User and Group Administration - Part 2

GROUP ADMINISTRATION

Few Restrictions on the Group Name:

1. Group names cannot start with the below signs:

• Dash or minus sign (-).
• Plus sign (+)
• At symbol (@)
• Tilde (~)

2. Groups cannot be named ALL or default, as these names are reserved for the AIX OS.
 
3. Group names cannot include :

• Colon (:)  
• Quotation marks—single or double (' or ")
• Pound or hash sign (#)
• Comma (,)
• Equal sign (=)
• Slashes—back or forward (\ or /)
• Question mark (?)
• Back quote or tick (`)
• White space (space or tab)
• New-line characters

4.  Group names can have max. 8 characters in AIX V 5.2 or earlier. Starting with AIX 5.3, you can have a
max. of 255 characters.



Now let us look at the configuration files for groups.


/etc/group :

This file contains the basic group configuration details in the following format.

Group Name : Password Flag : GID : User(s)

where
Password Flag - This field is not used in AIX.
GID                 - Group ID is the unique identification number for every group. 0 is the gid for system group.
User(s)             - List of users belonging to the group

/etc/security/group :

This file contains the extended attribtues for the groups.
Here are the parameters used in this file.

adms  - List of users with admin rights to ths group
admin - If set to true, this group will have administrative rights.

There are 4 main commands used in the administration of group :

mkgroup - Add a group
chgroup - Change an attribtue of a group
lsgroup  - List the attribtues of a group
rmgroup - Remove a group

These words can also be used as fastpaths for smitty.

For example, # smitty mkgroup will open a form to create a group.

For doing the whole group administration, you can use

# smitty group and go thru the menu items for various operations.


Now let us see the commands to administrate groups ...

1. To create a group called dba :

# mkgroup dba

2. To create a admin group called admin1 :

# mkgroup -a admin1

3. To create dba group and add jack as the admin :

# mkgroup adms=jack dba

4. To change the members of dba group, you can use any of the below commands :

# chgroup users=jack,tom,michelle dba

# chgrpmem dba

# chgrpmem -m + raja dba

5. To remove the membership of a user from the dba group :

# chgrpmem -m - jack dba

6. To add a user as admin for the dba group :

# chgrpmem -a + raja dba

7. To remove the group administrator :

# chgrpmem -a - raja dba

8. To list the attributes of a group :

# lsgroup dba

9. To remove a group from the system :

# rmgroup test

User and Group Administration - Part 1

USER ADMINISTRATION

Few Restrictions on the User Name:

1. User names cannot start with a

• dash or minus sign(-)
• plus sign (+)
• At symbol (@)
• Tilde (~)

 2. User names cannot include

• colon (:)
• single or double quotation marks( ' or ")
• hash symbol (#)
• comma (')
• equal sign
• Back or forward Slashes ( \ or /)
• Question mark (?)
• Back quote (`)
• White space (space or tab)

3. User names cannot be names ALL or default. Becoz those names are reserved for the AIX OS.

4. User names can have max. 8 characters in AIX V 5.2 or earlier. Starting with AIX 5.3, you can have a

max. of 255 characters. You can change this setting by using the below command,

# chdev -l sys0 -a max_logname=255

To view the setting, use any of the below commands

# lsdev -l sys0 -a max_logname
# getconf LOGIN_NAME_MAX

Configuration Files:

/etc/passwd :

        Contains the basic user configuration details like user name, password flag, uid, gid, gecos (description), home directory, shell.

/etc/security/.profile :

It is the template for the user's .profile file. It has been copied to the user's home directory when we create the user.

/etc/security/limits :

 It contains all the resource limits (ulimits) for the users.

Here are the various ulimit values ...

fsize, fsize_hard - Soft and hard limit for the size of a file a user can create

core, core_hard - Soft and hard limit for the Size of core file a user can create
cpu, cpu_hard - Soft and hard limit for the amount of system time allowed
data, data_hard - Soft and hard limit for the size of the process data segment
stack, stack_hard - Soft and hard limit for the size of the process stack segment
rss, rss_hard - Soft and hard limit for the physical memory allowed
nofiles, nofiles_hard - Soft and hard limit for the number of open file descriptors at one time
nproc, nproc_hard - Soft and hard limit for the number of running processes at one time

/etc/security/passwd :

This file contains the user's password information such as password, lastupdate and flags.

Here are the various flags user

ADMIN - It can be set so that only the root user can change the user's password.

ADMCHG - It can be set so that the user is prompted to change his or her password on the next login/su.

NOCHECK - It can be set so that any additional restrictions in /etc/security/user are ignored.

/etc/security/user :  This file contains very very important settings for every user.

Here are the parameters configured in the file for each and every user :

account_locked - To lock the user account. This can takes values TRUE or FALSE

admin - To specify whether the user is admin or not. It can take calues TRUE or FALSE

expires - It is configured to set the expiration date for the user beyond which the user will be locked. It can take values in the format MMDDHHYY.

histexpire - To specify the # of weeks the user can't reuse a password. It can takes values between 0-260

histsize - To specify the # of passwords previously used that can't be reused. It can take values between 0-50

login - To specify whether a user can log in or not. It can take values TRUE or FALSE.

maxage - To specify the # of weeks a password is valid. It can take values between 0-52.

minage - To specify the # of weeks a user must wait before changing his or her password. It can take values between 0-52.

rlogin - To specify whether a user can be accessed remotely via telnet,ssh, ftp. It can take values TRUE or FALSE.

su - To specify whether other user can use su to access this account. It can take values TRUE or FALSE.

/usr/lib/security/mkuser.default :  This file contains the default values that are set while creating an user.

/etc/security/login.cfg : This file contains the message that is displayed whenever you login to the system.
You can always change it using chsec command or by editing this file directly in vi editor.


Here are the few attributes of a user which you may be interested.


id - User Identification Number is a unique i dfor every user. root user's id is always 0.

pgrp - Primary Group of a user

groups - Secondary Groups of a user. An user can belong to maximum 128 groups in AIX 5.3 and 6.1.

home - Home directory to store the user's files

shell - Shell that runs when the user login

gecos - Description or some comments about the user


There are 6 main commands used in the administration of user :

mkuser     - Add a user
chuser      - Change an attribtue of a user
lsuser       - List the attribtues of a user
rmuser     - Remove a user
passwd    - To set password for a user and for various other purposes

These words can also be used as fastpaths for smitty.
For example, # smitty mkuser will open a form to create a user.

For doing the whole user administration, you can use

# smitty user and go thru the menu items for various operations.

Now let us see the commands to administrate users ...

To create a user called 'jack' with default settings and allocate the next available uid :
# mkuser jack

To create a user with home dir as /opt/$username, primay group as 'dba' :
# mkuser home=/opt/jack pgrp=dba jack

To know about the user :
# finger jack

To change the primary group for a user :
# chuser pgrp=oracle jack

To list the attributes of a user in stanza structure :
# lsuser -f jack

To list the attributes of a user delimited by comma :
# lsuser -c jack

To list home and shell attributes for the users jack and tom :
# lsuser -a shell home jack,tom

To set the password for a newly created user :
# passwd jack

To clear the flag ADMCHK for jack :
# pwdadm -c jack

If you dont do this after setting a password for jack, he will be prompted to change his password on the first login.

To change the gecoz for a user :
# passwd -f jack

To change the shell for a user :
# passwd -s jack

To list the last password update date/time and the flags for a user :
# passwd -q jack

To set the ADMIN flag for a user :
# passwd -f ADMIN jack

ADMIN flag ensures that only the root user can change the password for Jack.

To remove the user :
# rmuser jack

Note: rmsuer doesn't remove the home directory for a user.
You have to remove it may be after the backup.

To remove the user along with his password information :
# rmuser -p jack

To list the currently logged in users :
# who
Note: This command will show the contents of /etc/utmp which is a binary file.

To list the login and logout information for the machine :
# last
Note: This command will show the contents of /var/adm/wtmp file, which is a binary file. Over a period of time, this file will occupy the /var file system a lot. Hence nullify the file once in a 6 months or depending upon the # of login/logout actions in the system.

To clear(nullify) the wtmp file, you can use any of the below commands

# cp /dev/null /var/adm/wtmp
# > /var/adm/wtmp

To change the default message(herald) that is shown after user login :
# chsec -f /etc/security/login.cfg -a default -herald

As a user, you have to protect (lock) your terminal whenever you go for a coffee break.
# lock -> To lock your telnet or ssh terminal

If you use XWindowsm you can use the below command
# xlock

20. Sometimes you may want to login as root to execute some admin commands. For this you dont have to logout from current user and login as root.You can use su command to swtich user and execute the commands and say 'exit' to come out of the su window.

To su to root, you can use any of the below commands

# su - root
# su -

To su to other user called tom,
# su - tom
These su operations are logged into /var/adm/sulog file. You have to nullify this file on certain period of time to make some space in /var file system.

How to disable direct root login via telnet and ssh ?
To disable direct root login thru telnet or ssh, you have to set 'rlogin' attribtue for root user to false.

You can use the below command to do so.
# chuser rlogin=false root

How to enforce automatic logoff after certain timeout period ?

To enforce automatic logoff after timeout period of 10 minutes, enter the following line in /etc/security/.profile after the AIX installation.

TMOUT=600 ; TIMEOUT=600 ; export readonly TMOUT TIMEOUT


I will update this blog whenever I come across other commands.

We will talk about group administration in the next part.

Thanks for visiting.

- Raja

Sytem Dump in AIX

               A system dump is created when the system gets an unexpected system halt or a crash. The dump will be written to the primary dump device, if not available then to the secondary dump device.
You can also initiate it using certain commands.

              After the reboot, if the cofy flag is set to TRUE, a menu will be displayed on the console requesting the removable media to copy the dump. It can be either /dev/rmtn or /dev/fd0. Otherwise, it will be copied to a file named vmcoren under /var/adm/ras.


Default Dump Device:

AIX V 4.1 and earlier :
Default dump device is /dev/hd7


AIX 5.1 and above :
Primary : /dev/hd6          Secondary : /dev/sysdumpnull
Note: If the real memory size is larger than 4GB, then a dedicated dump device called "lg_dumplv" will be created.


Here are some commands:

1. To view the current dump configuration :

# sysdumpdev -l

primary /dev/hd6
secondary /dev/sysdumpnull
copy directory /var/adm/ras
forced copy flag TRUE
always allow dump FALSE
dump compression OFF

To change the primary dump device temporarily :
# sysdumpdev -p /dev/dumplv

To change the primary dump device permanently :
# sysdumpdev -P -p /dev/dumplv

To change the secondary dump device temporarily :
# sysdumpdev -s /dev/dumplv

To change the secondary dump device permanently :
# sysdumpdev -P -s /dev/dumplv

To set the copy flag :
# sysdumpdev -K

To unset the copy flag :
# sysdumpdev -k

To estimate the dump size :
# sysdumpdev -e

To list the last dump information :
# sysdumpdev -L
Device name: /dev/lg_dumplv
Major device number: 12
Minor device number: 4
Size: 42123543 bytes
Date/Time: Wed Jan 01 12:03:00 CDT 2009
Dump status: 0
dump completed successfully
Dump copy filename: /var/adm/ras/vmcore.1

To copy the saved vmcoren file to tape :
# snap -gfkD -o /dev/rmt0

To read the dump file :
# crash dump unix
>

To change the dump file location and if the copy fails it should ask external media to copy the dump file :
# sysdumpdev -D /opt/dumpfiles

To change the dump file location and if the copy fails it should ignore the system dump :
# sysdumpdev -d /opt/dumpfiles

To specify the dumps should not be compressed :
# sysdumpdev -c

To specify the dumps should be always compress :
# sysdmpdev -C

To find out whether a new systemp dump has occured before the last reboot :
# sysdumpdev -z

Sendmail Configuration in AIX

Daemon : sendmail

To start the daemon :

# startsrc -s sendmail -a "-bd -q30m"
where
bd - To start the sendmail as a SMTP mail relay router
q - Is the interval in which the sendmail daemon processes the saved messages

To start the daemon automatically after the system boot:

a. # vi /etc/rc.tcpip

b. Uncomment the below line
start /usr/lib/sendmail "$src_running" "-bd -q${qpi}"

To display the status of the daemon :

# lssrc -s sendmail
# ps -ef | grep sendmail

To stop the daemon :

# stopsrc -s sendmail
# kill -1 `cat /etc/sendmail.pid`

Configuration File:

/etc/sendmail.cf - Where the hostname, Relay server name,... are stored.

Alias File :

/etc/aliases - Where the group(alias) to member mapping is stored.


To Add the hostname in the sendmail configuration :

a. Vi /etc/sendmail.cf

b. Change "#DwYourHostName" to "Dw{hostname of local server}"

c. # refresh -s sendmail


To Add the mail (relay) server in the sendmail configuration :

a. Vi /etc/sendmail.cf

b. Change "#DSrelayhostname" to "DS{hostname of the Relay Server}"

c. # refresh -s sendmail


To send the mails,

# echo "Test Message" | sendmail -v raja@server1.domain.com


If you add any alias in /etc/aliases file, then do the following

# sendmail -bi
This will make the sendmail daemon to re-read the aliases file.



To display the list of messages in the mail queue :


# mailq (or) # sendmail -bp


Duirectory containing log files and temp files associated with messages in the mail queue :

/var/spool/mqueue

To delete the first 1000 messages in the root's mail queue :
# mail -u root , then enter "d 1-1000"


Please let me know for any improvements or addons.

Backup and Restoration

System [rootvg] Backup :

Few Points:
a. rootvg backup can be taken thru mksysb command. Most people refer it as mksysb backup.
b. This type of backup on a tape is bootable. Hence its been widely used to restore the system incase of system crash.
c. Mksysb backup contains 4 images
i. BOS Boot Image - Kernel Device Drivers
ii. mkinsttape image - ./image.data, ./tapeblksz, ./bosinst.data and few other commands
iii. dummy .toc - Nothing but a dummy table of contents file
iv. rootvg data - This is where the actual data resides

Files used by mksysb:

/image.data :
Contains information about the image installed during the BOS installation process. This includes the sizes, names, mount points of LVs and file systems in the rootvg [Actually nothing but the rootvg structure]. It can be created using mkszfile command.

/var/adm/ras/bosinst.data :
It allows you to customize the OS installtion. Modified mostly to use the mksysb image to install new servers.

Few Commands :

To generate just /image.data :
# mkszfile

To create /image.data and generate a system backup on the tape :
# mksysb -i /dev/rmt0

To generate a system backup on the tape but to exclude /home directory and to create /image.data :
# echo /home > /etc/exclude.rootvg
# mksysb -ei /dev/rmt0

To list the contents of a mksysb image :
# lsmksysb -f /backup/system1.mksysb

To restore a specific file from mskysb image :
a. Rewind the tape :
# tctl -f /dev/rmt0 rewind
b. Move the tape forward to the end of 3rd image :
# tctl -f /dev/rmt0.1 fsf 3
c. Restore the specific file:
# restore -xqvf /dev/rmt0.1 /home/user1/file1

Non-rootvg Backup :

Few Points:
a. Volume groups other than rootvg can be backup'ed using savevg command.
b. You can exclude certain files by creating /etc/exclude.vgname.
c. VG data files are kept under,  /tmp/vgdata/vg-name/vg-name.data.

Few Commands :

To backup a datavg to the tape drive :
# savevg -if /dev/rmt0 datavg

To backup a datavg to the tape drive and exclude certain files :
# savevg -ief /dev/rmt0 datavg

To restore the datavg image from the tape onto the disks specified in /tmp/vgdata/datavg/datavg.data file :
# restvg -f /dev/rmt0

To create the data file (/tmp/vgdata/oravg/oravg.data) for oravg :
# mkvgdata oravg

File System Backup :
File systems can be backup'ed using many ways.Few commands used for this are backup, cpio, dsm [TSM Client].

To back up all the files and subdirectories in the /home directory using full path names :
# find /home -print l backup -if /dev/rmt0

To back up all the files and subdirectories in the /home directory using relative path names :
# cd /home
# find . -print l backup -if /dev/rmt0

I have used "l" for the pipe symbol as it was not displaying properly in blog.

To backup a list of files:
# cat bakfile
/home/raja/file1.txt
/home/raja/file2.txt
/home/raja/file3.txt

# backup -iqvf /dev/rmt0

I-node Base Backup:


Here is  the syntax for the backup command in case of inode based backup

Syntax:
# backup [-u] [-level] [-f device] filesystem

u -> Updates the /etc/dumpdates file
-level -> Values available from 0 to 9 where 0 is the full backup and 1-9 for backup the changes since the previous level.

To back up the /home file system by i-node :
# backup -0 -uf /dev/rmt0 /home

i-node based backup has the advantage of making incremental and differential backups. Here we use the numeric flags (0 to 9) to make the difference in the way it back ups. It actually updates the date/time/mode of last backup in /etc/dumpdates when you use the 'u' flag.

Here are the different numeric flags used and their meanings,

0 - Full Backup
1 - Back ups the files created/modified from the date/time of 0th backup
2 - Back ups the files created/modified from the date/time of 1th backup
3 - Back ups the files created/modified from the date/time of 2th backup
4 - Back ups the files created/modified from the date/time of 3th backup
5 - Back ups the files created/modified from the date/time of 4th backup
6 - Back ups the files created/modified from the date/time of 5th backup
7- Back ups the files created/modified from the date/time of 6th backup
8 - Back ups the files created/modified from the date/time of 7th backup
9 - Back ups the files created/modified from the date/time of 8th backup

Few Examples for i-node based backup :


Scenario 1 - Full and Incremental Backup :


If you want to have full backup of /home on sunday night and incremental backup on other nights, then follow the below procedure.

Sunday Night - Full Backup :
# backup -0 -uf /dev/rmt0 /home

Monday Night - Incremental Backup :
# backup -1 -uf /dev/rmt0 /home

Tuesday Night - Incremental Backup
# backup -2 -uf /dev/rmt0 /home

Wednesday Night - Incremental Backup :
# backup -3 -uf /dev/rmt0 /home

Thursday Night - Incremental Backup :
# backup -4 -uf /dev/rmt0 /home

Friday Night - Incremental Backup
# backup -5 -uf /dev/rmt0 /home

Saturday Night - Incremental Backup :
# backup -6 -uf /dev/rmt0 /home

Advantages of Incremental Backup:
a. It takes lesser time to restore the specific data.For example, if you lose a file that was created on thursday morning, then you need only the wednesday night tape to restore the specific file.
b. This method consumes less tapes for backup. Hence its cost effective compared to differential backup.

Disadvantages of Incremental Backup:
a. You need more number of tapes (from sunday-full to last night-incre) to restore the entire file system.

Scenario 2 - Full and Differential Backup :


If you want to have full backup of /home on sunday night and differential backup on other nights, then follow the below procedure.

Sunday Night - Full Backup :
# backup -0 -uf /dev/rmt0 /home

Monday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Tuesday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Wednesday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Thursday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Friday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Saturday Night - Differential Backup :
# backup -1 -uf /dev/rmt0 /home

Advantages of Differential Backup:
a. It takes less tapes (from sunday-full and last night-incre) to restore the entire file system.Hence it is easy for the backup operator to restore the data.

Disadvantages of Differential Backup:
a. It consumes more tapes for backup. (since we are going to backup the same old files again and again for the whole week).Hence cost is more in this type of backup.

To list the contents of backup on the tape :
# restore -Tvf /dev/rmt0

To restore individual files from backup created by 'backup -i' command :
# restore -xvf /dev/rmt0 /home/user1/file1

To restore the entire file system :
# restore -rvf /dev/rmt0

Other Unix Backup Commands:

TAR:
tar is the only command (i think so) in UNIX which doesnot require a dash(-) infront of a flag.

To create a tar image in /tmp for a directory :
# tar cvf /tmp/oradata.tar /opt/oradata

To view the contents of a tar image :
# tar tvf /tmp/oradata.tar

To restore the tar image :
# tar xvf /tmp/oradata.tar

CPIO :
cpio reads and writes from stdin and stdout.

To backup the current directory to a /tmp/file.cpio file :
# find . -print cpio -ov > /tmp/file.cpio
To view the table of contents of the cpio archived tape :
# cpio -itvcC1 < /dev/rmt0


To restore data from the cpio archive file :
# cpio -idv < /tmp/file.cpio

To restore a selective file from cpio archived tape :
# cpio -imv /home/roger/.profile < /dev/rmt0

To restore selectively only the *.c and *.cpp file :
# cpio -i "*.c" "*.cpp" < /dev/rmt0


DD Command :
'dd' command copies (also converts) from an input device to an output device. This command will not span multiple tapes.
To copy a file and converting all the chars to upper case :
# dd if=/tmp/unixfile.txt of=/tmp/dosfile.txt conv=ucase

Tcopy Command :
Copies from one tape device to another.
To list the contents of a tape media :
# tcopy /dev/rmt0
To copy all the data from one tape to another tape device :
# tcopy /dev/rmt0 /dev/rmt1

tctl Command :
tctl has been widely used to control tape drives.
To rewind a tape device :
# tctl -f /dev/rm0 rewind
To fast forward to the beginning of 2nd tape mark :
# tctl -f /dev/rmt0.1 fsf
To do retension :
# tctl -f /dev/rmt0 retension
Retension is nothing but moving the tape to beginning, end and again to the beginning. You have to do this, if you encounter multiple read errors during the restoration operation.
To display the status of atape device :
# tctl -f /dev/rmt0 status
To eject a tape device :
# tctl -f /dev/rmt0 offline
TSM Client :

Few Points:
a. It requires a connection to TSM server and also a registeration in the TSM server.
b. You can take the 'backup' and 'archive' based on the TSM server configuration.
c. Archive can be taken for 90 days, 180 days, ... based on the management class.
d. Backup can have different versions. Last backup is the new and current version and oldest backup is the old version for every file that is backed up.
e. Most of the small sized companies keep 3 versions of backup, that means can have 3 backup version for each file.

To Backup a file :
# dsm backup /tmp/file1

To archive a file :
# dsm archive /tmp/file1

To list all the backed up filesystems :
# dsm query filespace

To verify the backup of a file :
# dsmc query backup /tmp/file1

To verify the inactive version of a backup of a file :
# dsmc query backup -inactive /tmp/file1

To verify the archive of a file :
# dsmc query archive /tmp/file1


To backup VIO Server :

To take the OS backup in a CD ROM :
# backupios –cd /dev/cd1 -cdformat

To take the OS backup in a DVD-RAM :
# backupios –cd /dev/cd1 -udf

To take the OS backup in a tape drive :
# backupios –tape /dev/rmt0

To verify the backup available in a tape :
# backupios –tape /dev/rmt0 -verify

To generate vio backup (tar file) in a file  :
# backupios –file /opt/file1

To generate vio backup (mksysb image) in a file :
# backupios –file /opt/file1 -mksysb

Note:    To restore a backup image on vio server, you have to use "installios" command in HMC. installios is a menu driven command (tool) which will ask for machine name, vio server(lpar) name, profile name for restoring the mksysb image.

Please let me know for any comments or corrections.

Tips on VIrtualization and Micropartitioning

1. What are the different types of installation of VIO server ?

a. Installation from CD
b. NIM Based installation

2. What is the maximum # of virtual processor per partition (lpar) ?

64 Virtual Processors

3. What is the maximum # of logical processor supported by AIX Operating System ?

128 Logical Processors

4. What are the different types of processor sharing modes ?

Capped or Uncapped modes

5. What are the different types of I/O virtualization that can be implemented in a p5 server ?

a. Virtual Ethernet
b. Shared Ethernet Adapters
c. Shared Fibre Channel Adapters
d. Virtual Disks

6. What is the range for variable capacity weight ?

0 to 255 is the range for the variable capacity weight.
128 is the default weight for uncapped partitions.
Weight 0 is equivalent to capped mode.

7. What is the LMB for Power 4 and Power 5 machines ?

Power 4 - 256 MB Logical Memory Block
Power 5 - 16 MB LMB

LMB is the minimum memory block that can allocatable to an LPAR.

8. What is the minimum allocatable processing unit for an lpar ?

Initial assignment is a minimum of 0.10 (1/10th) processing unit.
Increments can be made at a minimum of 0.01 (1/100th) proccessing unit.

9. How can we calculate hypervisor overhead for an lpar ?

It can be calculated by dividing the maximum memory setting by 64 and rounding up to the nearest logical memory block size.

10. TIP :

You can have maximum of 256 VIO slots per partition

11. TIP :

In VIO Server, you can have maximum of 65535 virtual I/O slots

12. TIP :

You can have maximum of 256 Virtual Ethernet Adapters per partition

13. TIP :

You can have 254 partitions or 10 * # processors per power machine

14.

Under construction ...

Performance Monitoring and Tuning in AIX

Performance Monitoring :

1. How to find out the system-wide memory usage ?
# svmon -G -i 2 5

2. How to list top 10 memory consuming processes ?

You can use any of the below commands
# svmon -Put 10
# ps aux head -1; ps aux sort -rn +3 head

3. How to list top 10 cpu consuming processes ?

# ps aux head -1; ps aux sort -rn +2 head -10

4. What is the best command for general performance monitoring :

# topas

You can even use 'jtopas', which is a java based system monitoring tool.

5. How to start trace for the entire system ?

# trace -a

6. How to stop trace ?

# trcstop

7. Where is the log file for trace tool located ?

/var/adm/ras/trcfile

8. What is the command used to generate trace report from a trace log file ?

# trcrpt

9. How to generate report on utilization statistics related to an LPAR ?

# lparstat

10. How to display the LPAR configuration report ?

# lpstat -i

11. What are the mostly used commands to find the cpu, memory,disk i/o statistics ?

# sar -> CPU, Memory statistics
# vmstat -> CPU, Memory statistics
# iostat -> CPU, Disk I/O satistics
# topas -> CPU, Memory, Network and Disk I/O statistics
# ps aux -> CPU, Memory statistics

12. How to display processes related to a specific user ?

# ps -fu username

13. How to list all the 64bit processes running in a system ?

# ps -efM

14. How to enable Interface Specific Network Options in AIX ?
# no -o use_isno=1

By enabling use_isno option, you can set buffer settings on a specific interface, giving you better control over performance management of network interfaces.

15. What is 'thewall' and how to set ?
'thewall' in AIX defines the upper limit for network kernel buffers.

When running AIX 5L V5.3 running a 32 bit kernel is 1GB or half the size of real memory depending on which of the two is the smallest. If you have AIX 5L V5.3 running a 64bit kernel the size of thewall will be 65GB or half the size of real memory, depending on which of the two is smaller.
To display the size of the thewall,

# no -o thewall

Note:
the size of thewall is static from AIX 5L Version 5.1 and later, and cannot be changed, to reduce the upper limit of memory used for networking make use of the maxmbuf tunable.

16. What is maxbuf tunable variable and how to set it ?

The maxmbuf tunable used by AIX specifies the maximum amount of memory that can be used by the networking subsystem.

It can displayed by using the below command,
# lsattr -El sys0 -a maxbuf

By default the maxmbuf tunable is disabled, it is set to 0, this means that the value of thewall will be used to define the maximum amount of memory used for network communications. By setting a non zero value to maxmbuf will override the value of thewall. This is the only way of reducing the value set by thewall.

The value of maxbuf's is defined by 1Kb units. To set its value to 1GB,
# chdev -l sys0 -a maxmbuf=1000000

17. How to find out the media speed of a network interface ?

# netstat -v ent0 grep Media

18. How to view the statistics for a specific network adapter ?

# entstat -d ent1

You can also use "netstat -v ent1".

19. How to reset the above network statistics ?

# entstat -r ent1

20. How to start iptrace on a specific network adapter ?

To Start :
# startsrc -s iptrace -a "-i en0 iptrc.out" &

To Stop:
# stopsrc -s iptrace

21. How to generate report from the iptrace's output file ?

# ipreport -r -s iptrc.out > ipreport

22. How to get the NFS statistics ?

NFS server RPC statistics : # nfsstat -sr
NFS server NFS statistics : # nfsstat -sn
NFS client RPC statistics : # netstat -cr
NFS client NFS statistics : #netstat -cn
Statistics on mounted file systems : # nfsstat -m
To reset the nfsstat statistics : # nfsstat -z

23. How to list the current values of all the network tunables?

# no -a

24. How to display the current value of a specific network tunable?

# no -o tcp_recvspace

25. How to display all the values (current, default, boot, min, max..) values of a network tunable ?

# no -L tcp_recvspace

26. What is the file that holds the next boot tunables's values ?

/etc/tunables/nextboot

27. What is the file that automatically generated with all the values of the network tunables that were set immediately after the reboot ?

/etc/tunables/lastboot

28. How to change the current value of a network tunable's value as well as add the entry to the /etc/tunables/nextboot file ?

Use the 'p' flag in the no command.

For Ex., # no -p -o tcp_recvspace=16k

29. How to display all the NFS network variables ?

# nfs -a

30. How to enable the collection of disk input/output statistics ?

# chdev -l sys0 -a iostat=true

31. How to display the 5 busiest logical volumes in a VG ?

# lvmstat -v datavg -c 5

32. How to display, enable and disable the statistics collection for a VG ?

To enable: # lvmstat -v datavg -e
To disable: # lvmstat -v datavg -d
To show : # lvmstat -v datavg

33. How to display the statistics for a LV ?

# lvmstat -l lv001

34. How to report disk statistics ?

# sar -d 5 60
Abovc command displays the disk i/o statistics 60 times in 5 sec interval.

35. How to list top 10 real memory consuming processes ?

# svmon -Put 10

36. How to list top 10 paging space consuming processes ?

# svmon -Pgt 10

37. How to list the files opened by a process ?

# svmon -pP Process_id

38. How to find out the memory usage of a specific process ?

# svmon -wP

39. How to display the paging (swap) usage ?

# swap -s allocated = 4718592 blocks used = 1475527 blocks free = 3243065 blocks

#swap -l
device maj,min total free
/dev/paging02 38, 4 4608MB 3166MB
/dev/paging01 38, 3 4608MB 3168MB
/dev/paging00 10, 14 4608MB 3167MB
/dev/hd6 10, 2 4608MB 3167MB

40.

Under Construction ....

LDAP in AIX

LDAP can be implemented in AIX using IBM Directory Server software which is available in the AIX installation CDs.

Required File Sets:
ldap.server - Fileset for IBM Directory Server software.
ldap.client - Fileset for IBM Directory client library, header files, utilities.
ldap.max_crypto_server - Fileset for IBM Directory server software, encryption version; Required for SSL setup.
ldap.max_crypto_client - Fileset for IBM Directory client software, encryption version; Required for SSL setup.
gskkm.rte - Fileset for IBM GSKit software; Required for IDS v4 SSL setup.
gskak.rte - Fileset for IBM GSKit software; Required for IDS v6 SSL setup.

DB2:
DB2 database is installed by default along with the ldap.server fileset.

mksecldap command creates the default db2 instance and database while setting up the LDAP server.

Default DB2 instance created, managed by LDAP: ldapdb2
Default DB2 database created, managed by LDAP: ldapdb2

LDAP Daemons in AIX :

slapd - Server Daemon :
It runs in LDAP server, processes the requests forwarded by secldapclntd.

secldapclntd - Client Daemon :
It accepts requests from the LDAP load module, forwards the request
to the LDAP Security Information Server, and passes the result from
the server back to the LDAP load module.
This daemon reads the configuration information defined in the /etc/
security/ldap/ldap.cfg file during its startup, and authenticates to
the LDAP Security Information Server using the server administrator's
distinguished name and password, and establishes a connection between
the local host and the server.

LDAP Configuration Files:

/etc/slapd32.conf
- Server Config File

/etc/security/ldap/ldap.cfg
- Client Config File contains ldap server names,port numbers, Admin
DN, Admin DN password, SSL key/path, user/group/id Attr Map Path, user/
group cache size, cache TTL, heart beat interval, # of thread.

/usr/lib/security/methods.cfg
- Loadable module config file contains the LDAP stanza.

LDAP module entry in /usr/lib/security/methods.cfg :

LDAP:
program = /usr/lib/security/LDAP
program_64 = /usr/lib/security/LDAP64

Attribute Map Files:
These map files are used by the /usr/lib/security/LDAP module and the secldapclntd daemon for translation between AIX attribute names to

LDAP attribute names.
Each entry in a mapping file represents a translation for an attribute.

For Example, "accountlocked" user attribute in AIX is mapped to
"isaccountenabled" LDAP attribute.

# /etc/security/ldap/2307aixuser.map
# /etc/security/ldap/2307aixgroup.map
# /etc/security/ldap/idmap.map

User Attributes related to LDAP:
1. hostsallowedlogin = List of hosts where login is enabled
2. hostsdeniedlogin - List of hosts where login is disabled
3. SYSTEM = LDAP
4. registery = LDAP

Management of secldapclntd daemon:

start-secldapclntd - Starts the daemon
stop-secldapclntd - Stops the daemon
restart-secldapclntd - Restarts the daemon
ls-secldapclntd - Lists the daemon status including current server,
port number, caching status, etc.
flush-secldapclntd - Clears the cache of the daemon

Note: secldapclntd daemon is started by "mksecldap -c" command and it
gets started on boot time thru /etc/inittab entry.

LDAP Server Commands:

To setup the server,
# mksecldap -s -a cn=admin -p pwd -S rfc2307aix

where
cn=admin is the administrator DN
pwd is the password
rfc2307aix is the schema. Other available schemas are aix and rfc2307.

This will export the locally defined users and groups to the LDAP server with RFC2307AIX schema.

To do the above task without migrating local users and groups,
# mksecldap -s -a cn=admin -p pwd -S rfc2307aix -u NONE

To undo a previous server setup,
# mksecldap -s -U

To generate/import SSL certificate,
# gsk5ikm

To export all locally defined users and groups to a ldif file,
# sectoldif -d cn=aixsecdb,cn=aixdata -S rfs2307aix > /tmp/ ldapusers.ldif

To import users and groups from ldif file to the LDAP server,
# Use ldif2db or ldapadd command

LDAP Client Commands:
To setup LDAP client without SSL,
# mksecldap -c -h servername -a adminDN -p passwd

To setup ldap client using SSL,
# mksecldap -c -h servername -a adminDN -p passwd -k /usr/ldap/etc/
mykey.kdb -p keypwd

To undo a previous client setup,
# mksecldap -c -U

DB2 commands for managing LDAP database:

To drop(delete) the ldapdb2 database:
# su - ldapdb2
$ db2 drop database ldapdb2
$ exit

To drop the ldapdb2 instance:
# /usr/lpp/db2_07_01/instance/db2idrop ldapdb2

User/Group Related Commands:

To create a LDAP user from a client:
# mkuser -R LDAP joe

To modify the authentication method to LDAP for user1:
# mkuser SYSTEM=LDAP registry=LDAP user1

To lock a LDAP user:
# chuser -R LDAP account_locked=true user2

To allow user1 to login from host1 and host2:
# chuser -R LDAP hostsallowedlogin=host1,host2 user1

To deny user1 to login from host2:
# chuser -R LDAP hostsdeniedlogin=host2 user1

To allow user1 to login from the machine with IP 192.9.200.1 :
# chuser -R LDAP hostsallowedlogin=192.9.200.1 user1

Please post your comments and questions.

My Notes on NIM - Network Installation Manager

Required Filesets:

For Server - bos.sysmgt.nim.master and bos.sysmgt.nim.spot
For Client - bos.sysmgt.nim.client

Few Resource Definitions:

SPOT - Shared Product Object Tree is a directory containing files required to boot a machine and the boot image

LPP_SOURCE - Licensed Program Product source is a directory containing images/filesets that AIX uses to load software

MKSYSB - Mksysb resource used to build a machine

Requirements for NIM Server:

Disk Space :
1. 3 GB per base lpp_source resource
2. 500 MB + per mksysb resource
3. 500 MB per SPOT resource
4. Additional buffer space for future growth

Other Requirements:
# Minimum 512 MB real memory
# 10 or 100 MBPS ethernet adapter

My Recommendations for NIM VG and Filesystems :

1. Create a seperate VG called 'nimvg' with enough space.

2. Create the following filesystems in nimvg based upon your requirement

 a. /tftpboot - To hold boot images
 b. /export/nim - To hold the resources like SPOT, LPP, Mksysb

Directory Structure :
/export/nim/lpp_source - To hold lpp source resources
/export/nim/spot             - To hold spot resources 
/export/nim/mksysb       - To hold the mksysb backup for clients

Naming Schemes:

Follow the below schemes to easily identify during regular operations :

spot530TL6              - SPOT for AIX V 5.3 TL 6
spot530TL9              - SPOT for AIX V 5.3 TL 9
lpp_source530TL6  - LPP_SOURCE for AIX V 5.3 TL 6
lpp_source530TL9  - LPP_SOURCE for AIX V 5.3 TL 6
client_server1          -  Mksysb image of the host server1
client_server2          - Mksysb image of the hsot server2


How to setup the NIM Master :

0. Create the /tftpboot and /export/nim file systems as per yoru requirement

1. Initial setup of NIM Master
  a. ODM database
  b. Boot Area: /tftpboot directory that is used to store boot files (images)
  c. /etc/niminfo         -  Is the Key configuration file that exists on both master and clients
  d. nimesis daemon - This is the daemon which used to communicate with the nim clients

2. Insert the AIX CD into the master server's CD Drive

3. Create LPP_SOURCE and SPOT resources

Commands to manage NIM master and clients:

To setup NIM Server:
# nim_master_setup -B -a device=/dev/cd0 -a file_system=/nim -a volume_group=nimvg

To setup NIM installation in a client:
# smitty nim_bosinst

To view the status of NIM installation in a NIM client:
# lsnim -l client_hostname

To define a lpp_source resource:
# nim -o define -t lpp_source -a source=/dev/cd0 -a server=master -a location=/nim/lpp_source/AIX_5_3_4 AIX_5_3_4

To define a spot resource:

# nim -o define -t spot -a server=master -a location=/export/nim/spot -a source=lpp_source530 spot530

To remove a resource:
# nim -o remove AIX_5_3_4

To initialize a NIM client for diag operation:
# nim -o diag client_hostname

To initialize a NIM client for maintenance operation:
# nim -o maint client_hostname

To unconfigure a NIM server:
# nim -o unconfig master_server

To allocate a SPOT to a NIM client:
# nim -o allocate -a spot=AIX_5_3 client_hostname

To deallocate a SPOT from a NIM client:
# nim -o deallocate -a spot=AIX_5_3 client_hostname

To remove a NIM client after deallocating all its resources:
# nim -o remove client_hostname

To reboot a client:
# nim -o reboot client_hostname

To list all the NIM resources:
# lsnim

To list detailed information about a nim client:
# lsnim -l client_hostname

To list the resources allocated to a NIM client:
# lsnim -c resources client_hostname

This post is under construction. Please visit later for the upgraded version.

A Video on File / Directory Security

Part 1


Part 2


Part 3

A Video on User Administration

Under Construction

User Administration - Part 1


User Administration - Part 2


User Administration - Part 3


User Administration - Part 4




User Administration - Part 5



User Administration - Part 6

Multibos - Video

Volume Group - Video

HMC Tips IX - System Plan

How to make a system plan from a running machine ?
# mksysplan -f marc.sysplan -m Machine-Name -v
where
marc.sysplan is the file name.

How to list a system plan ?
# lssysplan

How to delete a particular system plan ?
# rmsysplan

How to reploy a system plan on a managed server ?
# deploysysplan

How to copy a system plan from/into the HMC ?
# cpsysplan

HACMP Tips III - C-SPOC Commands

CSPOC commands are located under /usr/es/sbin/cluster/sbin. If you need, please add this directory to your PATH.

1. To create a user in a cluster :

# cl_mkuser

2. To change/set passwd for a user in a cluster :

# cl_chpasswd

3. To change a user's attribute in a cluster :

# cl_chuser

4. To remove a user in a cluster :

# cl_rmuser

5. To list users in a cluster :

# cl_lsuser

6. To create a group in a cluster :

# cl_mkgroup

7. To change attributes of a group :

# cl_lsgroup

8. To remove a group in a cluster :

# cl_rmgroup

9. To create a shared VG in a cluster :

# cl_mkvg

10. To change the attributes of a shared VG :

# cl_chvg

11. To extend a VG (add a PV to a VG) :

# cl_extendvg

12. To reduce a VG (remove a PV from a VG) :

# cl_reducevg

13. To mirror a VG :

# cl_mirrorvg

14. To unmirror a VG :

# cl_unmirrorvg

15. To list VG's in a cluster :

# cl_lsvg

16. To sync a VG :

# cl_syncvg

17. To import a volume group :

# cl_importvg

18. To import a VG into a list of nodes :

# cl_updatevg

19. To activate/varyon a VG :

# cl_activate_vgs VG_name

20. To deactivate/varyoff a VG :

# cl_deactivate_vgs VG_name

21. To create a LV :

# cl_mklv

22. To change the attributes of a LV :

# cl_chlv

23. To list a LV :

# cl_lslv

24. To remove a LV :

# cl_rmlv

25. To make copies for a LV :

# cl_mklvcopy

26. To remove copies for a LV :

# cl_rmlvcopy

27. To extend a LV :

# cl_extendlv

28. To create a file system in a cluster :

# cl_crfs

29. To create a LV followed by a FS :

# cl_crlvfs

30. To change the attribute of a FS :

# cl_chfs

31. To lsit file systems :

# cl_lsfs

32. To remove a FS :

# cl_rmfs

33. To show JFS2 file systems with all attributes :

# cl_lsjfs2

34. To list JFS2 filesysems and their resource groups :

# cl_showfs2

35. To activate/mount a file system :

# cl_activate_fs /filesystem_mountpoint

36. To activate/mount a NFS file system :

# cl_activate_nfs retry NFS_Hostname /filesystem_mountpoint

37. To deactivate/unmount a file system :

# cl_deactivate_fs /filesystem_mountpoint

38. To deactivate/unmount a NFS file system :

# cl_deactivate_nfs /filesystem_mountpoint

39. To export(NFS) a file system :

# cl_export_fs hostname /filesystem_mountpoint

40. To list the process numbers using the NFS directory :

# cl_nfskill -u /nfs_mountpoint

41. To kill the processes using the NFS directory :

# cl_nfskill -k /nfs_mountpoint

This post is under construction.
Please check the updated version in future.

HACMP Tips II - Utility Commands

Following utility commands are available under /usr/es/sbin/cluster/utilities.
If you use it very frequently, its better to add it to your PATH variable.

To list cluster and node topology information :
# cltopinfo (or) cllscf

To show the config for the nodes :
# cltopinfo -n

To show all networks configured in the cluster :
# cltopinfo -w

To show resources defined for all groups :
# clshowres

To show resources defined to selected the group :
# clshowres -g

To list all resource groups :
# cllsgrp

To list all file systems :
# cllsfs

To list the service IPs configured for a node :
# cllsip nodename

To show the whole cluster configuration :
# cldump

To show adapter information :
# cllsif

To show network information :
# cllsnw

To show the status of resource groups :
# clfindres

To list all resources :
# cllsres

To list all tape resources :
# cllstape

To list all nodes in a cluster :
# cllsnode

To list all application servers alongwith their start and stop scripts :
# cllsserv

To list all logical volumes in a cluster :
# cllslv

To list all IP networks in a cluster :
# cllsipnw

To list all alive network interfaces :
# cllsaliveif

HACMP Tips I - Files and Scripts

1. Where is the rhosts file located for HACMP ?

Location: /usr/es/sbin/cluster/etc/rhosts
Used By: clcomd daemon to validate the addresses of the incoming connections
Updated By:
It is updated automatically by clcomd daemon during the first connection.
But we should update it manually incase of configuring the cluster on an unsecured network.

2. What happened to ~/.rhosts file in the current version of HACMP ?

~/.rhosts is only needed during the migration from pre-5.1 versions of hacmp.
Once migration is completed, we should remove the file if no other applications need rsh.
From HACMP V5.1, inter-node communication for cluster services is handled by clcomd daemon.

3. What is the entry added to /etc/inittab for to IP Address Takeover ?

harc:2:wait:/usr/es/sbin/cluster/etc/harc.net # HACMP network startup

4. What is the entry added to /etc/inittab file due auto-start of HACMP ?
hacmp:2:once:/usr/es/sbin/cluster/etc/rc.init

5. What is the script used to start cluster services ?

/usr/es/sbin/cluster/etc/rc.cluster

6. rc.cluster calls a script internally to start the cluster services. What is that ?

/usr/es/sbin/cluster/utilities/clstart

7. What is the equivalent script for clstart in CSPOC ?

/usr/es/sbin/cluster/sbin/cl_clstart

8. What is the script used to stop cluster services ?

/usr/es/sbin/cluster/utitilies/clstop

9. What is the equivalent script for clstop in CSPOC ?

/usr/es/sbin/cluster/sbin/cl_clstop

10. What happens when clstrmgr daemon terminates abmornally ?

/usr/es/sbin/ckuster/utilities/clexit.rs script ahlts the system.
You can change the default behavior of the clexit.rc script by configuring
/usr/es/sbin/cluster/etc/hacmp.term

11. What script is invoked by clinfo daemon incase of a network or node event ?

/usr/es/sbin/cluster/etc/clinfo.rc


This post is under construction.
Please check the updated version in future.

HMC Tips VIII - DLPAR Requirements

1. What is version requirment for DLPAR operations ?

a. A P4 processor based pSeries system or later
b. October 2002 or later system microcode update
c. A HMC at version R3V1.0 or later
4. AIX 5L Version 5.2 or later

2. What are the AIX filesets required for DLPAR ?

a. # lslpp -l rsct.core*
b. # lslpp -l csm.client

3. What are the daemons required for DLPAR ?

#lssrc -a | grep rsct
ctrmc rsct 21044 active
IBM.CSMAgentRM rsct_rm 21045 active
IBM.ServiceRM rsct_rm 11836 active
IBM.DRM rsct_rm 20011 active
IBM.HostRM rsct_rm 20012 active
IBM.DMSRM rsct_rm 906 active
IBM.LparCmdRM rsct_rm 901 active

4. On HMC, how to list partitions recognized by DLAPR ?

# lspartition -dlpar

If all active AIX 5.2 partitions are listed as Active<1>, ..., DCaps:<0xf> your system has been set up properly for DLPAR.
If you're missing some active partitions or some partitions are reported as Active<0>, your system probably still has a network/hostname set up problem.

5. How to resolve name resolution issues between LPARs and HMC ?

Step I :
# vi /etc/resolv.conf
1.Same DNS server for LPARs and HMC
2.Remove the duplicate entries.

Step II:
Please check to see the that ct_node_id is unique for each node in the environment:
"cat /var/ct/cfg/ct_node_id"\

If duplicate ct_node_id values are found issue a recfgct on the problem node(s) to have a new/unique ct_node_id generated.
# /usr/sbin/rsct/install/bin/recfgct

(This command will start/restart ctcas,ctrmc system and will generate a new id in the file /var/ct/cfg/ct_node_id )

Step III:
ping from aix.

Step IV:
Please also do the following steps on the LPAR(s) to refresh RMC subsystem
/usr/sbin/rsct/bin/rmcctrl -z ----> Stops the RMC subsystem and all resource managers.
/usr/sbin/rsct/bin/rmcctrl -A ----> Adds and starts the RMC subsystem
/usr/sbin/rsct/bin/rmcctrl -p ----> Enables remote client connections

Step V:
Ensure /var directory is not 100% full
After expanding the /var directory, execute the following command.
# /usr/sbin/rsct/bin/rmcctrl -z
# rm /var/ct/cfg/ct_has.thl
# rm /var/ct/cfg/ctrmc.acls
# /usr/sbin/rsct/bin/rmcctrl -A

Step VI:
If problem still persists, please run the below command to collect the DLPAR log in /tmp/ctsupt:
# /usr/sbin/rsct/bin/ctsnap


6. How to find the parent device of a device like cdrom in AIX ?

# lsdev -Cl cd0 -F parent

HMC Tips VII - General Terms

1. What is the maximum number of servers managed by HMC ?

> Maximum of 48 non-590-595 servers
> Maximum of 32 590/595 servers

2. What is the maximum number of LPARs supported by a HMC ?

> Maximum of 254 LPARs

3. How many HMCs can manage a server at one time ?

> You can have a maximum of 2 HMCs manage a server at one time

4. What are the different types of dynamic operations you can do with CPU, Memory and I/O Adapter on a LPAR ?

> Add
> Remove
> Move

5. How do we connect the HMC to power machines ?

For Power-4 machines, we connect the hmc using serial cables.

But for Power-5 machines, HMC connects to service processors via SSL-encrypted Ethernet, replacing the serial cables.

6. Do we have firewall configured in HMC ?

Yes. Each network card has an integrated firewall.

7. Do we need to configure DHCP in HMC ?

HMC may or may not act as a DHCP server for entry and mid-range servers.

But for high-end servers like P595, HMC must be a DHCP server

8. Can we have the same HMC to manage P4 and P5 machines ?

POWER5 HMCs cannot manage POWER4 servers, and vice versa.

9. Can we have the existing P4 HMCs upgraded to support P5 machines ?

Yes. We can. This involves a complete overwirte of teh disk and the loss of all previous configuration including user profiles.

10. What to do incase of disk failure in HMC ?

We can restore the HMC using recovery CD.
Then restore the latest Critical consule data backup which will restore the profiles, user ids, passwords, etc..

11. What is the default user id and password for the HMC ?

When the HMC is powered on the first time, login as hscroot and password as 'abc123'.

12. Can we manage a power machine without a HMC ?

Yes. We can run a server in manufacturing default mode, will all resources but no logical partitionings, CoD or Service Focal point,etc.. For entry level server, we can use the Integrated Virtualization Manager.

13. What is the network critetia for dual HMC connection ?

Dual HMCs require two different private networks.

14. What is the default service processor IP address in Power-5 Machines ?

Eth0 - HMC1 - 192.168.2.147 / 255.255.255.0
Eth1 - HMC2 - 192.168.3.147 / 255.255.255.0

15. What is the default user id and password for accessing service processor ?

User id - admin
Password - admin

16. Do we need a HMC for p5 model servers ?

One HMC is mandatory for 590, 595 or 575.
Dual HMC are recommended.

17. Do we need private network for HMc connectivity for p5-595 ?

One private network is mandatory for p5 590,595 or 575.

18. Can we have IVM support multiple servers ?

One IVM allowed per server and it only manages partitions on one server.

19. What does FSP (Flexible Service Processor) has ?

FSP has
a. Operating System
b. UserIds / Passwords
c. Filesystem
d. Networking
e. Firewall
f. Webserver
g. ASMI
h. Firmware

20. What to do if you forgot the admin password for FSP ?

If you do not know the admin password, place a hardware call with IBM to get 'celogin'.

21. What to do if you forgot the HMC hostname/ipaddress for a long running LPAR ?

You can always get the HMC IPaddress from a LPAR if we have performed "handshake" with the HMC.

Issue the below command to get the HMC IPAddress

# lsrsrc IBM.ManagementServer
Resource Persistent Attributes for IBM.ManagementServer
resource 1:
Name = "169.121.54.48"
Hostname = "169.121.54.48"
ManagerType = "HMC"
LocalHostname = "169.121.54.59"
ClusterTM = "9078-160"
ClusterSNum = ""
ActivePeerDomain = ""
NodeNameList = {"SAP-PRodServer"}

22. One HMC should be within 8metres of Managed Server

23. Each FSP Ethernet port should be connected to only one HMC

AIX - Tips and Tricks - Part V

1. How to force a failover of an EtherChannel ?
# /usr/lib/methods/ethchan_config -f Etherchannel_Device

2. How to add a backup adapter to an existing etherchannel device ?
# /usr/lib/methods/ethchan_config -a -b Etherchannel_Device Ethernet_Adapter

3. How to change the address to ping attribute of an EtherChannel ?
# /usr/lib/methods/ethchan_config -c Etherchannel_Device netaddr New_Ping_IP_Addr

4. How to list the available major numbers in a system ?
# lvlstmajor

5. How to list the major number of a volume group ?
# lvgenmajor rootvg

6. Consider a situation where you have a VG in a PV. But you have not imported that.
Now you need to find a list of attributes of that volume group before importing/varyon it.
Answer the below questions :

a. How to list the maximum number of logical volumes allowed in the VG ?
# lqueryvg -p PVname -N

b. How to show the PP size ?
# lqueryvg -p PVname -s

c. How to show the number of free PPs in the VG ?
# lqueryvg -p PVname -F

d. How to show the current number of LVs in the VG ?
# lqueryvg -p PVname -n

e. How to list the current number of PVs in the VG ?
# lqueryvg -p PVname -c

f. How to list the total number of VGDAs for the VG ?
# lqueryvg -p PVname -D

g. How to list each LVID, LV name, state for each logical volume ?
# lqueryvg -p PVname -l

h. How to list each PVID, number of VGDAs and state for each PV in the VG ?
# lqueryvg -p PVname -P

i. How to list all the attributes with tags for the vG ?
# lqueryvg -p PVname -At

j. How to list the VGID from that physical volume ?
# lqueryvg -p PVname -v

7. How do you move a physical partition ( actually its just a data between PPs) ?
# lmigratepp -g VGID -p old_PVID -n old_PPNum -P new_PVID -N new_PPNum

8. How to retrive the VG name for a particular LV from ODM ?
# getlvodm -b LVID

9. How to retrive all configured PVs from ODM ?
# getlvodm -C

10. How to retrive the major number for a VGID from ODM ?
# getlvodm -d VGID

11. How to retrive the logical volume allocation characteristics for a LVID from ODM ?
# getlvodm -c LVID

12. How to retrive the free configured PVs from ODM ?
# getlvodm -F

13. How to retrive the strip size for a LVID from ODM ?
# getlvodm -F LVID

14. How to retrive the PV name for a PVID from ODM ?
# getlvodm -g PVID

15. How to retrive all VG names from the ODM ?
# getlvodm -h

16. How to retrive the VGID for a PVID from ODM ?
# getlvodm -j PVID

17. How to retrive the LVs and LVIDs for a VG name or VGID from ODM ?
# getlvodm -L VGDescriptor

18. How to retrive the LVID/LV Name for a LV Name or LVID from ODM ?
# getlvodm -l LVDescriptor

19. How to retrive the mount point for a LVID from ODM ?
# getlvodm -m LVID

20. How to retrive the stripe width for a LVID from ODM ?
# getlvodm -N LVID

21. How to retrive the PVID/PN name for a PV name or PVID from ODM ?
# getlvodm -p PVDesciptor

22. How to retrive the PV names, PVIDs and VGs of all configured PVs from ODM ?
# getlvodm -P

23. How to retrive the relocatable flag for a LVID from ODM ?
# getlvodm -r LVID

24. How to retrive the VG state for a VG from ODM ?
# getlvodm -s VGDescriptor

25. How to retrive the timestamp for a VG from ODM ?
# getlvodm -T VGDescriptor

26. How to retrive the VG name for a VGID from ODM ?
# getlvodm -t VGID

27. How to retrive the auto-on value for a VG name or VGID from ODM ?
# getlvodm -v VGDesciptor

28. How to retrive the VGID for a vG name ?
# getlvodm -v VGDesciptor

29. How to retrive the PV names and PVIDs for a VG from ODM ?
# getlvodm -w VGDesciptor

30. How to retrive the LV type ffor a LVID from ODM ?
# getlvodm -y LVID

31. How to retrive the concurrent capable flag for a VG from ODM ?
# getlvodm -X VGDescriptor

32. How to retrive the auto-on concurrent flag for a VG from ODM ?
# getlvodm -x VGDescriptor

33. How to display the contents of LVCB ?
# getlvcb -A LVName

34. How to list the number of copies of a LV from LVCB ?
# getlvcb -c LVName

35. How to list the file system name of a LV from LVCB ?
# getlvcb -f LVName

36. How to list the label of a LV from LVCB ?
# getlvcb -L LVName

37. How to display the type of the file system from LVCB ?
# getlvcb -t LVName

38. How to display the upper limit from LVCB ?
# getlvcb -u LVName

39. How to list the current defrag state of a file system ?
# defrag -q Filesystem

40. How to lsit the current and future (if degragmented) state of a file system ?
# degrag -r Filesystem

41. How to defragment a file system ?
# defrag Filesystem

42. How to run fsck on 2 filesystems simultaneously on different drives ?
# dfsck FileSystem1 FileSystem2

43. How to list the superblock, i-name map, disk map information for a file system ?
# dumpfs Filesystem

44. Where is the magic file located ?
/etc/magic

45. How do you remove a file system data from /etc/filesystems ?
# imfs -x -l LVName

46. How do you list inode, last update/modify/access timestamp of a file ?
# istat FileName

47. How do you update the i-node table and write buffered files to the hard disk ?
# sync

48. How do you list the filesystems in a volume group ?
# lsvgfs VGName

49. How do you redefine the set of PVs of a VG in the ODM ?
# redefinevg -d PVName VGName

50. How do you replace a PV in a VG ?
# replacepv SourcePV DestinationPV

HMC Tips VI - Reference Code

1. To list the current reference code for the managed system :

# lsrefcode -r sys -m Managed-System

2. To list last 10 reference codes for the managed system :

# lsrefcode -r sys -m Managed-System -n 10 

3. To list the reference code (Its called as LED in old pSeries servers) for each partition in the managed system :

# lsrefcode -r lpar -m Managed-System -F lpar_name,time_stamp,refcode

4. To list last 25 reference codes (led) for partitions lpar-a and lpar-b :

# lsrefcode -r lpar -m Managed-System -n 25 --filter ""lpar_names=lpar-a,lpar-b""

HMC Tips V - DLPAR Operations

To list the memory by system level :

# lshwres -r mem -m Managed-System --level sys

To list the memory by lpar level :

# lshwres -r mem -m Managed-System --level lpar

To list the processor / processing units by system level :

# lshwres -r proc -m Managed-System --level sys

To list the processor / processing units by lpar level :

# lshwres -r proc -m Managed-System --level lpar

To list the processor / processing units by pool level :

# lshwres -r proc -m Managed-System --level pool

To add 1GB of memory to an lpar dynamically :

# chhwres -r mem -m Managed-System -o a -p Lpar_name -q 1024

To remove 1GB of memory to an lpar dynamically :

# chhwres -r mem -m Managed-System -o r -p Lpar_name -q 1024

To move 1GB of memory from lpar_a to lpar_b dynamically :

# chhwres -r mem -m Managed-System -o m -p Lpar_a_name -t Lpar_b_name -q 1024

To add 1 dedicated cpu to an lpar dynamically :

# chhwres -r proc -m Managed-System -o a -p Lpar_name -procs 1

To remove 1 dedicated cpu to an lpar dynamically :

# chhwres -r proc -m Managed-System -o r -p Lpar_name -procs 1

To move 1 dedicated cpu from lpar_a to lpar_b dynamically :

# chhwres -r proc -m Managed-System -o m -p Lpar_a_name -t Lpar_b_name -procs 1

To add 0.5 processing unit to an lpar dynamically :

# chhwres -r proc -m Managed-System -o a -p Lpar_name -procunits 0.5

To remove 0.5 processing unit to an lpar dynamically :

# chhwres -r proc -m managed-System -o r -p lpar_name -procunits 0.5

To move 0.5 processing unit from lpar_a to lpar_b dynamically :

# chhwres -r proc -m managed-System -o m -p lpar_a_name -t lpar_b_name -procunits 0.5

To restore memory resources on a lpar based on its profile :

# rsthwres -r mem -m managed-System -p Lpar_name

To restore memory resources for all partitions in a managed system :

# rsthwres -r mem -m managed-System

To restore processing resources on a lpar based on its profile :

# rsthwres -r proc -m managed-System -p lpar_name

To restore processing resources for all partitions in a managed system :

# rsthwres -r proc -m managed-System

To restore physical I/O slots on a lpar based on its profile :

# rsthwres -r io -m managed-System -p lpar_name

To restore physical I/O slots for all partitions in a managed system :

# rsthwres -r io -m Managed-System

--- Rest In The Next Post ---

HMC Tips IV - Backup

1. To backup HMC data on DVD :

# bkconsdata -r dvd 

2. To backup HMC data to a ftp server :

# bkconsdata -r ftp -h ftp_server_name -u ftp_username --passwd ftp_password

3. To backup HMC data to a NFS mounted file system :

# bkconsdata -r nfs -n nfs_server_name -l Nfs_mount_point

4. To list storage media devices :

# lsmediadev

5. To backup profile data for a managed system :

# bkprofdata -m Managed-System -f File_name

Profile data files are kept under /var/hsc/profiles/Managed-Machine-Serial-Number

6. To restore a managed profile data :

# rstprofdata -m Managed-System -l restore_type -f File-Name

Valid restore types are

1 - Full restore from the backup file.

2 - Merge the current profile data and backup profile data, with priority to backup.

3 - Merge the current profile data and backup profile data, with priority to current data.

4 - Initialize the profile data. All partition, partition/system profiles will be deleted.

HMC Tips III - User Management

To list all users in a HMC
# lshmcusr

To list only user names and managed resource roles for all HMC users :
# lshmcusr -F name:resourcerole

To create a user :
# mkhmcusr -u User_Id -a ROLE -d DESCRIPTION --passwd PASSWORD -M PASSWD_EXPIRATION_DAYS

To remove a user :
# rmhmcusr -u USER_NAME

To change an hmc user's password :
# chhmcusr -u User_Name -t passwd -v New_Password

To change the task role for the user "user1" to hmcoperator :
# chhmcusr -r user1 -t taskrole -v hmcoperator

Some other task roles ->
hmcsuperadmin, hmcoperator, hmcviewer, hmcpe, hmcservicerep or a user defined task role

To list all managed resource objects :
# lsaccfg -t resource

To list all managed resource roles :
# lsaccfg -t resourcerole

To create a task role using a config file :
# mkaccfg -t resourcerole -f /tmp/fil1

To create a task role :
# mkaccfg -t taskrole -i "name=tr1,parent=hmcsuperadmin,"resources=cec:chcod+lscod+lshwres,lpar:chssyscfg+lssyscfg+mksyscfg""

To change a task role :
# chaccfg -t taskrole -i "name=tr1,"resources=cec:chhwres+chsysstate,lpar:chssyscfg+chled+chhwres""

To remove a task role :
# rmaccfg -t taskrole -n tr1

HMC Tips II - Partitions and Profiles

1. To list all machines configured in a hmc

# lssyscfg -r sys

2. To list all lpars(partitions) in a power machine

# lssyscfg -r lpar -m Managed_System

3. To activate/start an LPAR :

# chsysstate -r lpar -m Managed_System -o on -n LPAR_Name -f Profile_ name

4. To deactivate/shutdown an LPAR :

# chsysstate -r lpar -m Managed_System -o shutdown --immed -n LPAR_Name

5. To open the console of a partition :

# mkvterm -m Managed_System -p LPAR_Name

6. To close the console of a partition:

# rmvterm -m Managed_System -p LPAR_Name

7. To list the profile of a partition:

# lssyscfg -r prof -m Managed_System --filter "lpar_names=LPAR_Name,profile_names=Profile_Name"

8. To change the min/desired/maximum memory settings of a partition profile :

# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_mem=512,desired_mem=19456,max_mem=20480"

9. To change the min/desired/maximum processor units of a partition profile :

# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_proc_units=0.2,desired_proc_units=0.5,max_proc_units=2.0"

10. To change the min/desired/maximum virtual processor of a partition profile :

# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,min_procs=1,desired_procs=2,max_procs=6"

11. To change capped/uncapped setting in a partition profile :
# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,sharing_mode=uncap,uncap_weight=128"

Possible values for sharing_mode are cap and uncap.
Possible values for uncap_weight are from 0 to 128.

12. To change the name of a partition profile :

# chsyscfg -r prof -m Managed_System -i "name=Profile_Name,lpar_name=LPAR_Name,new_name=New_Profile_Name"

13. To change the name of a partition :

# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,new_name=New_LPAR_Name"

14. To change the default profile of a partition :

# chsyscfg -r lpar -m Managed_System -i "name=LPAR_Name,default_profile=Partition_Profile_Name"

15. To set "power off the machine after all partitions are shutdown" for a power machine :

# chsysscfg -r sys -m Managed_System -i "power_off_policy=0"

Possible values are

0 -> Power off after all partitions are shutdown
1 -> Do not power off after all partitions are shutdown

16. To rename a system profile :

# chsyscfg -r sysprof -m Managed_System -i "name=Sys_Prof_Name,new_name=New_Sys_Prof_Name"

17. To add 2 more partition profiles to a system profile :

# chsyscfg -r sysprof -m Managed_System -i "name=,"lpar_names+=partition3,partition4",
"profile_names+=profile3,profile4""


--- Rest in the next ---