in future releases.

A-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Concepts of queues
IBM Power Systems

file1
Queue1
file1

file2

.
file2 .

file3
/dev/lp0

Queue2
file3
file4
file4
/dev/lp1
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-5. Concepts of queues AN123.1

Notes:

Purpose for queues


The purpose of the queuing system is to maintain a queue of jobs that are waiting for
their turn to run (that is, use some system resource, like a printer or the CPU). The
AIX 6.1 queuing system performs this function.

Benefits of queues
The queues also give control to the system administrator over the queuing mechanism.
Therefore, the system administrator can perform tasks like canceling jobs on queues,
changing priorities of jobs, and so forth.
A queue enables the sharing of resources in an ordered fashion.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The diagram above illustrates three important issues:


One print queue can point to a number of printers (and it is the job of the qdaemon
to determine the next available printer to print on), for example, Queue1.
Users may submit their jobs to a number of different queues.
A printer can have a number of different queues pointing to it, for example, the
printer /dev/lp1 is accessed by both Queue1 and Queue2.

A-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Printer data flow


IBM Power Systems
# qprt -Pps [-c] file
print request

lp lpr qprt
enq
copy of file (if requested)
Queue
Spool
monitors directory
qdaemon uses spool file
(if it exists)
starts
Backend Virtual Printer
(piobe) Definition

submits file to
printer

/dev/lp0
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-6. Printer data flow AN123.1

Notes:

Print request
Local printing is implemented through a queuing mechanism. The user can issue one of
the printer commands qprt, lp, lpr, or enq to submit a print job. Although a user can
use any one of these four commands, the true entry point to the spooler is the enq
command which is responsible for processing the job request, creating a job description
file (JDF), and notifying the qdaemon of the new job.

The qdaemon
The qdaemon process runs at all times. The qdaemon maintains a list of all of the defined
queues and monitors the queues for newly submitted jobs. qdaemon tries to process the
job if the destination device is available, otherwise the job remains in the queue and
qdaemon tries again later.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Queueing system process


The flow of the queuing system shown in the visual:
The printing command calls enq. enq checks to see if the requested queue name is a
valid queue and all of the parameters are correct. If so, it continues, if not, an error
message is returned to the user.
An entry is made in the /var/spool/lpd/qdir directory identifying the job to be run. If the
printer command uses an option to indicate that a copy of the file is to be made, the
copy is placed in the spool directory /var/spool/qdaemon.
The qdaemon is notified of a new job in its qdir directory.
When the queue is ready for the job, the qdaemon reads information from the
/etc/qconfig file describing the queue.
The qdaemon updates the /var/spool/lpd/stat file for the appropriate queue to show that
the queue is now working on a new job.
The qdaemon starts the back-end program, passing the file names and appropriate
options on the command line.
The back-end determines the correct data stream characteristics, and merges these
with the actual file. The data stream characteristics are stored as virtual printer
definitions in the /var/spool/lpd/pio/@local directory.
The back-end program sends its data stream to the device driver for the appropriate
printer.

What happens when a file is spooled?


When a file is spooled, a copy of that file is sent to the print spool directory,
/var/spool/qdaemon. The copy remains in that directory until it is printed. This means
that if you spool a file to the printer, a user could continue to make revisions to the
original since the copy in the print spool directory will not be altered. This ensures that
the file that is sent to the printer gets printed in its original form, even if a user edits the
original file that is on disk. Spooled files take up disk space in /var until they are printed.
When a file is queued, one line of information is sent to the /var/spool/lpd/qdir
directory which points back to the original file on disk. If revisions are made to the file on
disk before it is pulled from the queue to print, the revised file is printed.

A-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

System files associated with printing


IBM Power Systems

/etc/qconfig Queue configuration files

/var/spool/* Spooling directories

/var/spool/lpd/qdir/* Queue requests

/var/spool/qdaemon/* Temporary enqueued files

/var/spool/lpd/stat/* Line printer status information

/var/spool/lpd/pio/@local Virtual printer directories

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-7. System files associated with printing AN123.1

Notes:

Print related files and directories


The system files and directories used for printing include:
The /etc/qconfig file describes the queues and devices available for use by the
printing commands.
The /var/spool directory contains files and directories used by the printing
programs and daemons.
The /var/spool/lpd/qdir directory contains information about files queued to
print.
The /var/spool/qdaemon directory contains copies of the files that are spooled
to print.
The /var/spool/lpd/stat directory is where the information on the status of jobs is
stored. It is used by the qdaemon and backend programs.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The /var/spool/lpd/pio/@local directory holds virtual printer definitions. This is


where the attributes of printers are paired with the attributes of corresponding
data stream types.
It is recommended that SMIT be used to update these device-related files. In most
cases, updating standard system files is not recommended.

A-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

qdaemon
IBM Power Systems

Manages queues

Is started in the /etc/inittab file

Invokes the back-end programs

Optionally records accounting data

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-8. qdaemon AN123.1

Notes:
qdaemon introduction
The qdaemon program schedules jobs that have been enqueued. It is a background
process that is usually started at system IPL through the startsrc command run from
/etc/inittab.
qdaemon is controlled by the /etc/qconfig file. /etc/qconfig contains a stanza for each
queue. The stanza identifies any queue management options and points to a queue
device stanza, which identifies the destination printer, the formatting options, and the
back-end program.
The back-end program
The back-end program is called by qdaemon to actually process each request. The
back-end program is determined by how the printer is connected to the AIX system. For
local printing, the back-end program is /usr/lib/lpd/piobe. For a remote printer, it is
/usr/lib/lpd/rembak.
The back-end program uses printer attribute information to prepare the printer and
format the data for output. It also prints header and trailer pages, if they are enabled.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The /etc/qconfig file


IBM Power Systems
lp0: * One queue pointing to one device
device = lp0dev
up = TRUE
discipline = fcfs
lp0dev:
file = /dev/lp0
backend = /usr/lib/lpd/piobe
header = group
trailer = never
feed = never
lpq: * One queue pointing to two devices
device = lpqdev1,lpqdev2
lpqdev1:
file = /dev/lp1
backend = /usr/lib/lpd/piobe
lpqdev2:
file = /dev/lp2
backend = /usr/lib/lpd/piobe
ps: * Two queues pointing to one device
device = psdev
psdev:
file = /dev/lp3
backend = /usr/lib/lpd/piobe
asc:
device = ascdev
ascdev:
file = /dev/lp3
backend = /usr/lib/lpd/piobe

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-9. The /etc/qconfig file AN123.1

Notes:

Introduction
The /etc/qconfig file is an attribute file. Some stanzas in this file describe queues, and
other stanzas describe devices. Every queue stanza requires that one or more device
stanzas immediately follow it in the file.
This file is the key to customizing the queues. Although the file can be edited directly, it
is recommended that it be changed through high-level commands or through SMIT.

Queue stanza
This starts with the queue name, which can be up to 20 characters, followed by a colon.
The queue name is used by the person submitting a job to indicate the requested
queue. The first queue in the /etc/qconfig file is the default queue, which receives any
job requests submitted without a specific queue name.

A-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty Some of the attributes that can be found in the queue stanza include:
Attribute Definition Default Other
Identifies the symbolic name that refers to
device
the device stanza
discipline Defines the queue serving algorithm fcfs sjn
Identifies the file used to save print
acctfile false filename
accounting information
up Defines the state of the queue TRUE FALSE

Device stanza
The name of a device stanza is arbitrary and can be from one to 20 characters long.
The name is followed by a colon.
The attributes that can be found in the device stanza include:
Attribute Description Default Other
Identifies the special file where the output of
back-end is to be redirected
file FALSE
FALSE indicates no redirection and that the
file name is /dev/null.
Specifies the full path name of the back-end,
backend optionally followed by the flags and
parameters to be passed to it
both (used
Specifies the type of access the back-end for modems
has to the file specified by the file field or backends
access write
This field is ignored if the file field has the needing
value, FALSE. read
capability)
Specifies whether a header page prints always
header never
before each job or group of jobs group
Specifies whether a trailer page prints after always
trailer never
each job or group of jobs group
Specifies either the number of separator
pages to print when the device becomes idle
feed never integer
or the value never, which indicates that the
back-end is not to print separator pages
Specifies whether the back-end sends a
align form-feed control before starting the job, if FALSE TRUE
the printer was idle

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

The device stanza must contain an attribute that designates the back-end program. The
function of the back-end is to manage the printing of the actual job. It also produces the
final data stream that goes to the printer. The most common back-end program for local
printing is piobe.
If different users prefer different default printers, then the PRINTER variable can be set
up, on a per user basis. The PRINTER variable should be set to the queue that the user
wants to be their default queue, for example:
# PRINTER=ps ; export PRINTER

A-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Printer menu
IBM Power Systems

# smit spooler_choice

Print Spooling

Move cursor to desired item and press Enter.

AIX Print Spooling


System V Print Spooling

F1=Help F2=Refresh F3=Cancel F8=Image


F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-10. Printer menu AN123.1

Notes:

Interface to manage spooling


AIX print spooling System V print spooling are supported by SMIT in AIX 6.1. The
Web-based System Manager supports both print spooling systems.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

AIX printer menu


IBM Power Systems

# smit spooler

AIX Print Spooling


Move cursor to desired item and press Enter.

Start a Print Job


Manage Print Jobs
List All Print Queues
Manage Print Queues
Add a Print Queue
Add an Additional Printer to an Existing Print Queue
Change / Show Print Queue Characteristics
Change / Show Printer Connection Characteristics
Remove a Print Queue
Manage Print Server
Programming Tools

Change / Show Current Print Subsystem

F1=Help F2=Refresh F3=Cancel F8=Image


F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-11. AIX printer menu AN123.1

Notes:

SMIT AIX printer menu


The SMIT fastpath to this menu is smit spooler. Printers and print queues can also be
managed using the Web-based System Manager.
The options on this menu are:
Start a Print Job
This option starts a print job by submitting the job to a print queue.
Manage Print Jobs
This option opens a submenu which enables you to cancel jobs, show the status
of jobs, prioritize jobs, hold and release jobs, and move jobs between print
queues.
List All Prinul3t Queues
This option displays a list of all the print queues and their associated printers.

A-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty - Manage Print Queues


You can start and stop print queues, show the status of print queues and change the
system's default print queue.
- Add a Print Queue
This option adds a print queue to the system configuration and creates the
associated queue device and printer device definition, if needed.
- Add an Additional Printer to an Existing Print Queue
This option adds another printer to an existing queue.
- Change/Show Print Queue Characteristics
This option will provide access to screens that enable you to change the printer
setup, default print job attributes, accounting file setup, and queuing discipline.
- Change/Show Printer Connection Characteristics
This option changes or shows printer communication and startup characteristics.
- Remove a Print Queue
This option removes a print queue from the system configuration. It also removes
the associated spooler queue device and printer device definition. If a print queue
has more than one printer associated with it, then all the printers are removed from
the print queue.
- Manage Print Server
This option configures this machine as a print server. Allows you to control which
clients have print access to this machine, list clients with print access, add and
remove clients, and stop and start the server subsystem.
- Programming Tools
This option enables you to access low-level utilities for manipulating databases and
filters.
- Change/Show Current Print Subsystem
Only one of the two print subsystems at the same time can be active. By default,
after installation, the AIX printer subsystem is active.

Other commands
To show the current print subsystem: # switch.prt -d
To change the current print subsystem, you can use either:
-# switch.prt -s AIX
-# switch.prt -d SystemV
To check if binaries are correctly linked, you can use either:
-/usr/bin/lpstat --> /usr/aix/bin/lpstat
-/usr/bin/lpstat --> /usr/sysv/bin/lpstat

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Configuring a printer with a queue


IBM Power Systems
AIX Print Spooling

Move cursor to desired item and press Enter.

Add a Print Queue

Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend

F1=Help F2=Refresh F3=Cancel


F8=Image F10=Exit Enter=Do
/=Find n=Find Next

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-12. Configuring a printer with a queue AN123.1

Notes:

Adding a local print queue


In our example, assume that the printer is directly attached to our AIX system. To
configure a printer attached in this way, choose local.
Some applications contain their own print control mechanisms and thus require that a
printer be configured without a queue. Use the SMIT fastpath smit pdp to define a
printer without a queue.

A-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Selecting a printer type (1 of 2)


IBM Power Systems

AIX Print Spooling

Move cursor to desired item and press Enter.

Printer Type
Move cursor to desired item and press Enter.

Bull
Canon
Dataproducts
Hewlett-Packard
IBM
Lexmark
OKI
Printronix
QMS
Texas Instruments
Other (select this if your printer is not listed above)

F1=Help F2=Refresh F3=Cancel


F8=Image F10=Exit Enter=Do
/=Find n=Find Next

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-13. Selecting a printer type (1 of 2) AN123.1

Notes:

Specify the printer manufacturer


The next selection that has to be made is the printer type. Notice that IBM is only one of
the choices and many other manufacturers are supported as well. Note also that there
is an Other option which will be selected if the printer type is not supported; that is, not
part of the list.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Selecting a printer type (2 of 2)


IBM Power Systems

AIX Print Spooling

Printer Type

Move cursor to desired item and press Enter.

[MORE...8]
ibm2391-2 IBM 2391 Plus printer (Model 2)
ibm3112 IBM 3112 Page Printer
ibm3116 IBM 3116 Page Printer
ibm3130 IBM 3130 LaserPrinter
ibm3812-2 IBM 3812 Model 2 Page Printer
ibm3816 IBM 3816 Page Printer
ibm4019 IBM 4019 LaserPrinter
ibm4029 IBM 4029 LaserPrinter
ibm4037 IBM 4037 LP printer
ibm4039 IBM 4039 LaserPrinter
[MORE...49]

F1=Help F2=Refresh F3=Cancel


Esc+8=Image Esc+0=Exit Enter=Do
/=Find n=Find Next

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-14. Selecting a printer type (2 of 2) AN123.1

Notes:

Select the manufacturers supported printer


If you do not have the software installed for your printer, you are prompted to insert the
media to install the software first, before configuring the device and the queue.
The choice of printer determines the queue, or the virtual printer, setup. For example,
an IBM 4029 Laser Printer is capable of handling PostScript, ASCII, GL Emulation, and
PCL Emulation. The SMIT print spooling menus guide you through the creation of up to
four separate queues which submit to the same printer.

A-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Printer attachment
IBM Power Systems

Printer Interface
Move cursor to desired item and press Enter.

parallel
rs232
rs422

Parent Adapter
Move cursor to desired item and press Enter.

ppa0 Available 01-G0 Standard Parallel Port Adapter

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-15. Printer attachment AN123.1

Notes:

Selecting the printer attachment


After selecting a printer type, a pop-up window is displayed where the printer interface
must be chosen. Possible values are parallel, RS232, and RS422. Some printers
support multiple attachment methods.
Then, a list of installed adapters that support that method of attachment are presented.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Add the print queues


IBM Power Systems

Add a Print Queue

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]

Description IBM 4029 LaserPrinter


Names of NEW print queues to add
ASCII [asc]
GL Emulation []
PCL Emulation []
PostScript [ps]

Printer connection characteristics


* PORT number [p] +
Type of PARALLEL INTERFACE [standard] +
Printer TIME OUT period (seconds) [600] +#
STATE to be configured at boot time available +

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-16. Add the print queues AN123.1

Notes:

Create the print queues


This menu varies depending on the characteristics of the physical printer. If the printer is
capable of two or three different modes or emulations, the system prompts you for a
separate queue name for each emulation. Once these queues are created, they are
sometimes referred to as virtual print devices.
Additional queues can be added to this printer after the initial queues are created.

A-26 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Remote printing
IBM Power Systems

host1 client1
lp1

9 Set up the local print queue.


9 Configure a
9 Define client machines in remote queue.
/etc/hosts.lpd.
9 Start the lpd daemon.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-17. Remote printing AN123.1

Notes:

Overview of print server setup


Once your system has the local queue set up, any user on that system can print. If the
machine is networked, it can also provide printing for client machines by becoming a
print server.
To set up a print server, you need to define the client machine names, or IP addresses,
in the /etc/hosts.lpd file, and then start the lpd daemon. Both of these tasks can be
done through SMIT. To use SMIT, the fastpath to identify the client system is smit
mkhostslpd.
The lpd daemon is controlled by SRC. You should use SMIT to start it, because SMIT
also adds entries to /etc/inittab to ensure that it is started on reboot. The fastpath for
this screen is smit mkitab_lpd.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Client authorization
IBM Power Systems

# smit mkhostslpd

Add Print Access for a Remote Client

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]
* Name of REMOTE CLIENT [client1]
(Hostname or dotted decimal address)

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-18. Client authorization AN123.1

Notes:

Set up client authorization


This step is done on the print server. On this screen, enter the client machine's name or
IP address. A plus sign ( + ) is also valid. It indicates that this AIX system is a print
server to all machines.

A-28 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Start lpd
IBM Power Systems

# smit mkitab_lpd

Start the Print Server Subsystem

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]
Start subsystem now, on system restart, or both [both] +
TRACE lpd daemon activity to syslog? [no] +
EXPORT directory containing print attributes? [no] +

Note:
Exporting this print server's directory
containing its print attributes will allow
print clients to mount the directory. The
clients can use this server's print attributes
to display and validate print job attributes
when starting print jobs destined for this
print server. Note that the Network File
System (NFS) program product must be installed
and running

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-19. Start lpd AN123.1

Notes:

Starting the lpd daemon


This step is done on the print server. The lpd daemon is controlled by the system
resource controller (SRC). The commands startsrc and stopsrc can be used to
control lpd. By using SMIT, an entry is placed in the /etc/inittab file to ensure that lpd
is started each time the machine is booted.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Add a remote print queue


IBM Power Systems

AIX Print Spooling

Move cursor to desired item and press Enter.

Add a Print Queue

Move cursor to desired item and press Enter.Use arrow keys to scroll.
#ATTACHMENT TYPE DESCRIPTION
local Printer Attached to Local Host
remote Printer Attached to Remote Host
xstation Printer Attached to Xstation
ascii Printer Attached to ASCII Terminal
hpJetDirect Network Printer (HP JetDirect)
file File (in /dev directory)
ibmNetPrinter IBM Network Printer
ibmNetColor IBM Network Color Printer
other User Defined Backend

F1=Help F2=Refresh F3=Cancel


F8=Image F10=Exit Enter=Do
/=Find n=Find Next

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-20. Add a remote print queue AN123.1

Notes:

Adding a remote queue on the client


This step is done on the client machine. The procedure to add a remote queue starts
the same way as a local queue: smit spooler > Add a Print Queue. This time, select
remote as the attachment type.
You are prompted to determine if you want to perform any type of filtering or
pre-processing to the print job before it is sent. Normally, Standard Processing is
selected. This just sends the job to the printer server and the print server is responsible
for processing the job.

A-30 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Define the print server on the client


IBM Power Systems

Add a Standard Remote Print Queue

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]
*Name of QUEUE to add [rq1]
*HOSTNAME of remote server [host1]
*Name of QUEUE on remote server [lp1]
Type of print spooler on remote server AIX Version 3 or 4 +
Backend TIME OUT period (minutes) [] #
Send control file first? no +
TO turn on debugging, specify output []
file pathname
DESCRIPTION of printer on remote server []

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-21. Define the print server on the client AN123.1

Notes:

Required input
Only three lines are required to complete the queue set up. You must name your local
(to the client) queue name. Then, provide the name of the printer server. Lastly, name
the queue on the print server.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Lets review
IBM Power Systems

1. True or False: The qdaemon is responsible for printing jobs.

2. To set up remote printing, what daemons are needed, and do


they run on the server, the client, or both?

3. What does the up = TRUE indicate in the /etc/qconfig file?

4. What does discipline mean in reference to the


/etc/qconfig file? What are its possible values?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-22. Let's review AN123.1

Notes:

A-32 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Submitting print jobs


IBM Power Systems

AIX print systems offer compatibility to System V print


commands

To submit a job to a queue:


System V BSD AIX
lp lpr qprt

$ lp -d queuename filename

- OR-

$ qprt -P queuename filename


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-23. Submitting print jobs AN123.1

Notes:

Introduction
There are three sets of commands for submitting, listing and canceling print jobs. They
come from either System V, BSD, or IBM versions of UNIX and are all available in AIX.
The commands have slightly different options.

Submitting a print job


To submit a print job to a queue, use either lp, lpr, or qprt. All jobs go to the system
default queue, unless the PRINTER or LPDEST variables are set. You can also specify, on
the command line, which queue to use. Use -d with lp or use -P with qprt and lpr.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Spooling
The commands lp and qprt both queue without spooling, by default. Specify the -c
option if spooling is desired. The command lpr spools and queues by default. The -c
option will turn off spooling with lpr.

Multiple copies
To print multiple copies, with qprt use the -N # option, with lp use -n # option, and
with lpr use just a hyphen followed by the number of copies ( - # ).
The lp, lpr, and qprt commands create a queue entry in /var/spool/lpd/qdir and,
depending upon the options specified, copy the file to be printed to the
/var/spool/qdaemon directory.

The enq command


All the print commands, lp, lpr, and qprt, actually call the enq command which places
the print request in a queue. enq can be used instead of the other commands to submit
jobs, view job status, and so forth. To submit a job using enq:
$ enq -Pqueuename filename

Requesting a specific printer


Ordinarily your request is serviced by the first device on the queue that becomes
available. However, if more than one printer services a queue, you can request a
specific printer by using the name of the queue followed by a colon (:) and then the
name of the printer. For example, if a system with one queue (ps) is serviced by two
printers (lp0 and lp1), and a print job needs to be printed on the lp1 printer, use the
command:
$ qprt -Pps:lp1 /home/team01/myfile

A-34 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Listing jobs in a queue


IBM Power Systems

To list jobs in a queue:

SYSTEM V BSD AIX


lpstat lpq qchk

For example:
$ qchk
Queue Dev Status Job Files User PP % Blks Cp Rnk
ps lp0 DOWN
QUEUE 569 /etc/motd root 1 1
1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-24. Listing jobs in a queue AN123.1

Notes:

Checking status with the qchk command


Many of the print job control tasks require the user to supply a job number. The job
number, along with other queue status information is available by checking the status of
print jobs.
The fields from the qchk command are as follows:
Queue Queue name
Dev Logical device name for the queue
Status Status of the queue (READY, DOWN, WAITING, RUNNING, and so forth)
Job The job number assigned by the qdaemon
Files Files sent to the queue
User User who sent the print request

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

PP Number of pages printed


% Percent completed
Blks The number of 512-byte blocks the print job has been split into
Cp Copies of each job to be printed
Rnk Order on that queue

Other viewing commands


Other commands that can be used to view printer status include:
lpstat Shows status of all queues
lpq Shows status of the default queue
qchk -A Shows status of all queues
enq -A Shows status of all queues
qchk -W Shows status in wide-form mode
This is helpful if using long queue and device names, and 6-digit job numbers. This option
is available with AIX V4.2.1 and later.

A-36 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Change characteristics of a queue


IBM Power Systems

# smit chpq

Print Queue to Change / Show


Type or select values in entry fields.
Press Enter AFTER making all desired changes.

[Entry Fields]

PRINT QUEUE name [ps] +

Characteristics to Change / Show


Move the cursor to the desired item and press Enter.

1.Printer Setup
2.Default Print Job Attributes
3.Accounting File
4.Queuing Discipline

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-25. Change characteristics of a queue AN123.1

Notes:

Attributes for Printer Setup option


After selecting 1. Printer Setup, the following attributes can be changed or shown:
Automatic mode switching to PostScript
Paper size in trays and the manual feeder
Envelope size
ID of the font cards
Paper trays for header and trailer pages
Formatting flags for the header and trailer pages
Users to get the intervention messages
Flags prohibited for all print files
Mode in which to leave the printer at the end of the job
Width of printable area on header page

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Attributes for Default Print Job option


After selecting 2. Default Print Job Attributes, the following attributes can be changed
or shown:
Text print options such as emphasized print
Job processing options such as page number where printing should begin
Text formatting options such as top Margin and lines per page
Paper/Page Options such as page orientation
Header/Trailer Page such as separator pages
Messages/Diagnostics

Attributes for Accounting File option


After selecting 3. Accounting File, the following attribute can be changed or shown:
Accounting file name

Attributes for Queuing Discipline option


After selecting 4. Queueing Disciple, the following attribute can be changed or shown:
Queuing discipline

A-38 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Removing a queue
IBM Power Systems

# smit rmpq

Remove a Print Queue

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]
Print queue to remove ps:lp0
Local printer device /dev/lp0

KEEP the local printer device? No +

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-26. Removing a queue AN123.1

Notes:

Removing a queue with SMIT


It is not possible to remove a queue containing jobs. The jobs would have to be
removed first.
The last option on the screen asks whether the printer device definition should be kept.
This option will only appear if the queue being removed is the only queue defined for a
printer. Note that by default, it will be removed.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Managing queues
IBM Power Systems

# smit pqmanage

Manage Print Queues

Move the cursor to the desired item and press Enter.

Show Status of Print Queues


Stop a Print Queue
Start a Print Queue
Set the System's Default Print Queue

F1=Help F2=Refresh F3=Cancel F8=Image


F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-27. Managing queues AN123.1

Notes:

SMIT Managing Queues options


The following actions can be performed:
Show Status of Print Queue gives output similar to qchk and lpstat
Stop a Print Queue runs the disable command
Start a Print Queue runs the enable command
Set the System's Default Print Queue reorders the /etc/qconfig file to ensure
the default queue is the first queue in the file

A-40 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Understanding queue status


IBM Power Systems

Queue Dev Status Job Files User PP % Bks Cp Rnk


ps lp0 DOWN
QUEUED 1569 /etc/motd root 1 1 1

State Description
DEV_BUSY Printer is busy servicing other print requests
DEV_WAIT Queue is waiting for the printer
DOWN Queue is down and no jobs will be serviced
from this queue until it is brought up
OPR_WAIT The queue is waiting for operator intervention
QUEUED Job is queued and waiting
READY Everything is ready to receive a print request
RUNNING Print file is printing
UNKNOWN Problem with the queue: Need to investigate
further to determine cause
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-28. Understanding queue status AN123.1

Notes:

Introduction
The status of the queues and jobs can be displayed with qchk, lpstat, or lpq. There
are a number of different status states that may be seen.

DEV_BUSY
This status can occur when more than one queue is defined to a print device and
another queue is currently using the print device. It could result when the qdaemon
attempts to use the printer port device and another application is currently using that
print device. Normal recovery: You have to wait until the queue or application has
released the print device, or kill the job or process that is using the printer port.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

DEV_WAIT
This status means that the queue is waiting on the printer because the printer is offline,
out of paper, jammed, or the cable is loose, bad or wired incorrectly. Normal recovery:
Check to see if the printer is offline, out of paper, jammed, or loosely cabled. Sometimes
the jobs have to be removed from the queue before the problem can be corrected.

DOWN
This status is set when the device driver cannot communicate with the printer after
TIME OUT seconds (which can be set through SMIT). This variable indicates the
amount of time, in seconds, that the queuing system waits for a printer operation. If the
printer is off, the queue will go down. Also, the operator can bring down the queue
intentionally, which might be necessary for system maintenance. Normal recovery:
Correct the problem that has brought the queue down and then bring the queue up
again.

OPR_WAIT
This status is set when the back-end program is waiting on the operator to change the
paper, change forms, and so on. This is usually software related. Normal recovery:
Respond appropriately to the request that is made by the queuing system.

QUEUED
This status is set when a print file is queued and is waiting in line to be printed.

READY
This is the status of a queue when everything involved with the queue is ready to queue
and print a job.

RUNNING
This status occurs when a print file is printing.

UNKNOWN
This status occurs when a user creates a queue on a device file that another queue is
using, and its status is DEV_WAIT. The queue cannot get a status from the printer
device when it is on hold. Normal recovery: Bring down the other queue or fix the
problem with the printer (paper out, jammed, offline and so on). Bring the new queue
down and then back up so that the queue will register as READY.

A-42 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Bringing queues up and down


IBM Power Systems

# lpstat
Queue Dev Status Job Files User PP % Bks Cp
Rnk
draft lp0 DOWN
QUEUED 132 /etc/motd team01 1 1 1
Quality lp0 READY

To enable a queue whose status is DOWN:


# enable draft

To disable a queue whose status is READY:


# disable quality

You must be a member of the printq group or root.


Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-29. Bringing queues up and down AN123.1

Notes:

Enabling a queue
Occasionally, problems with printers can bring a queue down. Once the problem has
been fixed it can be brought back up with:
# enable <queuename>

Disabling a queue
Sometimes, you may wish to bring a queue down. This is recommended if any
maintenance is going to be performed on the printer. You can do this with either of the
commands:
# disable <queuename>
# enq -D -P <queuename>

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Manage Print Jobs


IBM Power Systems

# smit jobs

Manage Print Jobs

Move the cursor to the desired item and press Enter.

Cancel a Print Job


Show the Status of Print Jobs
Prioritize a Print Job
Hold / Release a Print Job
Move a Job between Print Queues

F1=Help F2=Refresh F3=Cancel F8=Image


F9=Shell F10=Exit Enter=Do

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-30. Manage Print Jobs AN123.1

Notes:

Who can manage print jobs?


The root user or a member of the print group can work with any print request. Normal
users can only work with their own print jobs.

A-44 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Cancel a Print Job


IBM Power Systems

# smit qcan

Cancel a Print Job

Type or select values in entry fields.


Press Enter AFTER making all desired changes.

[Entry Fields]
PRINT QUEUE containing job [ ] +
(required for remote jobs)
* Print JOB NUMBER [ ] +#

F1=Help F2=Refresh F3=Cancel F4=List


F5=Reset F6=Command F7=Edit F8=Image
F9=Shell F10=Exit Enter=Do
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-31. Cancel a Print Job AN123.1

Notes:
Introduction
The qcan command cancels either a particular job number or all jobs in a print queue.
Normal users can only cancel their own jobs, whereas root can cancel any job.
Commands to cancel print jobs
To cancel a job you can either use the smit qcan fastpath, or use one of the following
commands:
cancel (System V)
lprm (BSD)
qcan (AIX)
Examples
To cancel job number 127 on whatever queue the job is on, you can use either of the
following two commands:
# qccel 127
To cancel all jobs queued on printer lp0, you can use either of these two commands:
# qcan -X -Plp0
# cancel lp0

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Job priority example


IBM Power Systems

# qchk -L
Queue Dev Status Job Name From To
______ ___ _______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25
1 15 2 1
/etc/qconfig
QUEUED 570 /etc/motd root root
1/07/03 09:40:15 2 15 1 1
/etc/motd

# qpri -#570 -a 25
# qchk -L
Queue Dev Status Job Name From To
______ ___ ______ Submitted Rnk Pri Blks Cp PP %
pslp0 DOWN QUEUED 570 /etc/motd root root
1/07/03 09:40:15 1 25 1 1
/etc/motd
QUEUED 569 /etc/qconfig root root
1/07/03 09:39:25 2 15 2 1
/etc/qconfig
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-32. Job priority example AN123.1

Notes:

Processing order
The discipline line in the /etc/qconfig file determines the order in which the printer
serves the requests in the queue. In the queue stanza, the discipline field can either
be set to fcfs (first-come-first-serve) or sjn (shortest-job-next). If there is no
discipline in the queue stanza, requests are serviced in fcfs order.

Changing print job priority


Each print job also has a priority that can be changed through SMIT (smit qpri) or with
the qpri command. Print jobs with higher-priority numbers are handled before requests
with lower-priority numbers. Only a user who has root authority or who belongs to the
printq group can change the priority of a local print request.

A-46 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty
Note

You can only set priorities on local print jobs. Remote print jobs are not supported.

The qprt -R command can also be used to set job priority.

Example
The example in the visual shows that when print jobs are submitted they receive the
default priority of 15. The example shows how the qpri command can be used to
change the priority of job number 570 to 25. Use the qchk -L command to show the
new job priorities.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Holding a job in a queue


IBM Power Systems

# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1

# qhld -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
HELD 1493 /etc/qconfig root 1 1 1

# qhld -r -#1493
# qchk
Queue Dev Status Job Files User PP% Blks Cp Rnk
ps lp0 DEV_BUSY
QUEUED 1493 /etc/qconfig root 1 1 1
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-33. Holding a job in a queue AN123.1

Notes:

Holding and releasing a print job


The qhld command is used to put a temporary hold on a job that is waiting in the
queue. The qhld command is also the command that is used to release job back in the
queue.
The visual provides a example of using the qhld command to hold and then release job
# 1493.
This task can also be accomplished through smit (smit qhld).

A-48 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Moving a job between queues


IBM Power Systems

# qchk -A

Queue Dev Status Job Files User PP% Blks Cp Rnk


asc lp0 DOWN
QUEUE 11 /etc/qconfig root 2 1 1
ps lp0 READY

# qmov -mps -#11


# qchk -A

Queue Dev Status Job Files User PP% Blks Cp Rnk


asc lp0 DOWN
ps lp0 RUNNING 11 /etc/qconfig root 2 1 1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-34. Moving a job between queues AN123.1

Notes:

Moving print jobs


You can move jobs between queues in AIX. The command qmov is used. The -m option
specifies what queue to move the job to and the -# option specifies the job number.
This can be done through smit using smit qmov.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Printing-related directories to monitor


IBM Power Systems

var

spool

lpd
qdaemon

qdir

Contains queue requests Temporary copies of enqueued


(job description files) files if spooling

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-35. Printing-related directories to monitor AN123.1

Notes:

Why directories may fill up


The directories shown in the visual fill up very quickly if the spooling mechanism
encounters a problem. For example, if the queue goes down, or if there are many users
submitting jobs, there may not be enough room to handle the requests.
Remember, when print jobs are submitted to spooling rather than just queuing, a copy
of that file is created and stored in the /var/spool/qdaemon directory until that job has
printed. At that time, the temporary file is removed. If the queue or multiple queues quit
working, jobs don't get through the system. This could cause a full condition in this
directory structure.

A-50 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Printing problem checklist


IBM Power Systems

# cat file > /dev/lp0


Any output?

NO YES
Check hardware Check software

9 Check physical cables 9 qdaemon running


9 Printer online and ready 9 Check /etc/qconfig
9 No paper jams 9 Queue enabled
9 Not out of paper 9 /var and /tmp not full

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-36. Printing problem checklist AN123.1

Notes:

First step
If you experience problems trying to print, start by checking the simple things first.
The easiest test to perform is to cat a file and redirect standard output to the printer
device file. This by-passes the queuing system and helps to narrow the problem.

Check hardware
After redirecting a file to the print device, if it does not print, the problem is usually
hardware-related. Check to make sure the cables are attached securely. Make sure the
printer is ready to print (online). Make sure there is paper in the printer and there are no
paper jams.

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Potential software problems


If something does print out using cat but not print out when using lp, qprt, or lpr, the
problem is most likely software-related.
Check to make sure the qdaemon is running. If not, start it.
# lssrc -s qdaemon
# startsrc -s qdaemon
Look at the contents of /etc/qconfig to make sure it is not corrupt.
Ensure the queue is enabled. If not, enable it.
# lpstat
or
# qprt -A
# enable queuename
Check to make /tmp and /var are not full with the command: df

A-52 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Checkpoint (1 of 2)
IBM Power Systems

1. True or False: One of the advantages of queues is that each user can
have a different default queue set up for them.

2. True or False: The /etc/qconfig file is read by the back-end


program to determine what the queue discipline is.

3. True or False: All printer software is automatically installed when you


install the base operating system.

4. What is the difference between these two commands?


# qprt -Pasc file1
# qprt -c -Pasc file1

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-37. Checkpoint (1 of 2) AN123.1

Notes:

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Checkpoint (2 of 2)
IBM Power Systems

5. What three methods can be used to find out what the system default
queue is?
a.
b.
c.

6. What users can bring print queues down?

7. True or False: Once the queue is down, no more jobs can be


submitted to the printer.

8. Can users hold all their print jobs in a specific queue? If so, how?

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-38. Checkpoint (2 of 2) AN123.1

Notes:

A-54 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

Uempty

Unit summary
IBM Power Systems

Having completed this unit, you should be able to:


Describe the purpose and the benefits of a queuing system
Identify the major components that are responsible for
processing a print request
Add a printer queue and device under different circumstances
Submit jobs for printing
View the status of the print queue

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Figure A-39. Unit summary AN123.1

Notes:
Queues can be added for local or remote printing.
Queue characteristics can be changed either through SMIT or through high-level
commands.
Queues can be brought up and down by the system administrator.
The following tasks were considered:
- Submit and cancel print jobs
- List the jobs in a queue
- Hold and release jobs in a queue
- Move a job from one queue to another
- Change priorities of a print job

Copyright IBM Corp. 2009, 2013 Appendix A. Printers and queues A-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

A-56 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Appendix B. Checkpoint solutions

Unit 1, "Introduction to IBM Power Systems, AIX, and system


administration"

Solutions for Figure 1-18, "Checkpoint," on page 1-24

Checkpoint solutions
IBM Power Systems

1. What is the name of the device which creates and controls LPARs?
The answer is the HMC.

2. True or False: An AIX operating system can have no real devices.


The answer is true.

3. True or False: Virtualization features provided by the VIO Server can


be used by default on any Power system.
The answer is false. Lower end machines require a PowerVM license.

4. True or False: The su command enables you to get root authority even
if you signed on using another user ID.
The answer is true. You must also know the root password.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-1


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 2, "AIX system management tools"

Solutions for Figure 2-24, "Checkpoint," on page 2-34

Checkpoint solutions
IBM Power Systems
1. List the three main system management tools available on AIX.
a. SMIT
b. WebSM
c. IBM Systems Director console for AIX
The answers are SMIT, WebSM, and IBM Systems Director console for AIX.

2. What is the purpose of the smit.script file?


The answer is to obtain the commands SMIT has just executed.

3. What information can one get from looking at the system configuration details
in IBM Systems Director Console?
a. Firmware/model information
b. File system information
c. Paging space information
d. A list of top CPU logging processes
e. Network configuration, IP address, and so on
The answers are firmware/model information, file system information, paging
space information, a list of top CPU logging processes, and network
configuration, IP address, and so on.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-2 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 3, "System startup and shutdown"

Solutions for Figure 3-19, "Checkpoint," on page 3-26

Checkpoint solutions
IBM Power Systems

1. What is the first process that is created on the system and which file
does it reference to initiate all the other processes that have to be
started?
The answer is the initial process is init. The file init references is
/etc/inittab for information regarding other processes that have to
be started.

2. Which AIX feature can be used to stop and start subsystems and
groups of daemons?
The answer is the System Resource Controller (SRC).

3. True or False: You can only execute the AIX shutdown command
from the console.
The answer is false.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-3


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 4, "AIX installation"

Solutions for Figure 4-26, "Checkpoint," on page 4-30

Checkpoint solutions
IBM Power Systems

1. AIX 7 can be installed from which of the following? (Select all that are
correct.)
a. 8 mm tape
b. CD-ROM
c. Diskette
d. NIM server
The answers are CD-ROM and NIM server.

2. True or False: A preservation install preserves all data on the disks.


The answer is false. It preserves some of the existing data on the disk
selected for installation. This method overwrites the user (/usr),
variable (/var), temporary (/tmp), and root (/) file systems. Other
product application files and configuration data are destroyed.

3. What is the console used for during the installation process?


The answer is the console is used to display all the system messages
and to interact with the installation.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-4 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 5, "AIX software installation and maintenance"

Solutions for Figure 5-27, "Checkpoint," on page 5-34

Checkpoint solutions
IBM Power Systems
1. Which of the following states must your software be in, in order for you to be
able to use it? (Select all that apply.)
a. Applied state
b. Removed state
c. Install state
d. Commit state
The answers are Applied state and Commit state.
2. What command is used to list all installed software on your system?
The answer is lslpp l or L.
3. Which of the following can you install as an entity? Select all that apply.
a. ifix
b. LPP
c. Package
d. Bundle
The answer is they all apply.
4. True or False: If a problem is found with the inetd subsystem, it is possible to
download and apply a fix to the bos.net.tcpip.server fileset in AIX to
correct the problem.
The answer is false.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-5


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 6, "System configuration and devices"

Solutions for Figure 6-18, "Checkpoint," on page 6-23

Checkpoint solutions
IBM Power Systems

1. What does the following location code mean?


fcs0
fcs0 U78A0.001.DNWGGRX-P1-C3-T1
U78A0.001.DNWGGRX-P1-C3-T1 4Gb
4Gb FC
FC PCI
PCI Express
Express Adapter
Adapter

The answer is port 1 of a 4 Gb Fibre Card, connected to planar 1, card slot 3,


in Power 550 CEC (U78A0).

2. What is the purpose of a device major number? How would you locate the
major number of a disk, hdisk18?
The answers are the AIX kernel can determine the actual driver and device to
be accessed for a user-level request. Perform a long directory list of the /dev
directory.

3. True or False: cfgmgr is a binary executable that runs at system initialization


time to configure devices on the system.
The answer is true.

4. What commands can you run on AIX to document the system configuration?
The answers are prtconf, lsdev, lscfg, lsslot, and lsattr.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-6 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 7, "System storage overview"

Solutions for Figure 7-20, "Checkpoint (1 of 3)," on page 7-30

Checkpoint solutions (1 of 3)
IBM Power Systems

5. Volume group
1. Volume group___
Descriptor area__
VGDA 6. Physical volume

2. Physical partition

3. Logical partition

4. Logical volume
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-7


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Solutions for Figure 7-21, "Checkpoint (2 of 3)," on page 7-31

Checkpoint solutions (2 of 3)
IBM Power Systems

7. How many different physical partition (PP) sizes can be set within a single
VG?
The answer is one.

8. By default, how big are PPs?


The answer is traditionally 4 MB, but LVM chooses an optimal size based on
the number of PPs/PV and the size of largest PV in the VG.

9. How many volume groups (VGs) can a physical volume (PV) belong to?
a. It depends on what you specify through SMIT
b. Only one
c. As many VGs as exist on the system
The answer is only one.

10. True or False: All VGDA information on your system is identical, regardless of
how many VGs exist.
The answer is false. All VGDAs within a VG are the same.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-8 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Solutions for Figure 7-22, "Checkpoint (3 of 3)," on page 7-32

Checkpoint solutions (3 of 3)
IBM Power Systems

Use the following output to answer the questions below:


## lsfs
lsfs
Name
Name Nodename
Nodename Mount
Mount PtPt VFS
VFS Size
Size Options
Options Auto
Auto Accounting
Accounting
/dev/hd4
/dev/hd4 --
-- // jfs2
jfs2 294912
294912 -- -- yes
yes no
no
/dev/hd1
/dev/hd1 --
-- /home
/home jfs2
jfs2 32768
32768 --
-- yes
yes no
no
/dev/hd2
/dev/hd2 --
-- /usr
/usr jfs2
jfs2 3309568
3309568 ---- yes
yes no
no
/dev/hd9var
/dev/hd9var --
-- /var
/var jfs2
jfs2 65536
65536 --
-- yes
yes no
no
/dev/hd3
/dev/hd3 --
-- /tmp
/tmp jfs2
jfs2 131072
131072 -- -- yes
yes no
no
/dev/hd10opt
/dev/hd10opt ---- /opt
/opt jfs2
jfs2 163840
163840 -- -- yes
yes no
no
/dev/cd0
/dev/cd0 --
-- /infocd
/infocd cdrfs
cdrfs ro
ro yes
yes no
no
/dev/lv00
/dev/lv00 --
-- /home/john
/home/john jfs2
jfs2 32768
32768 rw
rw yes
yes no
no
/dev/hd11admin
/dev/hd11admin --
-- /admin
/admin jfs2
jfs2 262144
262144 -- -- yes
yes no
no

11. With which logical volume is the /home file system associated?
The answer is /dev/hd1.
12. What types of file systems are being displayed?
The answers are enhanced journaled file systems (JFS2) and CD-ROM (CDRFS).
13. What is the mount point for the file system located on the /dev/hd4 logical volume?
The answer is /.
14. Which file system is used primarily to hold user data and home directories?
The answer is /home.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-9


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 8, "Working with the Logical Volume Manager"

Solutions for Figure 8-41, "Checkpoint," on page 8-49

Checkpoint solutions
IBM Power Systems

1. True or False: A logical volume can span more than one physical
volume.
The answer is true.
2. True or False: A logical volume can span more than one volume
group.
The answer is false.
3. True or False: The contents of a physical volume can be divided
between two volume groups.
The answer is false.
4. True or False: If mirroring logical volumes, it is not necessary to
perform a backup.
The answer is false. You still need to back up to external media.
5. True or False: Striping can be combined with mirroring to provide
increased performance and availability
The answer is true.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-10 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 9, "File systems administration"

Solutions for Figure 9-24, "Checkpoint (1 of 2)," on page 9-29

Checkpoint solutions (1 of 2)
IBM Power Systems

1. Does the size of the file system change when the size of the logical volume it
is on is increased?
The answer is no.

2. If you remove a file system, is the logical volume on which it sits removed as
well?
The answer is yes.

3. When a file system is created, what needs to be done in order to make it


available for use?
The answer is the file system must be mounted using the mount command.

4. What size should an external JFS log be set to?


The answer is 1 LP.

5. True or False: SMIT can be used to easily increase or decrease the size of
an enhanced JFS filesystem.
The answer is true.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-11


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Solutions for Figure 9-25, "Checkpoint (2 of 2)," on page 9-30

Checkpoint solutions (2 of 2)
IBM Power Systems

6. A file system is 2 GB. How would you do the following?


a. Add 1 GB
The answer is chfs a size=+1G <file system>.
b. Set the size to 5 GB
The answer is chfs a size=5G <file system>.

7. What command can you use to determine if a file system is full?


The answer is df.

8. What command can produce a report listing the size (in MB) of all the
files and directories contained in a specific location?
The answer is du.

9. What command checks and interactively repairs inconsistent file


systems?
The answer is fsck.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-12 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 10, "Paging space"

Solutions for Figure 10-13, "Checkpoint," on page 10-20

Checkpoint solutions
IBM Power Systems

1. What conclusions regarding potential paging space problems can you reach
based on the following listing?
Page
Page Physical
Physical Volume
Volume Size
Size %Used
%Used Active
Active Auto
Auto Type
Type chksum
chksum
Space
Space Volume
Volume Group
Group
hd6
hd6 hdisk0
hdisk0 rootvg
rootvg 640
640 MB
MB 43%
43% yes
yes yes
yes lv
lv 00
paging00
paging00 hdisk1
hdisk1 rootvg
rootvg 640
640 MB
MB 7%
7% yes
yes yes
yes lv
lv 00
paging01
paging01 hdisk1
hdisk1 rootvg
rootvg 160
160 MB
MB 89%
89% yes
yes yes
yes lv
lv 00

The answer is the information provided is not enough to fully analyze the
situation; however, at first glance, here are the potential problems:
a. paging00 is underutilized.
b. paging01 is over utilized, and the size seems to be too small. Both user-defined
paging spaces are on the same disk.
c. paging01 should be deleted. The administrator should investigate why there is a
high level of paging and possibly increase the size of hd6 and paging00.

2. True or False: The size of paging00 (in the above example) can be
dynamically decreased.
The answer is true.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-13


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 11, "Backup and restore"

Solutions for Figure 11-24, "Checkpoint," on page 11-34

Checkpoint solutions
IBM Power Systems

1. What is the difference between the following two commands?


a. find /home/fred | backup -ivf /dev/rmt0
b. cd /home/fred; find . | backup -ivf /dev/rmt0
The answer is the first command backs up the files using the full path names,
whereas the second command backs up the file names using the relative
path names. Therefore, the second commands files can be restored into any
directory.

2. On a mksysb tape, what command would you use to restore individual files
from a mksysb tape?
The answer is either # restorevgfiles f /dev/rmt0 <path to
file> or # restore s 4 f /dev/rmt0.1 <path to file>.

3. True or False: smit mksysb backs up all file systems, provided they are
mounted.
The answer is false. mksysb only backs up rootvg file systems. To back up
other volume groups, you must use the savevg command.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-14 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 12, "Security and user administration: Part one"

Solutions for Figure 12-35, "Checkpoint (1 of 2)," on page 12-51

Checkpoint solutions (1 of 2)
IBM Power Systems

1. If the following command was run, what would the file


permissions be for file1: chmod 6754 file1
The answer is r w s r w- r - -.

2. A binary executable with the SUID flag set is owned by user root.
User michael executes the binary. The executable runs under
which user, root or michael?
The answer is root.

3. A shared directory is created on the system. What flag must be


set to ensure only the owner of the files can delete them?
The answer is SVTX of sticky bit.

4. Why is a umask of 027 recommended?


The answer is this value removes all permission bits for the
others category, which enhances security.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-15


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Solutions for Figure 12-36, "Checkpoint (2 of 2)," on page 12-52

Checkpoint solutions (2 of 2)
IBM Power Systems

5. What is the difference between the commands pwdadm and passwd?


The answer is a member of security group can use pwdadm to reset a
different users password, but only root can use passwd for this
purpose.

6. Which command can be used to change the default attributes for


users?
The answer is chsec f /etc/security/user s default \
a attribute=value.

7. True or False: When you delete a user from the system, all the users
files and directories are also deleted.
The answer is false.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-16 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 13, "Security and user administration: Part two"

Solutions for Figure 13-21, "Checkpoint (1 of 2)," on page 13-33

Checkpoint solutions (1 of 2)
IBM Power Systems

1. If an ordinary user forgets their password, can the system administrator find
out by querying the system as to what the users password was set to? Why
or why not?
The answer is no. The passwords are held in encrypted format, therefore
even the system administrator cannot tell what the password was set to.

2. True or False: An asterisk (mary:*:) in the second field of the


/etc/passwd file means there is a valid password set in the shadow
password file for user mary.
The answer is false.

3. Password restrictions are set in which of the following files?


a. /etc/passwd
b. /etc/security/passwd
c. /etc/security/restrictions
d. /etc/security/user
The answer is /etc/security/user.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-17


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Solutions for Figure 13-22, "Checkpoint (2 of 2)," on page 13-34

Checkpoint solutions (2 of 2)
IBM Power Systems

4. True or False: Enhanced RBAC comes with several


predefined roles.
The answer is true.

5. True or False: Once a user is assigned a role, the user


immediately can use the related authorizations.
The answer is false.

6. What is the command that will list your assigned roles?


The answer is lsrole.

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-18 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 14, "Scheduling and time"

Solutions for Figure 14-17, "Checkpoint," on page 14-25

Checkpoint solutions
IBM Power Systems

1. True or False: The at.allow and at.deny files must be used to


specify which users are allowed and denied use of the at command.
The answer is false. Only one or the other of these files should be
used.

2. Give a crontab entry that would specify that a job should run every
Thursday at 10 past and 30 minutes past every hour.
The answer is 10,30 * * * 4 <job>.

3. How would you schedule a script named myscript to run 10 minutes


from now?
The answer is:
# at now + 10 minutes
myscript
^d
#
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-19


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Unit 15, "TCP/IP networking"

Solutions for Figure 15-36, "Checkpoint," on page 15-46

Checkpoint solutions
IBM Power Systems

1. What are the following used for?


a. /etc/rc.tcpip
The answer is starts TCP/IP daemons (sendmail, inetd, and so on).
b. ssh
The answer is to login or run command on a remote machine (securely).
c. VNC
The answer is to use a remote graphical display on a local desktop
machine.
d. /etc/services
The answer is to store server side ports of TCP/IP applications.

2. What is multipath routing and why should we use it?


The answer is multipath routing allows us to specify multiple paths to
hosts and gateways for load balancing and high availability.

3. How can we disable the FTP protocol on AIX?


The answer is comment out the ftp line in /etc/inetd.conf and
refresh the inetd daemon.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-20 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Unit 16, "Introduction to workload partitions"

Solutions for Figure 16-15, "Checkpoint," on page 16-22

Checkpoint solutions
IBM Power Systems
1. True or False: Workload partitions require POWER7 systems.
The answer is false. Requires POWER4 or later.

2. What are the two types of workload partitions?


The answers are system and application.

3. What command builds and starts an application workload partition?


The answer is wparexec.

4. True or False: Live Application Mobility (LAM) requires that the WPAR private
file systems reside on an NFS server.
The answer is false. LAM requires that the private file systems be accessible
to both systems. They can either be on an NFS server or, if using a rootvg
WPAR, be placed on a shared fiber-attached SAN disk.

5. True or False: By default, a system WPAR has shared read-only access to


the /usr file system in the global environment.
The answer is true.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-21


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Appendix A, "Printers and queues"

Solutions for Figure A-22, "Let's review," on page A-32


ets review solution
IBM Power Systems
True or False: The qdaemon is responsible for printing jobs.
The answer is false. The printer back-end is responsible for printing. The
qdaemon manages jobs in queue. The qdaemon hands the jobs off to the
back-end for printing.
To set up remote printing, what daemons are needed, and do they run on the
server, the client, or both?
The answer is qdaemon and lpd on the server qdaemon only on the client.
What does the up = TRUE indicate in the /etc/qconfig file?
The answer is it means the queue is accepting jobs. If it were FALSE, the
user would be notified that the queue is not accepting jobs.
What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
The answer is discipline is read by qdaemon to determine the sorting
order for jobs in the queue. The values supported are fcfs (first come first
server) and sjn (shortest job next).

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Lets review solution


IBM Power Systems
1. True or False: The qdaemon is responsible for printing jobs.
The answer is false. The printer back-end is responsible for printing. The
qdaemon manages jobs in queue. The qdaemon hands the jobs off to the
back-end for printing.
2. To set up remote printing, what daemons are needed, and do they run on the
server, the client, or both?
The answer is qdaemon and lpd on the server qdaemon only on the client.
3. What does the up = TRUE indicate in the /etc/qconfig file?
The answer is it means the queue is accepting jobs. If it were FALSE, the
user would be notified that the queue is not accepting jobs.
4. What does discipline mean in reference to the /etc/qconfig file?
What are its possible values?
The answer is discipline is read by qdaemon to determine the sorting
order for jobs in the queue. The values supported are fcfs (first come first
server) and sjn (shortest job next).

Copyright IBM Corporation 2009, 2013. All Rights Reserved.


US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-22 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2
Student Notebook

AP Solutions for Figure A-37, "Checkpoint (1 of 2)," on page A-53

Checkpoint solutions (1 of 2)
IBM Power Systems

1. True or False: One of the advantages of queues is that each user can have a
different default queue set up for them.
The answer is true. This can be accomplished using the PRINTER
environment variable.

2. True or False: The /etc/qconfig file is read by the back-end program to


determine what the queue discipline is.
The answer is false. It is read by qdaemon.

3. True or False: All printer software is automatically installed when you install
the base operating system.
The answer is false. Only a handful of printer software is installed by default.

4. What is the difference between these two commands?


# qprt -Pasc file1
# qprt -c -Pasc file1
The answer is the -c flag produces a spool file.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

Copyright IBM Corp. 2009, 2013 Appendix B. Checkpoint solutions B-23


Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Notebook

Solutions for Figure A-38, "Checkpoint (2 of 2)," on page A-54

Checkpoint solutions (2 of 2)
IBM Power Systems

5. What three methods can be used to find out what the system default queue
is?
a. The first entry in the /etc/qconfig file
b. The output from the qchk command with no options
c. The first queue listing from the lpstat command
The answers are the first entry in /etc/qconfig file, the output from the
qchk command with no options, and the first queue listing from the lpstat
command.
6. What users can bring print queues down?
The answer is the root user or members of the printq group.

7. True or False: Once the queue is down, no more jobs can be submitted to the
printer.
The answer is false. Jobs can be submitted to the queue. However, they will
not be printed until the queue is brought up again.
8. Can users hold all their print jobs in a specific queue? If so, how?
The answer is yes, they can by only specifying a queue name and not
individual job numbers.
Copyright IBM Corporation 2009, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp

B-24 AIX Implementation and Administration Copyright IBM Corp. 2009, 2013
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V8.2

backpg
Back page

You might also like