AIX QuickStart

Main Page -> QuickSheets -> AIX QuickStart

AIX QuickStart

Version 1.0.0Date: 3/29/10

This document is written based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX.

Overview

Design Philosophy

• AIX is primarily a tool-managed Unix. While someUnices have a file-managed interface, AIX tends touse stanza files and ODM databases as data storesfor configuration options. This makes manyconfiguration options rather difficult or simplyimpossible with just a text editor. The AIXalternative is to leverage an expansive set ofspecialized tools for all configuration options.

• AIX is well integrated with System P hardware. Astypical with big-Unix implementations, AIX has atight integration with the hardware it runs on. Theresult of this integration is an OS that not onlyprovides extensive diagnosis and reporting ofhardware issues, but also is designed to exploitnumerous hardware features. IBM extends thisintegration even more by allowing AIX insight intothe virtualization layer with abilities like virtualprocessor folding.

• IBM tends to lead with hardware and follow with theOS. Major releases of the OS tend to coincide withnew hardware features and leverage thoseadvances in the hardware. While other Unices maytake a software-centric approach to a solution, IBMtends to rely upon all layers of the system to anend. One good example of this is the maturity anddepth of virtualization technologies that permeatethe System P product line.

• Commands in AIX generally follow a verb-nounsyntax. The verbs tend to be ls (list), mk (make), rm(remove), and ch (change). The nouns vary by thetarget area such as dev, fs, vg, and ps. Even manyof the odd-named variants follow a similar syntaxsuch as crfs, reducevg, and installp.

• Both System P hardware and AIX are heavily gearedtowards virtualization. AIX is practically apara-virtualized environment in how well it isintegrated with the System P virtualizationtechnologies. At the user level, all performance andmanagement commands have been modified toaccount for differences that occur in a virtualizedenvironment. Despite and because of thesechanges, a virtualized environment is virtuallyindistinguishable from a non-virtualizedenvironment to the user.

• AIX has a stable interface. While the managementtools and style of those tools has not changedwithin AIX for over a decade, the technologiessupported by AIX has grown considerably. This is asignificant feature of AIX in that it introduces newtechnologies within a consistent, approachable, andwell designed interface.

• The LVM integration with AIX is thorough andmature. From the install, management, andmaintenance every aspect of LVM design dovetailsinto other components of the OS, firmware, andhardware to create an unparalleled environment. Itis for this reason that AIX systems are more likely tobe SAN booted and less likely to have 3rd party LVMproducts layered on top than other Unices.

• A central focus of IBM design has been on RASfeatures. Particularly with Power 6 systems, IBM hasdesigned extensive error detection and recoveryinto the products. AIX is just one enablingcomponent to this end. All systems from CPU,memory, I/O busses, to system processes areconsidered and accounted for in this design.

Acronyms & Definitions

CoD - Capacity on Demand. The ability to addcompute capacity in the form of CPU or memory toa running system by simply activating it. Theresources must be pre-staged in the system prior touse and are (typically) turned on with an activation

MSPP - Multiple Shared Processor Pools. This is acapability introduced in Power 6 systems thatallows for more than one SPP.

NIM - Network Installation Management / NetworkInstall Manager (IBM documentation refers to both

AIX QuickStart http://www.tablespace.net/quicksheet/aix-quickstart.html

1 of 22 01/28/2013 10:57 AM

key. There are several different pricing models forCoD.

DLPAR - Dynamic Logical Partition. This was usedoriginally as a further clarification on the concept ofan LPAR as one that can have resourcesdynamically added or removed. The most popularusage is as a verb; ie: to DLPAR (add) resources toa partition.

HEA - Host Ethernet Adapter. The physical port of theIVE interface on some of the Power 6 systems. AHEA port can be added to a port group and sharedamongst LPARs or placed in promiscuous mode andused by a single LPAR. (See IVE)

HMC - Hardware Management Console. An "appliance"server that is used to manage Power 4, 5, and 6hardware. The primary purpose is to enable /control the virtualization technologies as well asprovide call-home functionality, remote consoleaccess, and gather operational data.

IVE - Integrated Virtual Ethernet. The capability toprovide virtualized Ethernet services to LPARswithout the need of VIOS. This functionality wasintroduced on several Power 6 systems.

IVM - Integrated Virtualization Manager. This is amanagement interface that installs on top of theVIOS software that provides much of the HMCfunctionality. It can be used instead of a HMC forsome systems. It is the only option for virtualizationmanagement on the blades as they cannot haveHMC connectivity.

LHEA - Logical Host Ethernet Adapter. The virtualinterface of a IVE in a client LPAR. Thesecommunicate via a HEA to the outside / physicalworld. (See IVE)

LPAR - Logical Partition. This is a collection of systemresources (CPU, Memory, I/O adapters) that canhost an operating system. To the operating systemthis collection of resources appears to be acomplete physical system. Some or all of theresources on a LPAR may be shared with otherLPARs in the physical system.

LV - Logical Volume. A collection of one or more LPs(Logical Partitions) in a VG (Volume Group) thatprovide storage for filesystems, journal logs, pagingspace, etc... See the LVM section for additionalinformation.

LVCB - Logical Volume Control Block. A LVM structure,traditionally within the LV, that contains metadatafor the LV. See the LVM section for additionalinformation.

MES - Miscellaneous Equipment Specification. This is achange order to a system, typically in the form ofan upgrade. A RPO MES is for Record Purposes Only.Both specify to IBM changes that are made to asystem.

expansions of the acronym.) NIM is a means toperform remote initial BOS installs, and managesoftware on groups of AIX systems.

ODM - Object Data Manager. A database andsupporting methods used for storing systemconfiguration data in AIX. See the ODM section foradditional information.

PP - Physical Partition. An LVM concept where a disk isdivided into evenly sized sections. These PPsections are the backing of LPs (Logical Partitions)that are used to build volumes in a volume group.See the LVM section for additional information.

PV - Physical Volume. A PV is an LVM term for anentire disk. One or more PVs are used to construct aVG (Volume Group). See the LVM section foradditional information.

PVID - Physical Volume IDentifier. A unique ID that isused to track disk devices on a system. This ID isused in conjunction with the ODM database todefine /dev directory entries. See the LVM sectionfor additional information.

SMIT - System Management Interface Tool. Anextensible X Window / curses interface toadministrative commands. See the SMIT section foradditional information.

SPOT - Shared Product Object Tree. This is an installedcopy of the /usr file system. It is used in a NIMenvironment as a NFS mounted resource to enableremote booting and installation.

SPP - Shared Processor Pool. This is an organizationalgrouping of CPU resources that allows caps andguaranteed allocations to be set for an entire groupof LPARs. Power 5 systems have a single SPP, Power6 systems can have multiple.

VG - Volume Group. A collection of one or more PVs(Physical Volumes) that have been divided into PPs(Physical Partitions) that are used to construct LVs(Logical Volumes). See the LVM section foradditional information.

VGDA - Volume Group Descriptor Area. This is a regionof each PV (Physical Volume) in a VG (VolumeGroup) that is reserved for metadata that is used todescribe and manage all resources in the VG. Seethe LVM section for additional information.

Disks, LVM, & Filesystems


2 of 22 01/28/2013 10:57 AM

Concepts

• LVM (Logical Volume Manager) is the ever-presentdisk and volume management framework for AIX.The level of integration is visible not only infileystem commands that understand theunderlying LVM, but in other, higher level,commands like the install and backup utilities thatcan optionally grow filesytems when necessary.

• Physical disks (hdisks) are placed under LVM controlby adding them to a VG (volume group). WithinLVM, these disks are referred to as PVs (PhysicalVolumes).

• Each PV in a VG contains a unique ID called a PVID.The PVID of a disk is used to track all disks in a VG,but also provides a device name independence thatmakes importing, exporting, and disk managementmuch simpler. Because the unique characteristics ofthe disk become the identifier, the device nameremains consistent but does not need to as(properly) renaming / reordering disks under LVMcontrol is of little consequence.

• Once a hdisk is placed into a VG it is divided into PP(Physical Partitions). PPs are then used to create LVs(Logical Volumes). An additional layer of abstractionis placed between an LV and a PP called a LP(Logical Partition) that allows for more than one PPto be used (i.e. mirrored) to back each portion of aLV.

A simplistic logical view of two PVs in a VG providing mirroredPPs for a LV.

• Several on-disk structures are responsible forholding all LVM information. The VGDA resides oneach disk and holds structural information such asthe member PVs. The VGSA also resides on eachdisk and contains status information on all memberdevices. The LVCB varies by VG type buttraditionally has resided in the first part of an LV(when it exists as a separate structure). In additionto the basic LVM commands that manage thesestructures, there are a number of lower level LVMcommands that accesses this metadata moredirectly.

• The first disk in a VG will have two copies of theVGDA, and a two disk VG will have one disk with a

• The ODM is central to managing off-disk LVMstructures and physical device to hdisk mappings.When a VG is created or imported this informationis added to the ODM as well as other system filessuch as /etc/filesystems.

• AIX LVM supports several versions of VGs that havebeen introduced over the lifetime of the product.The VG types are normal, big, and scalable. NormalVGs were the original creation and are more limitedthan the big or scalable types. The easiest way totell the type of an existing VG is to look at the MaxPV value for the VG (see example in the nextsection).

VG Type mkvgoption

MaxPV

MaxLV

MaxPP

Notes

Legacy 32 256 3512 Can be convertedto Big VG

Big -B 128 512 130048 LVCB data is storedin the head of thedata area in the LV

Scalable -S 1024 4096 2097152 Default LV and PPvalues are lowerand can beincreased to shownmaximums

• The default filesystem on AIX is JFS2. JFS2, and itpredecessor JFS, are both journaling filesystemsthat utilize the fundamental Unix filesystemstructures such as i-nodes, directory structures, andblock allocations. (Technically, JFS2 allocates blocksin groups called "extents".)

• JFS2 is not an implementation of UFS and expandsconsiderably over basic filesystem features withsuch capabilities as snapshots, dynamic i-nodeallocation, online growth, extended attributes, andencryption. AIX provides a layer of abstraction overall supported filesystems that map filesystemspecific structures to standard Unix filesystem toolsso that filesystems like JFS2 appear as animplementation of UFS.

• While most journaled Unix filesystemimplementations use inline logs (within thefilesystem structure), AIX tends to use a specialtype of LV that is created only to contain log data.The jfs(2)log LV can provide logging capability formore than one filesystem LV. The log type mustmatch the filesystem type. JFS2 can log to an inlinelog, but these implementations tend to be theexception to the rule.

• The default filesystems that are installed with AIX:

hd1 /home

hd2 /usr

hd3 /tmp

hd4 / root

hd5 BLV (Boot LogicalVolume)

hd6 Paging space


3 of 22 01/28/2013 10:57 AM

single VGDA and the other with two copies. Forthree disk and larger VGs, each disk has a singlecopy of the VGDA.

• The concept of quorum is achieved when > 50% ofthe copies of the VGSA/VGDAs are online. If quorumis lost then the VG can be taken offline.

• Quorum is problematic for two disk VGs because theloss of the two VGDA disk means a loss of the entireVG. In a mirrored configuration (a typical case fortwo-disk VGs) it is inappropriate to offline the VG fora single disk failure. For this reason, quorum rulescan be turned off in the case of a two disk mirroredVG.

hd8 JFS2 log

hd9var /var

hd10opt /opt

hd11admin /admin New in 6.1

livedump /var/adm/ras/livedump

New in 6.1 TL3

/proc procfs pseudofilesystem

Management

List all PVs in a system (along) with VG membershiplspv

List all LVs on PV hdisk6lspv -l hdisk6

List all imported VGslsvg

List all VGs that are imported and on-linelsvg -o››› The difference between lsvg and lsvg -o are

the imported VGs that are offline.List all LVs on VG vg01lsvg -l vg01

List all PVs in VG vg02lsvg -p vg02

List filesystems in a fstab-like formatlsfs

Get extended info about the /home filesystemlsfs -q /home

Create the datavg VG on hdisk1 with 64 MB PPsmkvg -y datavg -s 64 hdisk1

Create a 1 Gig LV on (previous) datavgmklv -t jfs2 -y datalv datavg 16

Create a log device on datavg VG using 1 PPmklv -t jfs2log -y datalog1 datavg 1

Format the log device created in previous examplelogform /dev/datalog1

Place a filesystem on the previously created datalvcrfs -v jfs2 -d datalv -m /data01 -A y››› A jfs2 log must exist in this VG and belogform(ed). (This was done in the previoussteps.) -m specifies the mount point for the fs,and -A y is a option to automatically mount(with mount -a).

Create a scalable VG called vg01 with two disksmkvg -S -y vg01 hdisk1 hdisk2

Create a FS using the VG as a parametercrfs -v jfs2 -g simplevg -m /data04 \ -A y -a size=100M››› The VG name here is "simplevg". A default LV

naming convention of fslvXX will be used. TheLV, and in this case log-LV, will be automaticallycreated.

Take the datavg VG offline

Find the file usage on the /var filesystemdu -smx /var

List users & PIDs with open files in /data04 mountfuser -xuc /data04

List all mounted filesystems in a factor of Gigabytesdf -g → (-m and -k are also available)

Find what PV the LV called datalv01 is onlslv -l datalv01››› The "COPIES" column relates the mirror

distribution of the PPs for each LP. (PPs shouldonly be listed in the first part of the COPIESsection. See the next example.) The "IN BAND"column tells how much of the used PPs in thisPV are used for this LV. The "DISTRIBUTION"column reports the number of PPs in eachregion of the PV. (The distribution is largelyirrelevant for most modern SAN applications.)

Create a LV with 3 copies in a VG with a single PVmklv -c 3 -s n -t jfs2 -y badlv badvg 4››› Note: This is an anti-example to demonstrate

how the COPIES column works. This LV violatesstrictness rules. The COPIES column from lslv-l badlv looks like: 004:004:004

Move a LV from hdisk4 to hdisk5migratepv -l datalv01 hdisk4 hdisk5

Move all LVs on hdisk1 to hdisk2migratepv hdisk1 hdisk2››› The migratepv command is an atomic

command in that it does not return untilcomplete. Mirroring / breaking LVs is analternative to explicitly migrating them. Seeadditional migratepv, mirrorvg, and mklvcopyexamples in this section.

Put a PVID on hdisk1chdev -l hdisk1 -a pv=yes››› PVIDs are automatically placed on a disk when

added to a VGRemove a PVID from a diskchdev -l hdisk1 -a pv=clear››› This will remove the PVID but not residual

VGDA and other data on the disk. dd can beused to scrub remaining data from the disk.The AIX install CD/DVD also provides a "scrub"


4 of 22 01/28/2013 10:57 AM

varyoffvg datavgVary-on the datavg VGvaryonvg datavg››› By default the import operation will vary-on the

VG. An explicit vary-on will be required forconcurrent volume groups that can be importedonto two (or more) systems at once, but onlyvaried-on on one system at a time.

Remove the datavg VG from the systemexportvg datavg

Import the VG on hdisk5 as datavgimportvg -y datavg hdisk5››› The VG in this example spans multiple disks,

but it is only necessary to specify a singlemember disk to the command. The LVM systemwill locate the other member disks from themetadata provided on the single disk provided.

Import a VG on a disk by PVID as datavgimportvg -y datavg 00cc34b205d347fc

Grow the /var filesystem by 1 Gigchfs -a size=+1G /var››› In each of the chfs grow filesystem examples,

AIX will automatically grow the underlying LV tothe appropriate size.

Grow the /var filesystem to 1 Gigchfs -a size=1G /var

List the maximum LPs for LV fslv00lslv fslv00 | grep MAX

Increase the maximum LPs for fslv00 LVchlv -x 2048 fslv00

Create a mirrored copy of fslv08mklvcopy -k -s y fslv08 2››› syncvg -l fslv08 must be run if the -k (sync

now) switch is not used for mklvcopy.Add hdisk3 and hdisk4 to the vg01 VGextendvg vg01 hdisk3 hdisk4

Mirror rootvg (on hdisk0) to hdisk1extendvg rootvg hdisk1mirrorvg -S rootvg hdisk1bosboot -ad hdisk0bosboot -ad hdisk1bootlist -m normal hdisk0 hdisk1››› The -S option to mirrorvg mirrors the VG in

the background. Running bosboot on hdisk0 isnot required - just thorough.

feature to (repeatedly) write patterns over dataon disks.

Move (migrate) VG vg02 from hdisk1 to hdisk2extendvg vg02 hdisk2migratepv hdisk1 hdisk2reducevg vg02 hdisk1››› Mirroring and then unmirroring is another

method to achieve this. See the next exampleMove (mirror) VG vg02 from hdisk1 to hdisk2extendvg vg02 hdisk2mirrorvg -c 2 vg02unmirrorvg vg02 hdisk1reducevg vg02 hdisk1››› In this example it is necessary to wait for the

mirrors to synchronize before breaking themirror. The mirrorvg command in this examplewill not complete until the mirror is established.The alternative is to mirror in the background,but then it is up to the administrator to insurethat the mirror process is complete.

Create a striped jfs2 partition on vg01mklv -C 2 -S 16K -t jfs2 -y vg01_lv01 \ vg01 400 hdisk1 hdisk2››› This creates a stripe width of 2 with a (total)

stripe size of 32K. This command will result inan upper bound of 2 (same as the stripe size)for the LV. If this LV is to be extended toanother two disks later, then the upper boundmust be changed to 4 or specified duringcreation. The VG in this example was a scalableVG.

Determine VG type of VG myvglsvg myvg | grep "MAX PVs"››› MAX PVs is 32 for normal, 128 for big, and 1024

for scalable VGs.Set the system to boot to the CDROM on next bootbootlist -m normal cd0 hdisk0 hdisk1››› The system will boot to one of the mirror pairs

(hdisk0 or hdisk1) if the boot from the CDROM does not work. This can be returned tonormal by repeating the command without cd0.

List the boot device for the next bootbootlist -m normal -o

◊ Command reference: lspv, lsvg, lslv, mkvg, mklv,reducevg, extendvg, mklvcopy, chvg, logform,lvmo, exportvg, importvg, varyonvg, varyoffvg,bosboot, bootlist, /etc/filesystems, crfs, chfs, lsfs,rmfs, mount, fuser, df, du

NFS

• Many of the NFS commands accept the -I, -B, or -Nswitches. These three switches are used to controlthe persistence of the command. -B is now andfuture boots, -I is future boot (but not now), and -Nis now (but not next boot). The -B option tends tobe the default. The following table relates howthese options modify the NFS commands:

List all exported file systemsshowmount -e←or→exportfs

Temporarily export the /varuna_nfs directoryexportfs -i -o rw,root=vishnu:varuna \ /varuna_nfs


5 of 22 01/28/2013 10:57 AM

Flag Now After Boot

-I√

-B√ √

-N√

• The NFS daemons are started out of /etc/inittabusing the /etc/rc.nfs script. The mknfs and rmnfscommands toggle the inittab entries and control ifthe NFS system starts.

• The "share" commands are provided forcompatibility with other Unices. The sharecommands are links to the exportfs command.

Enable NFS daemons now, and on next startmknfs

Disable NFS daemons now, and on next startrmnfs

See if NFS will start on bootlsitab rcnfs››› This command simply lists the rcnfs entry in/etc/inittab. If one exists (and is notcommented out) then the rc.nfs script will berun from inittab (and start NFS).

Start NFS daemons now, but not at next bootmknfs -N←or→startsrc -g nfs

List the status of the NFS serviceslssrc -g nfs

››› The root users on vishnu and varuna are givenroot access to this share. This export was usedto create a system WPAR called varuna on aLPAR called vishnu that can be found in theWPAR section below.

Export all entries in /etc/exportsexportfs -av

(Temporarily) unexport the /proj shareexportfs -u /proj

Permanently export the /proj sharemknfsexp -d /proj -t rw››› The -N, -I, and -B options are valid with this

command. Here, the -B is implied. If the NFSservices are not set to re-start on boot then thisexport will technically not be "permanent" asthe share, even though this entry is permanent,will not be enabled after next boot.

List clients of this host with share pointsshowmount -a

Add an entry to the /etc/filesystems filemknfsmnt -f /projects -d /proj \ -h mumbai -A -E››› Note that the -A and -E switches cannot be

stacked (-AE). -A specifies to mount on bootand -E specifies the intr mount option.

◊ Command reference: showmount, chnfs, mknfs,rmnfs, nfso, automount, chnfsexp, chnfsmnt,exportfs, lsnfsexp, lsnfsmnt, mknfsexp, mknfsmnt,rmnfsexp, rmnfsmnt, mount

Other

• The procfs is the single (default) pseudo fs.Interestingly, /proc is not used by commands likeps or topas but is used by commands like truss.Additional information on /proc can be found in theheader file <sys/procfs.h> and the /procInfoCenter page.

• A list of supported filesystems can be found in the/etc/vfs file.

• The cdromd daemon is used to automount CD / DVDmedia. It is not enabled by default. cdromd uses the/etc/cdromd.conf file to configure default optionsfor the cdX device such as the default mountdirectory.

• Paging spaces are specified in the /etc/swapspacesfile. The chps, mkps, rmps, and lsps commands areused to modify / view this file.

Find your CD/DVD ROMlsdev -Cc cdrom

List all paging spaceslsps -a

Grow the hd6 paging space by 4 LPschps -s 4 hd6››› The current LP count and LP/PP size can be

found using lslv hd6.

Mount DVD media in the DVD drivemount -v udfs -o ro /dev/cd0 /mnt

Mount CD media in the CD/DVD drivemount -rv cdrfs /dev/cd0 /mnt››› Both the cdrfs and udfs are different types as

defined in /etc/vfs, but both seem to work forAIX DVD media.

◊ Command reference: chps, lsps, rmps, swapoff,swapon, mount, umount, cdromd, cdeject,cdmount, cdcheck, cdumount, cdutil


6 of 22 01/28/2013 10:57 AM

Networking

Concepts

• Ethernet devices are entX devices while enX andetX devices represent different frame types thatrun on the underlying entX device. Typically the enX

device is what is plumbed on most networks andetX is not used.

• Attributes of the entX device are physical layerconnection settings such as speed and duplex aswell as driver settings such as transmit and receivequeue sizes. Attributes of the enX device areconfigurable items such as IP address, subnetmask, and some TCP/IP tunables.

• Like the enX device, the inet0 device is not aphysical device. It is a representation /management interface for the Internet (networking)subsystem. The hostname, routing info and TCP/IPconfiguration method are attributes of this device.

• Networking is typically started from /etc/rc.netusing the settings stored in the ODM (and not fromrc.tcpip). When started in this manner severalhelper commands are responsible for pulling theconfig from the ODM and configuring devices.Alternatively, /etc/rc.net can be configured touse ifconfig commands or /etc/rc.net can bebypassed completely and /etc/rc.bsdnet can beused instead. The setting that determines whichmethod (rc.net or rc.bsdnet) is used is stored asan attribute to the inet0 device. (The point here isnot necessarily to recommend the use thealternative methods but to point to where theoptions are set and where additional details on theprocess can be found.)

• AIX supports trunking (EtherChannel / 802.3ad),tagged VLANs (802.1q), Virtual IP addresses (VIPA),dead gateway detection (multiple defaultgateways), IP multippath routing, and networkadapter backup. The network adapter backup doesnot require EtherChannel but is part of the smittyEtherChannel setup section.

• The /etc/resolv.conf uses a traditional format,but can be managed via the namerslv and *namsvcommands. The /etc/netsvc.conf file is the AIXversion of the nsswitch.conf file in that itdetermines the service lookup order for nameservices.

• Hostname lookup order is determined using/etc/irs.conf, then /etc/netsvc.conf and finally$NSORDER. (The order of precedence is reverse -meaning, for example, a value set in $NSORDER willbe used over the other two methods.) Theirs.conf and $NSORDER methods are typically notused.

• Network related tunables can be set globally,per-interface, or per-socket connection. Most globaltunables are managed with the no command.Interface specific tunables are set on the entX orthe enX devices using the chdev command. AIX nowrecognizes a ISNO (Interface Specific NetworkOption) flag that overrides many of the globalsettings and uses the settings for each interfaceover those set globally. This is an important conceptas much application documentation still refers tothe global settings while the default is now to usethe local settings. ISNO can be determined fromquerying with the no command or looking atifconfig results. Examples of retrieving thedefaults, ranges, and current values as well assetting new values are shown in the next section.

• Settings for the HEA (Host Ethernet Adapter) are notalways set from the OS. Physical layer settings forthis device are typically set from the ASMI menus orfrom the HMC.

• Changes were made to the AIX 6.1 networktunables. The no command will list many tunablesas "restricted". IBM recommends against changinga restricted tunable from the default.

Management

• The assumption of this section is that rc.net / ODMis used for IP configuration. If the configuration isnot stored in the ODM and is configured via scriptthen many of these "temporary" commands couldbe used to persistently configure the IP settings.

• The following examples also assume the use of en0over et0.

List all Adapters in the systemlsdev -Cc adapter

List all interfaces in the systemlsdev -Cc if

Initial setup of an interface

To view the (current) route tablenetstat -r

To view the (persistent) route table from the ODMlsattr -EHl inet0 -a route

Add an entry for "rhodes" to the hosts filehostent -a 192.168.1.101 \ -h "rhodes.favorite.com rhodes"››› The hostent is a command for editing the/etc/hosts file. Most edits on this file are doneby hand. The hostent command is mentionedhere first for its potential use as a scriptingtool, but also as an example of the pervasivetool-managed nature of AIX.


7 of 22 01/28/2013 10:57 AM

mktcpip››› Note that mktcpip has an exceptional amount

of options. They are not listed here becausethis command is a prime example of when touse SMIT. See next item for more typical use.

Smitty interface to initial TCP/IP setupsmitty mktcpip››› This command is usually run once for a system

(typically in the post-install setup if run fromCD/DVD), additional changes can be donedirectly via the chdev command or via thesmitty configtcp menu screen.

Permanently set the hostnamechdev -l inet0 -a hostname=bombay

Temporarily add a default routeroute add default 192.168.1.1

Temporarily add an address to an interfaceifconfig en0 192.168.1.2 \ netmask 255.255.255.0

Temporarily add an alias to an interfaceifconfig en0 192.168.1.3 \ netmask 255.255.255.0 alias

To permanently add an IP address to en1chdev -l en1 -a netaddr=192.168.1.1 \ -a netmask=0xffffff00

Permanently add an alias to an interfacechdev -l en0 -a \ alias4=192.168.1.3,255.255.255.0

Remove a permanently added alias from an interfacechdev -l en0 -a \ delalias4=192.168.1.3,255.255.255.0

Remove all TCP/IP configuration from a hostrmtcpip

View the settings on inet0lsattr -El inet0››› This can be run for ent0 and en0 as well. These

settings are typically stored in the ODM objectrepository CuAt and are retrievable via odmget-q name=inet0 CuAt.

Determine if rc.bsdnet is used over rc.netlsattr -El inet0 -a bootup_option

Find actual (negotiated) speed, duplex, and linkentstat -d ent0››› The interface must be up (ifconfig en0 up)

for stats to be valid. The netstat -v ent0command gives similar results.

Set (desired) speed is found through the entX devicelsattr -El ent0 -a media_speed

Set the ent0 link to Gig full duplexchdev -l ent0 -a \ media_speed=1000_Full_Duplex -P››› Auto_Negotiation is another option (see the

next example).View all configurable options for speed and duplexlsattr -Rl ent0 -a media_speed

Find the MTU of an interfacenetstat -I en0

List all services represented by inetdlssrc -ls inetd

List all open, and in use TCP and UDP portsnetstat -anf inet

List all LISTENing TCP portsnetstat -na | grep LISTEN

Flush the netcd DNS cachenetcdctrl -t dns -e hosts -f

Get (long) statistics for the ent0 deviceentstat -d ent0←or→netstat -v ent0››› Remove the -d option from entstat for shorter

results. The output of entstat varies by devicetype. Virtual, physical, and IVE (LHEA) devicesall produce different results. Use caution andtest throughly when scripting this command.

List all network tunablesno -a

List all tunable settings in long formatno -L››› The "long" format is more readable as well as

displaying current, default, persistent, min andmax values.

Get a description of the use_isno tunableno -h use_isno››› These descriptions were expanded in AIX 6.1.

Additionally many will be listed as restrictedwhere they were not in previous versions.

Turn off Interface Specific Network Optionsno -p -o use_isno=0

• The following tcpdump examples are simplistic andlimited, an extended usage description for tcpdumpis beyond the scope of this document. The intent isto give a few easy examples that can be expandedto the users needs. Additional help with filterexpressions and command line options is availableon the tcpdump InfoCenter page. Also note thatwhile efforts have been made to account for linewraps in the printed version, these commandsremain un-wrapped for readability.

Watch all telnet packets from aachentcpdump -Nq 'host aachen and (port telnet)'››› -N gives short host names.

Watch connect requeststcpdump -q 'tcp[tcpflags] & tcp-syn != 0'››› -q gives abbreviated packet info.

Watch all connection requests to port 23tcpdump -q 'tcp[tcpflags] & tcp-syn != 0and port telnet'

◊ Command reference: mktcpip, rmtcpip, ifconfig,netcdctrl, no, tcpdump, chdev, lsattr, entstat,netstat, route, host, hostname


8 of 22 01/28/2013 10:57 AM

System Configuration & Management

Devices

• Physical device to /dev device representations aremapped via ODM database entries. Actual locationsof devices can be retrieved using the lscfg orlsdev commands. The mapping provided by theODM provides a persistent binding for devicenames across boots of the system.

• The mapping of physical devices to the logicaldevices in /dev is an automated process performedby the operating system. It is typically not requiredto move or otherwise re-order these devices. In ahighly dynamic environment where devices areadded and removed, it may be advantageous toclear previous instances of a device from the ODMand /dev directory.

• New devices are added to the system with thecfgmgr command. Logical instances of of devicescan be removed from the system via the rmdevcommand. rmdev simply tells the system to forgetthe device, so unless the physical device is actuallyremoved it will simply be found and re-createdwhen the cfgmgr command is run again (e.g. atnext boot).

• Device support requires that the appropriatepackages (drivers) are installed for each device.The default AIX install includes support for devicesnot on the system. If a device is newer or a minimalOS install was done then support may not beincluded for new devices. In this case the cfgmgrcommand will flag an error that an unsupporteddevice has been found.

• Device configuration options are stored in thepre-defined device databases of the ODM.Information about actual devices are stored in theconfigured device databases of the ODM. Theseconfigured options include instances and well asconfiguration options to the devices / drivers.

• The lsdev command is used to list devices in thepredefined and configured device (ODM) databases.The lscfg command is used to display VPD (VitalProduct Data) information about each device. Tofind all devices the system knows or has configuredat one time use the lsdev command. To search fora device by a specific type, class, parent device orother complex criteria use the lsdev command. Tofind the serial number or device specific identifier ofa device use the lscfg command.

List all devices on a systemlsdev››› lsdev queries the predefined or configured

databases using the -P and -C flagsrespectively. In this case the -C flag is implied.Addition of the -H option includes columnheader info.

Get device address of hdisk1getconf DISK_DEVNAME hdisk1←or→bootinfo -o hdisk1››› This is the same information available from

other commands, just not requiring greping orawking to retrieve this specific data. bootinfois not officially supported as an administrativecommand.

Get the size (in MB) of hdisk1getconf DISK_SIZE /dev/hdisk1←or→bootinfo -s hdisk1››› Note that a full path to the device is required

for the getconf version.Find the possible parent devices of hdisk0lsparent -Cl hdisk0››› This lists all devices that support that device

type, not the specific parent of this device. Seethe following lsdev examples for methods offinding parent devices.

List all child devices of scsi1lsdev -Cp scsi1

List all disks belonging to scsi1lsdev -Cc disk -p scsi1

Test if hdisk2 is a child device of scsi2lsdev -Cp scsi2 -l hdisk2››› This command will list all devices that meet the

criteria of being hdisk2 and belonging toscsi2. Either it will list a device or it will not.

Find the location of an Ethernet adapterlscfg -l ent1

Find device specific info of an Ethernet adapterlscfg -vl ent1››› One key piece of device specific info would be

the MAC address. This command works forHBAs and other addressed adapters. The *statcommands also tend to return addresses, oftenformatted in a more readable manner. See thenext example for an HBA / with the grepcommand to isolate the address.

Find the WWN of the fcs0 HBA adapterlscfg -vl fcs0 | grep Network

Get statistics and extended information on HBA fcs0fcstat fcs0››› Similar *stat commands exist for numerous

types of devices such as entstat, ibstat,tokstat, fddistat, etc..

List all MPIO paths for hdisk0lspath -l hdisk0

Temporarily change console output to /cons.outswcons /cons.out››› Use swcons to change back.

Find the slot of a PCI Ethernet adapter


9 of 22 01/28/2013 10:57 AM

List all disk devices on a systemlsdev -Cc disk››› See next example for a list of potential classes

as arguments to the -c option.List all customized device classeslsdev -Cr class››› Customized device classes mean that they

exist (or have existed) on the system. For a listof predefined devices (ones that AIX couldsupport) change the -C option for -P.

List locations of all hdisks in the systemlscfg -l 'hdisk*'››› This can be accomplished via the lsdev

command. The point here is to show the use ofwildcards in a lscfg option.

Remove hdisk5rmdev -dl hdisk5››› The -d option removes the configured device

entry from the ODM. Unless the device isphysically removed, cfgmgr will bring it back.

lsslot -c pci -l ent0››› The lsslot command is used to find cards that

are hot-swappable. Not all systems will supportthis command.

◊ Command reference: lsdev, lsparent, lscfg, lsattr,chdev, rmdev, cfgmgr, lscons, swcons, fcstat,entstat, ibstat, getconf getconf, lsslot, drslot

SMIT (System Management Interface Tool)

• SMIT is a system management tool that assists theadministrator with AIX utilities by providing an ASCII(curses) / X-Window GUI interface to those tools.SMIT provides pick lists and menus for commandline options to AIX tools. The interface is designedto aid with recognition of more obscure switches,provide additional security & accounting, andperform some validation on the input to thosecommands.

• The SMIT interface is not a monolithic binary, but anextensible framework of screens that relies uponunderlying OS commands to do the work. EachSMIT screen is stored as a collection of ODM objectsin SMIT specific object classes.

• Stepping through the complex menu system can beavoided by jumping directly to a screen when afastpath is specified when SMIT is invoked. Fastpaths are single word (no spaces) phrases thattypically are the command that will be run in thatscreen. The fast path for the current screen can bedetermined by using the F8 key while in thatscreen.

• Sample fastpaths:

mktcpip Initial TCP/IP setup

lvm Root of the LVM menus

mkuser Screen to add a user

pgsp Root of the paging space menus

_nfs Root of NFS menus

subserver inetd config

mpio Root screen for all MPIO operations

etherchannel Root of EtherChannel / 802.3ad memus

chgenet Configure paramaters on the ent device(s)

vlan Root of menus to manage VLANconfigurations

• SMIT can be invoked from the command line usingsmit or smitty. smit will start either the cursesbased version or the X Window version dependingupon the presence of the X Window system. smittywill always start the curses (tty) version.

• Additional information on customizing the SMITinterface can be found on the "Extending SMIT ForCommon Localized Tasks" page.

• Key sequences (for the curses version)

F3 (Esc-3) Exit current screen

F4 (Esc-4) Generate a pop-up list that can be chosenfrom

F6 (Esc-6) List the command that will be run

F5 (Esc-5) Reset the field to the original / default value

F8 (Esc-8) Show the fast-path tag for this screen

F10 (Esc-0) Exit SMIT

/phrase Search for phrase in a list

n Used to find the next occourence of thesearch phrase

Tab Used to alternatively select items from a"ring" (a short list).

• Symbols that denote field data requirements:

* This is a required field

# This field requires a numeric value

/ This field requires a path

X This field requires a hexadecimal number

? The data entered will not be displayed

+ Data can be retrieved from a list


10 of 22 01/28/2013 10:57 AM

mkvg Beginning screen to create a new VG

• SMIT will save a script of runnable commands in~/smit.script and ~/smit.transaction as wellas a log of commands run in ~/smit.log. Wheninvoked with the -x switch, SMIT will not run any ofthe commands but will write the commands itwould run to ~/smit.script and~/smit.transaction. (Note: With the -x switchSMIT will still run the discovery commands to buildlists and find default/existing values but not theaction commands.)

SRC

• The SRC (System Resource Controller) is a processmanager that is used to spawn, monitor, andcontrol services. Many of the standard Unixdaemons are managed via this interface on AIX.

• SRC does not have a persistent "service profile" andtherefore does not comprehend persistence beyondthe current boot. For this reason, it is necessary tofind where the service is started and add or removethe startsrc (service start) command there. Themost popular locations for this are rc.tcp andinittab.

• SRC controlled processes must be started andstopped via the SRC interface. If a SRC process diesor is killed the srcmstr daemon will re-spawn thatprocess and log an error to the system error log.

• The core process for SRC (srcmstr) is spawned from/etc/initttab. Services that run under SRCcontrol do not leave their process group (ie: have aPPID of 1), but instead, stay children of srcmstr.

List the status of the cdromd servicelssrc -s cdromd

List the status of inetd subserviceslssrc -l -s inetd

List the status of all members of the NFS grouplssrc -g nfs

Start the cdromd servicestartsrc -s cdromd››› There is not a persistent flag for the startsrc

command. For this service to automaticallystart on the next boot, a change must be madeto one of the system initialization files. In thiscase, an entry must be made in/etc/initttab.

Stop the cdromd servicestopsrc -s cdromd

Send a refresh request to the syslogd servicerefresh -s syslogd››› This would typically be communicated via a

HUP signal. Not all SRC controlled processesrespond to a refresh request and may require aHUP signal.

◊ Command reference: lssrc, startsrc, stopsrc, refresh,srcmstr

Performance / Kernel / Tuning

• The primary statistics provider for most basicperformance commands on AIX is the Perfstat API /kernel extension (See /usr/include/libperfstat.h.) This API supports most non-tracebased performance related tools.

• The trace-based tools (denoted by a "T" in the listbelow) utilize the trace facility. These tools generatesignificantly more detail than the perfstat basedtools. Unfortunately the level of detail provided bythese tools comes at the expense of performance.Caution should be used when running these toolson a production system.

• AIX 6.1 introduced probevue, a lightweight dynamictrace facility that provides trace-like insight but with

splat - [T] Simple Performance Lock AnalysisTool. Provides lock statistics. Must berun on a system booted with lock tracereporting enabled.

spray - Network load generation tool using aremote sprayd daemon. Requires theRPC daemon (rpc-sprayd) to beregistered.

svmon - Displays general to detailed reports ofVM usage on the system as a whole orfor individual processes.


11 of 22 01/28/2013 10:57 AM

a minimal performance impact. The probevuecommand utilizes scripts written in the Vuelanguage to define what events to capture data onand how to report that data. Additional informationcan be found on the ProbeVue page.

• With the introduction of Micro-partitions manycommands were modified both to account forperformance statistic gathering in the virtualizedenvironment as well as reporting virtual statistics.When WPARs were introduced many commandswere extended to report per-WPAR or WPAR specificstatistics. The WPAR specific options are typicallyenabled with the -@ switch. Commands in thefollowing list that support this option are markedwith the "@" symbol.

• The *o commands (vmo, schedo, no, nfso, raso,ioo, and lvmo) are used to view and set systemrelated tunables. Persistent tunables are saved in/etc/tunables/nextboot. Some persistenttunables are inserted in and set from the BLV(therefore they require that bosboot run to set thevalue for next boot.

• The following is a list of general and lower-levelsystem commands for performance anddiagnostics:

atmstat - Show statistics and device details forATM adapters

curt - [T@] CPU Utilization Reporting Tool. Atrace based tool for monitoring CPUactivity.

entstat - Show statistics and device details forEthernet adapters

fcstat - Show statistics and device details forFC HBAs

fddistat - Show statistics and device details forFDDI adapters

fileplace - Show fragmentation and block / fsusage for a file.

filemon - [T@] Generate a report of advanced /detailed disk statistics that highlightswhere I/O was generated and whatgenerated it.

gprof - Generate profiling statistics for abinary.

iostat - [@] Supports I/O statistics on multipledevice types, but used primarily as afirst line disk I/O statistic reporting tool.

ipcrm - [@] Remove IPC (InterProcessCommunication) semaphores, messagequeues, and shared memory segments

ipcs - [@] List IPC (InterProcessCommunication) semaphores, messagequeues, and shared memory segments

iptrace - Network packet tracing daemon.Results can be viewed with ipreport

tcpdump - Capture network packets. Packets canbe filtered by type, port, interface,address, or other criteria. Packets canbe captured with detail or in summary.See examples at the end of thenetworking examples section.

topas - topas is a curses-based, interactive,multi-area, general performancereporting tool. topas is often the firsttool used in a performance tuningexercise. New topas users may finduseful info on the local introduction totopas page.

tprof - [T@] A trace based profiling tool.

truss - Reports syscall, signals, and mostaspects of system interaction by aprocess.

uptime - Reports system uptime as well as 1, 5,and 15 minute system load averages.

vmstat - [@] Report statistics from the virtualmemory subsystem.

• Note: The examples section is not meant to becomprehensive or even well representative of theavailable options and performance monitoringmethods. The scope and design of this page doesnot allow for a full treatment of the performancetools. Each section requires a careful selection ofthe command examples and information that is ofuse. This section requires significantly moreabbreviation to fit in a reasonable space. The goalhas been to give a mix of some common examplesalong with some that are slightly atypical.

• Most iterative commands here use two secondintervals. This is done only to make them consistentwhen showing the iterative options.

List processes in ptree-like outputps -T1

List all file opens for the ls processtruss -topen ls

List all file opens for a running PIDtruss -topen -p 274676››› 274676 is simply a PID that was active on the

system when I created the example.List all open files for a running PIDprocfiles -n 274676

List all memory segments for a running PIDsvmon -P 274676

Get a filename for an inode from previous resultsncheck -i 1041 /dev/hd4››› Once again, this example is of a local (to this

system) inode value. In this case svmonreturned the inode and filesystem of the file -the actual filename was desired.

Enable advanced statistics gathering on VG datavglvmstat -v datavg -e


12 of 22 01/28/2013 10:57 AM

istat - A command line stat() tool. It givessimilar info to ls but in potentially morescriptable output.

kdb - An interactive user-space command forviewing kernel structures, memorylocations, tables, etc... from a runningsystem or a dump of the kernel.

lparstat - [@] Reports per-LPAR statistics -primarily memory and CPU utilization.Also reports virtualization-awarestatistics such as entitlementconsumption and hypervisor calls. TheWPAR flag on this command is -W not-@.

lvmstat - Reports I/O statistics on VG structures(as opposed to per-disk statistics).Statistics gathering must be enabledwith the -e switch before use.

mpstat - [@] Reports performance statisticssuch as interrupts, context switches,min/maj faults, system calls, andprocessor affinity.

netpmon - [T@] Reports detailed network, socket,and NFS related statistics over aninterval.

netstat - [@] Show networking status forTCP/UDP through physical layers.

pmcycles - A tool to measure actual CPU speed(presumably for CPUs that may go intopower save).

pprof - [T@] Reports detailed statistics onkernel threads.

probevue - Lightweight dynamic tracing tool thatutilizes the Vue language. AdditionalProbeVue resources are availablelocally on the ProbeVue page.

ps - [@] List processes

pstat - Show the contents of several systemtables from a core file or active kernel.

rmss - Tool to simulate a reduced memoryfootprint for an application. Runningthe LPAR with reduced memory may bea more popular alternative to thiscommand.

››› Use -e to enable, -d to disable.Monitor network throughput for ent0while [ 1 ] ; do entstat -r ent0 | grepBytes ; sleep 2 ; done››› First column is transmit and second is receive.

This is a non-curses based example, see thenext example for a topas based solution.

Monitor network throughput for all interfacestopas -E

Paging - in usesvmon -i 2››› The -i 2 parameter tells to iterate every two

seconds.Paging - activityvmstat 2

Show top-like CPU usage by processtopas -P

Show system wide CPU usagempstat 2

Get NFS server statisticswhile [ 1 ] ; do nfsstat -s ; sleep 2 ;done

Generate CPU loaddd if=/dev/random of=/dev/null

List I/O stats organized by adapteriostat -a 2

Get extended I/O stats on just two disksiostat -D hdisk0 hdisk1 2

List I/O stats by file systemiostat -F 2››› Not supported on 5.3

Show network statistics for interfacesnetstat 2

ODM

• The ODM (Object Data Manager) is a database storefor system information on AIX. The ODM is primarilyused for system items such as device instances andthe configuration options for those devices but mayalso be used for applications such as SMIT.

• The ODM is a collection of object classes (files) thatare primarily in /etc/objrepos but also stored in/usr/lib/objrepos, /usr/share/lib/objrepos

• Object classes are implemented as one or two filesdepending upon the data types used in thedefinition of the object class. The primary file hasthe same name as the object class. An optional fileending in .vc is used for variable length andmulti-byte nchar data. The ODM data files are notrecognized by the file command so I haveincluded a sample MAGIC for both file types.


13 of 22 01/28/2013 10:57 AM

and the BLV. The copy and/or location of the ODM touse is specified either by an application or theODMDIR / ODMPATH environmental variables. Forexample, the SMIT screens are stored in objectclasses in /usr/lib/objrepos but can be stored inan alternate ODM source.››› See the "Extending SMIT For Common Localized

Tasks" page for info on using an alternate ODMsource for SMIT.

• While applications can create object classesanywhere they wish, the system object classesprimarily exist in the three directories listed in theprevious point. This is done to separate data basedupon the type of filesystem it is in. Data that isspecific to a system is stored in /etc/objrepos.Platform specific data that can be shared acrosssystems (such as a network boot) is stored in/usr/lib/objrepos. Platform independent datathat can be share across systems is stored in/usr/share/lib/objrepos. One example of this isthe lpp object class that exists in all three locations.The lslpp -l will query each of these objectclasses and display each in its own group.

• The primary benefits of the ODM is that it storescomplex data, enforces data types on that data,and provides a rich API / set of command lineutilities to access it. The API supports locking thatinsures a view consistency that is not guaranteedwith flat files.

• When mapping ODM to database concepts, an ODMobject class is the equivalent of a database table,and is implemented as one or more files. An ODMobject would be a row in that table. An objectdescriptor would be the equivalent of a databasecolumn definition.

• The ODM supports relations in the form of the "link"data type. It does not allow for joins of the data, nordoes it enforce referential integrity during inserts.The ODM does not enforce a primary key,specifically the unique constraint of a key. For thisreason, it is possible to have duplicate objects in aobject class.

• ODM command line tools:

odmget Query data from an ODM object class.Specific queries are supported with the -qoption, but it is not possible to limit resultsto specific "columns" without using anothercommand like grep. If the query string isomitted, then all data will be returned. (Thisis an effecive way to back up the data fromthe object class.) The data will be returnedin the odmadd/odmget stanza format.

odmadd Insert data into an ODM object class. Thedata must be in the odmadd/odmget stanzaformat. Because null values are not allowed,all "columns" must be filled with appropriatedata.

odmchange Change data in an ODM object class. Aquery syntax allows the user to specify alimited set of objects (rows). The datachanged is specified in a odmadd/odmget

0 long 0x000dcfac ODM data file0 long 0x000caa1c ODM variable datafile

MAGIC entries for ODM files

• Many introductions to the ODM use typical databaseexamples to show how data is stored and retrieved.While this is useful for understanding the structureof an object class it is counter-productive in that itmasks what is really stored in the ODM. Anothermethod of learning the ODM is to use thetruss-query method. This means that you wrap acommand in truss (truss -topen) to capture thefile opens, then query the resulting object classesfor the data they contain.

• The ODM command line tools work on two differentformats of input/output from the object classes. Thestructure of the object classes are defined in asyntax that is very similar to a C struct. Actualobject data is structured in a stanza format.

class my_object_class { short descriptor1; short descriptor2; vchar text[1024];};

Example of odmcreate/odmshow struct. (Nonsensical tablewith two short int(eger)s and a string.)

CuAt: name = "inet0" attribute = "hostname" value = "mumbai" type = "R" generic = "DU" rep = "s" nls_index = 24

Example of odmadd/odmget stanza syntax. (Actual outputfrom a system.)

Steps to shrink an ODM object class called "Bloat"odmshow Bloat > Bloat.definitionodmget Bloat > Bloat.dataodmcreate Bloat.definitionodmadd Bloat.data››› odmshow saves the table definition. odmget

saves the table data. odmcreate re-creates thetable. odmadd restores the data. This is not apopular task on AIX. The example here is moreto relate the purposes of the commands andgive some insight into how they can be used.

Determine the ODM files opened by lsattrtruss -topen lsattr -El inet0

Query CuAt for the inet0 configodmget -o CuAt -q name=inet0

• The SMIT customization page has more ODM


14 of 22 01/28/2013 10:57 AM

stanza format. The stanza file does not needto be complete as only the descriptors(columns) present in the stanza file will bechanged in each matched object.

odmcreate Creates an ODM object class based upon anodmcreate/odmshow "struct" file. The ODMfile will be created in the default directory.Existing object classes with the same namewill be overwritten without warning.

odmdelete Will delete objects (rows) from an ODMobject class. The -q query syntax issupported to limit the objects deleted. If thequery is omitted, all items will be deleted.Selective delete operations can lead tobloated object class files.

odmdrop Deletes an entire ODM object class. Allobjects (rows) and the object class itself willbe deleted. All object class files are deleted.Future queries to this object class will fail.

odmshow Create a odmcreate/odmshow struct outputbased upon the description of the ODMobject class. The results will define eachdescriptor (column) in the object class(table) as well as have other data related tothe current contents of the object class incomment format. This output can be used tore-create an empty object class using theodmcreate command.

command examples.

◊ Command reference: odmget, odmadd, odmchange,odmcreate, odmdelete, odmdrop, odmshow

Software Management

• A fileset is the smallest manageable component inthe LPP (Licensed Program Product) hierarchy. Apackage is a collection of related filesets. An LPP isa group of packages that tend to fall within oneproduct type, such as "bos" - the base operatingsystem.

• Filesets are divided by what part of the system theyinstall to. This is either "root", "usr", or "share".These divisions are determined by install locationas well as platform dependence / independence.Use the lslpp -O flag with r, u, or s options to listfilesets from only one location. (Additionaldiscussion of this is found in the ODM section andthe three separate lpp ODM data stores - one foreach fileset install location.)

• Most administrators perform installs via the SMIT orNIM methods. SMIT is most popular for simpleone-off installs and smaller environments. Use ofinstallp directly from the command line issignificantly more complex than SMIT or NIM.

• The most popular SMIT fast paths areinstall_latest and update_all. The install fastpath requires that a package repository be specifiedon the first screen then presents the user with ascreen of install options to include the option tobrowse and select from the supplied repository.

• Bundles are simply formatted lists of packages to beinstalled as a unit. Bundle files are stored locally in/usr/sys/inst.data/sys_bundles and /usr/sys/inst.data/user_bundles. Bundles can beinstalled using the smitty easy_install

List all software packages on /dev/cd0installp -l -d /dev/cd0››› It is not necessary to explicitly mount/dev/cd0. The installp command will do itautomatically. None of the examples using/dev/cd0 (including SMIT) in this sectionrequire the explicit mounting of the CD/DVDROM.

List the software in the default repository locationinstallp -ld /usr/sys/inst.images

List all RPM packages on the systemrpm -qa

List all files in the installed gcc RPMrpm -ql gcc-4.2.0-3

List all filesets that are applied, and can be committedor rejectedinstallp -s

List packages on media in /dev/cd0gencopy -Ld /dev/cd0

Copy contents of CD to local directorygencopy -d /dev/cd0 -t /proj/instsrc \ -UX all

Copy contents of CD to default local directorygencopy -d /dev/cd0 -UX all

Download AIX 5.3 TL10 updates to local repositorysuma -x -a Action=Download \ -a RqType=TL -a RqName=5300-10››› The updates will be placed in the default local

repository in /usr/sys/inst.images.Install the mkinstallp toolinstallp -acgXYd /usr/sys/inst.images \


15 of 22 01/28/2013 10:57 AM

command.• Filesets can be installed in the applied or committed

states. Applied filesets retain previous versions andcan be rolled back to the previous version(rejected). The first version of a fileset installed ona system is always committed.

• SUMA (Service Update Management Assistant) is amethod to automate the retrieval of systemupdates from the Internet.

List all installed filesets separated by filesystem typelslpp -l

List all installed filesets with combined filesystem infolslpp -L››› Adding the -c option will make this output

scriptable in that it will be colon delimited. Seethe next example.

List just the filesets on a systemlslpp -Lc | cut -d : -f 2

List all files in the bos.mp64 filesetlslpp -f bos.mp64

List all files in the root part of bos.rte.shelllslpp -Or -f bos.rte.shell

List what known fileset provides kshwhich_fileset ksh

List the installed fileset that provides /usr/bin/kshlslpp -w /usr/bin/ksh››› *ksh* would have worked, but more results.

bos.adt.insttools››› The options are:-a Apply-c Commit-g Install prerequsites-X Extend filesystems if necessary-Y Agree to licenses-d <dir> Specify a sourcebos.adt.insttools pagkage to install

Backup the rootvgmksysb -eivX /mnt/bombay.mksysb››› The options are:-e Exclude files listed in /etc/exclude.rootvg-i Create an /image.data file-v List files as they are backed up-X Extend /tmp if necessary/mnt/bombay.mksysb The file to create

As this command will back up all mountedfilesystems in rootvg it is necessary to accountfor the potential size of this file. The root userhas a file size limit (fsize) and can betemporarily disabled with ulimit -funlimited

◊ Command reference: installp, inutoc, lslpp, emgr,gencopy, suma, mksysb

Users / Groups


16 of 22 01/28/2013 10:57 AM

• AIX users and groups have an administrativeattribute that determines who can make changes tothat user or group. Only the root user (or equivalentRBAC role) can modify a user or group that has theadmin attribute set. Regular, non-admin accounts,may be modified by members of the security group.Non-admin groups can have group administrators(that are not part of the security group) that canmodify the group members.

• The following is a table that represents how theadmin attribute of a user/group effects who canmodify that item:

adminattribute =

rootuser

securitygroup

users on thegroup adms list

user true Yes No N/A

false Yes Yes N/A

group true Yes No No

false Yes Yes Yes

• RBAC (Role Based ACcounting) is a naturalmaturation from using simple SUID/SGID binaries toa more granular method of granting privileges tousers to accomplish tasks. Legacy RBAC wasintroduced in AIX 4.2.1, and was upgraded toEnhanced RBAC in AIX 6.1. This document refers tothe Enhanced version of RBAC and only mentionsLegacy RBAC in contrast where appropriate.

• Legacy RBAC was a simplified method to divide roottasks into groups and give non-root users ability toperform those tasks. This was done with traditionalSUID/SGID applications that then checked to see ifthe user was assigned the privilege before the taskwas attempted. As a result, it required specializedbinaries that were potentially open to exploitbecause the processes they spawned still hadeffective root access. The benefit was the moregranular division of responsibilities that RBACpromises. Unfortunately, Legacy RBAC was notsufficient to change many administrator's minds onthe use of root for all tasks administrative.

• Enhanced RBAC does not rely upon SUID/SGIDapplications but instead allows for granularpermissions based upon the users role membershipand only the permissions required to complete thetask. The kernel only allows authorizations tonon-root users for very specific actions instead ofrelying on the application code to grant that access.

• A user is assigned a role that aligns with anadministrative task such as the ability to restart (orshutdown) the system. The role is a groupingmethod that defines all authorizations that arerequired to accomplish that type of task.Commands, files, and devices are added to priv*files that define what authorizations are required toperform that specific task or access that file /device. When a command is run, the requiredauthorizations are checked against theauthorizations assigned to roles for the user

Relationship between RBAC files.

Create an admin group called wfavorit with GID 501mkgroup -a id=501 wfavorit

List the attributes of the just-created group wfavoritlsgroup wfavorit

Create an admin user called wfavorit with UID 501mkuser -a id=501 shell=/usr/bin/ksh \home=/home/wfavorit pgrp=wfavorit \wfavorit

Set the password for user wfavorit (run as privilegeduser)pwdadm wfavorit ←or→ passwd wfavorit

Add wfavorit as member of the security groupchgrpmem -m + wfavorit security

Make a group with wfavorit as the adminmkgroup adms=wfavorit favorite

Make wfavorit an administrator of the proj groupchgrpmem -a + wfavorit proj

List all users on the systemlsuser -a ALL››› The -a switch lists specific attributes, but in

this case it is empty and only the user namesare displayed. See other lsuser examples inthis section for other uses of the -a switch.

List all admin users on the system


17 of 22 01/28/2013 10:57 AM

running the command. If the user lacks sufficientaccess then permission is denied.

• The following table lists the key configuration files inthe Enhanced RBAC system, the commands used toaccess/modify those files and what the files are for.

user.roles chusermkuserlsuser

Provides a mapping betweenexisting users and existingroles - both of which aredefined elsewhere.

roles chrolemkrolelsrolermrole

Defines roles as either a groupof authorizations or ofsub-roles.

authorizations mkauthchauthlsauthrmauth

Defines user createdauthorizations. Systemauthorizations are definedelsewhere.

privcmds setsecattrlssecattrrmsecattr

Lists all authorizations that arerequired for a command tocomplete its task.

privfiles setsecattrlssecattrrmsecattr

Lists all authorizations that arerequired to read or write to afile.

privdevs setsecattrlssecattrrmsecattr

Lists all authorizations that arerequired to read or write to adevice.

• The user environmental variables are stored in/etc/environment and /etc/security/environ.The variables set in /etc/environment are given toall users and processes while the settings in/etc/security/environ are per-user.

• User limits are set for login processes from the/etc/security/limits file. The chuser commandcan be used to modify this file.

• The default options for the mkuser command arestored in /usr/lib/security/mkuser.default.

• The /etc/security/passwd file is the shadowpassword file.

• The last command returns login information for thesystem (from the /var/adm/wtmp file. The/etc/security/lastlog file contains per-userinformation on each users login attempts.

lsuser -a admin ALL | grep =trueList attributes for user wfavorit in a stanza formatlsuser -f wfavorit

List login history for user wfavoritlast wfavorit

List the fsize ulimit for user wfavoritlsuser -a fsize wfavorit

Change the file size ulimit to unlimited for wfavoritchuser fsize=-1 wfavorit

List all groups and their IDslsgroup -a id ALL

List all members of the favorite groupchgrpmem favorite

◊ User / Group admin command reference: mkuser,chuser, rmuser, lsuser, pwdadm, mkgroup, chgroup,rmgroup, lsgroup, chgrpmem, usrck, grpck, pwdck

◊ RBAC command reference: setkst, chrole, mkrole,lsrole, rmrole, mkauth, chauth, lsauth, rmauth,ckauth, setsecattr, lssecattr, rmsecattr

◊ User command reference: users, w, who, whoami,whodo, id, chsh, passwd, setgroups, ulimit, setsenv,last, fifinger

Other

Boot Process

• The normal numbers represent what you see as thestep begins. The red numbers are error codes whenthat command / step fails. This is not a completelist of error codes. A more complete set can befound in Diagnostic Information for Multiple BusSystems.

Power on

Hardware initialization

Retrieve bootlist from NVRAM

Locate BLV and load into memory 20EE000B

cfgcon configures console c31

(cfgcon exit codes. c33 is assumed here) c32, c33, orc34

System hang detection is started c33

Graphical desktop is (optionally) started

savebase updates ODM copy on BLV 530

syncd & errdemon started

System LED is turned off

rm -f /etc/nologin


18 of 22 01/28/2013 10:57 AM

Kernel initializes and mounts RAM FS

Phase 1 (rc.boot 1)

RAM FS is resized

Logging begins

restbase copies ODM to RAM FS 548

cfgmgr configures base devices in ODM 510

bootinfo determines boot device 511,554

Phase 2 (rc.boot 2)

ipl_varyon varies on rootvg 551,552,554,556

fsck of / 517,555

mount of / 517,557

fsck & mount of /usr517,518

fsck & mount of /var 517,518

copycore, umount /var 517

swapon /dev/hd6 517

RAM FS version of ODM copied to/etc/objrepos

517

RAM FS version of /dev copied to disk 517

mount /var 517,518

Actual boot log written to (from RAM FSversion)

517

rc.boot 2 is finished 553

Kernel changes root from RAM FS to disk 553

Phase 3 553

Kernel invokes init from rootvg 553

init invokes rc.boot 3553

fsck & mount of /tmp 517,518

syncvg -v rootvg &517

Load streams modules 517

Configure secondary dump device 517

cfgmgr -p2 (Normal) or cfgmgr -p3(Service)

517, 521-529

Continued →

Start several optional services

log: "System initialization completed"

Phase 3 complete, init continuesprocessing inittab

• The previous boot process listing is for a normal diskboot. This will vary for network, tape, and CD boots.Read the contents of /sbin/rc.boot for specificson each boot device method and type (normal orservice).

• The boot order is stored in NVRAM. The settings areset and retrieved using the bootlist command.

• The BLV (Boot Logical Volume) is /dev/hd5. It iscreated / updated with the bosboot command.

• bosboot updates the boot record at the start of thedisk, copies the SOFTROS from /usr/lib/boot/aixmon.chrp, copies the bootexpand utility,copies the kernel from /unix, creates a copy of theRAM FS from the list of files in /usr/lib/boot/chrp.disk.proto, and creates a base ODM.

Layout of a bootable disk with hd5 shown.

• The kernel loaded from hd5 (the BLV) is the kernelthe system will run under for the entirety of theboot (until the system is shutdown or restarted). Forthis reason it is important to re-run bosboot everytime that the kernel is updated or some boot-timekernel options are set.

• This is an abbreviated list of boot codes. cfgmgr(alone) produces numerous display messages andpotential error codes, far more than is practical todisplay here.

◊ Command reference: bosboot, bootlist

Error Logging

• AIX has three error logging and reporting methods;alog, errlog, and syslog. The alog is an extensiblecollection of logs, but primarily is used for boot andconsole logging. errlog is used primarily for systemand hardware messages. syslog is the traditionallogging method.

• HMC managed systems will also have a log ofserviceable events relating to all systems on thatHMC.

• Both errpt and alog keep binary circular logs. Forthis reason, neither requires the rotation processthat is used for syslog logs.

• A curses based error log browser can be found

Write a message to the errlogerrlogger "This is not Solaris!"

Display the entire contents of the errlogerrpt››› Add -a or -A for varying levels of verbosity.

Clear all entries from the errlogerrclear 0

Clear all entries from the errlog up to 7 days agoerrclear 7

List info on error ID FE2DEE00errpt -aDj FE2DEE00››› The ID is from the IDENTIFIER column in errpt

output.


19 of 22 01/28/2013 10:57 AM

locally on the errbr page.• The AIX syslog.conf uses *.debug for all, not *.*• The following alog examples use the boot log as an

example. These examples are transferable to any ofthe other existing logs as well as those created inaddition to the AIX supplied logs.

List all logs alog knows aboutalog -L

Dump the contents of the boot log to stdoutalog -o -t boot

Send the current date to the boot logdate | alog -t boot

Increase the size of the boot log to twice the default.alog -C -t boot -s 8192››› Note: This changes the definition in the ODM,

the size will be applied the next time that thelog is re-created.

Clear the boot logrm /var/adm/ras/bootlogecho "boot log cleared on `date`" \ | alog -t boot

Find the current alog file size setting for the boot logodmget -q attribute="boot_logsize" \ SWservAt

Put a "tail" on the error logerrpt -c

List all errors that happened todayerrpt -s `date +%m%d0000%y`

List all errors on hdisk0errpt -N hdisk0

To list details about the error log/usr/lib/errdemon -l

To change the size of the error log to 2 MB/usr/lib/errdemon -s 2097152syslog.conf line to send all messages to a log file*.debug /var/log/messagessyslog.conf line to send all messages to error log*.debug errlog

◊ Command reference: alog, errpt, errlogger,errdemon, errclear

WPAR

• WPARs (Workload PARtitions) are an AIX 6.1 featurethat can be used to capture a process tree and lockit into its own environment. An AIX system can hostmultiple WPARs that each appear to be nearlyidentical to a regular system. All processes in theWPAR are subject to the environment of that WPARsuch as devices, filesystems, configurations, andnetworking unique to that WPAR.

• There are two types of WPARs, system andapplication. The key differences are that a systemWPAR begins at the init process while anapplication WPAR begins at the application processand the system WPAR has dedicated file systemswhile the application may not. System WPARs canbe "sparse" or "whole root" but it is the applicationWPAR that is most different from the othercontainer implementations.

• The hosting AIX system is called the "globalenvironment". The key differences in the globalenvironment is that it runs the kernel, owns thedevices, and can host WPARs. Significant effort hasbeen taken for the user environment of a WPAR tobe indistinguishable from the global environment.That said, the administrator needs to be aware ofwhat environment she is in to perform varioustasks.

• Because of the limited and contextually relevantadministrative environment of a WPAR, somecommands behave differently than others when runin a WPAR or the global environment. Generallyspeaking, the more lower level the command, the

Create the rudra WPAR with default optionsmkwpar -n rudra››› This command will pull the IP configuration for

ruda from DNS. Naturally, rudra must bedefined in DNS for the global environment tofind.

Start the rudra WPARstartwpar -v rudra

Log into the console of rudraclogin rudra -l root

Create indra WAPR with useful optionsmkwpar -A -n indra -r -s -v-A = Start automatically on system boot.-n name = Workload partition name.-r = Copy global network name resolution

configuration into the workload partition.-s = Start after creation.-v = Verbose mode.

Create a WPAR on a dedicated VGmkwpar -n varuna -A -g varuna_vg \ -r -s -v››› If a VG or other filesystem options are not

supplied then the filesystems for a systemWPAR will be created from LVs on the rootvg.This command uses a dedicated VG calledvaruna_vg. The /usr and /opt filesystems willstill be shared with the global WPAR andtherefore will still come from rootvg but willnot take any additional space. If the -l optionwas used in the above command then a new/usr and /opt would have been created for


20 of 22 01/28/2013 10:57 AM

more appropriate it is to run in the globalenvironment. One example of administration tasksmost appropriate for the global environment isdevice management commands. While a (system)WPAR has devices, the devices in a WPAR are muchdifferent than those in the global environment.

• WPARs are started from /etc/inittab with the/etc/rc.wpars script, using the configurationinformation in /etc/wpars/.

• By default, the root filesystems of sytem WPARs arecreated in /wpars/WPAR_name/. The filesystems arebrowsable by (properly permissioned) users of theglobal environment. Users in a WPAR cannot seefilesystems of other WPARs.

• By default the /usr, /opt, and /proc filesystems ofa system WPAR are shared with the globalenvironment via a read-only "namefs" vfs type.(/proc is mounted read-write in each of thenon-global WPARs.) As a result, software andupdates cannot be applied to these read-only WPARviews of the filesystems from the WPAR.Filesystems that are local to the WPAR (such as/home, /, /tmp, and /var) can be modified fromwithin the WPAR. Examples in this section show thedefault read-only and alternate options for thesefilesystems.

• Some options for system WPAR filesystems include:– Using a dedicated VG or external NFS mount for

WPAR filesystems. (Unless otherwise specified,system WPAR filesystems are created fromrootvg.)

– Using a single LV for all local filesystems. (Thedefault filesystem layout is similar to traditionalAIX installs in that it will be broken into multipleLVs / filesystems.)

– Creating a dedicated (local copy) of the /usr and/opt file systems. (In the default filesystem setup/home, /, /tmp, and /var are unique to the WPARwhile /usr and /opt are views on the actual filesystems in the global environment.)

– Creating additional filesystems dedicated to theWPAR. (This can take the form of a NFS mount or adedicated filesystem just for the WPAR.)

• A number of commands support a new -@ flag forWPAR related output. The required parameters andoutput of the -@ flag varies by command, and whatenvironment the command is run in (WPAR orglobal).

• A system WPAR is started and stopped much like aseparate OS with the startwpar and stopwparcommands. These act effectively as boot andshutdown operations. The shutdown will be themost familiar, while the boot operation issignificantly different from booting a system.Instead of bootstrapping the system from a disk,the WPAR startup process involves bringing onlineall the required filesystems, changing to that rootfilesystem / environment, and then picking up theboot process at init. (This is a simplistic treatment

this WPAR using the specified VG.Create an additional fs on dedicated VGcrfs -v jfs2 -g varuna_vg \ -m /wpars/varuna/data01 -u varuna \ -a size=100M››› This command is run from the global

environment. The mount point is within thevaruna root filesystem (/wpars/varuna) so thatit can be seen by the varuna WPAR. The -uvaruna option specifies this fs as part of thevaruna mount group so that it will be mountedwhen varuna starts.

Remove the varuna WPARrmwpar -s varuna››› -s stops it first, -p preserves the filesystems. (In

this case we delete the underlying filesystems.)Create a WPAR with mount optionsmkwpar -n varuna -r -s \ -M directory=/ vfs=nfs \ dev=/varuna_nfs host=shiva \ -M directory=/var vfs=directory \ -M directory=/home vfs=directory \ -M directory=/tmp vfs=directory \ -M directory=/usr vfs=directory \ -M directory=/opt vfs=directory››› The mkwpar command in this example uses a

remote NFS share to host the filesystems forthis system WPAR. It also specifies that each ofthe regular mount points will instead bedirectories and not mounts. The resulting WPARwill have only two mount points, one for the /filesystem and one for the /proc filesystem.The NFS mount in this example must be rootmountable by both the global environment andthe system WPAR. An example of the actual(but temporary) NFS share is given in the NFSsection above.

List all WPARs on the systemlswpar››› Default output will include Name, State, Type,

Hostname, and Directory. Valid types are S(System), A (Application) and C(Checkpointable).

Determine if you are in global WPARuname -W››› This command will print 0 to stdout and return

0 if in a global environment, and give non-zerovalues if in a system WPAR. Another method isto look for the wio0 device in lsdev output -wio0 only exists in a system WPAR.

List WPARs with (basic) network configurationlswpar -N

Change rudra WPAR to start on system bootchwpar -A rudra

List all processes in the indra WPAR from globalps -ef@ indra

List ports / connections for the global environmentnetstat -naf inet -@ Global››› Run in global environmnet.


21 of 22 01/28/2013 10:57 AM

of the process designed to illustrate the differencefrom a system boot of something like a LPAR in avirtualized environment.)

• Application WPARs are not started like a systemWPAR. It is more appropriate to describe them asbeing executed in a different context. ApplicationWPARs can see the global environment filesystemsand devices, they inherit everything not explicitlyset by the wparexec command. The large majorityof examples and discussion in this section refer tosystem WPARs.

• The Solaris implementation of containers offers acommand called zonename that tells what zone theuser is in. It works like the hostname commandwhen run from a zone but returns the word "global"when run from the global environment. AIX providesthe uname -W to tell if you are in a WPAR or not. Ihave included the logic (script) to create awparname command that tells if you are in a WPARas well as the hostname of the WPAR (like thezonename command).

#!/bin/sh

if (( `uname -W > /dev/null 2>&1` ))then echo "global"else hostnamefi

Sample source of wparname command.

Stop WPAR rudra from globalstopwpar -v rudra

Start apache in an application WPARwparexec -n varuna \ /usr/sbin/apachectl start &››› In this example varuna is defined in DNS.

Because the -h flag is not used, the hostnamewill default to the WPAR name, and will pull IPconfiguration from DNS for that host. Subnetmask, name resolution, and all other settingswill be inherited from the appropriate interfacein the Global environment.

◊ Command reference: mkwpar, chwpar, lswpar,rmwpar, startwpar, stopwpar, wparexec,rebootwpar, syncwpar, syncroot

About this QuickStart

Created by: William Favorite ([email protected])Updates at: http://www.tablespace.net/quicksheet/Disclaimer: This document is a guide and it includes no express warranties to the suitability, relevance, orcompatibility of its contents with any specific system. Research any and all commands that you inflict upon yourcommand line.Distribution:Copies of this document are free to redistribute as long as credit to the author and tablespace.net isretained in the printed and electronic versions.


22 of 22 01/28/2013 10:57 AM

AIX QuickStart

Documents

Transcript of AIX QuickStart