Monday, December 31, 2007

Comparing WPARs with LPARs

How do WPARs compare with LPARs?

As noted earlier, you do not need access to the HMC or IVM to create WPARs as you do for LPARs. WPARs are lightweight and quicker to install, because they share many of the file systems and resources of the global AIX system in which they reside. While using an LPAR requires you to install an entire operating system, creation of system WPARs only installs private copies of a few file systems, and application WPARs share even more of the global system's resources. As a result, a WPAR can be created in just a few minutes without installation media. Ongoing administration and maintenance of WPARs should be simpler—fewer AIX licenses might be required, and you don’t have to install fixes and updates on so many virtual systems. There is a command for synchronizing the filesets of a WPAR with the corresponding filesets on the global system, so you have the choice of propagating AIX fixes to WPARs or continuing to run with the current versions of system files.

While LPARs offer a significantly higher degree of workload isolation, WPARs might provide "good enough" isolation for your particular workloads, especially temporary ones such as development or test environments. Similarly, with LPARs, you can achieve a greater degree of control over the usage of resources—by allocating entire processors or precise fractions of processors to an LPAR, for example. With WPARs, you don’t have such fine control over resource allocations, but you can allocate target shares or percentages of CPU utilization to a WPAR (if have used the AIX Workload Manager, you will find the share and percentage resource allocation scheme familiar). Similar differences exist for the allocation of memory, number of processes, and other resources.

Using WPARs

Are you ready to create your first workload partition? All you need to get started is the capability to log in as the root user on an AIX 6 system—the official 6.1 product version is the most up-to-date but, if you happen to have downloaded an early copy during the Open Beta program, you can use that for basic WPAR operations.

Define a WPAR

Log in as root on your AIX 6 system, and run the following command: mkwpar –n mywpar

That is all you need to do to create a system WPAR whose name is mywpar. After pressing the Enter key, a long series of messages display on the console that look very similar to those you see during a typical AIX installation. After a few minutes, a message displays, followed by a command prompt indicating that the WPAR creation is complete. To verify that your WPAR was created, run the following command to list all defined WPARs: lswpar

Listing 1 displays a table showing the WPAR named mywpar that you just created. The D in the State field means the WPAR is Defined; it exists, but it has not been started. It has a type of S —that is, it’s a system WPAR, because the mkwpar command creates system WPARs by default. Also by default, the hostname is the same as the WPAR name, and the base directory for all the WPAR’s filesets is located at /wpars/.

Listing 1. lswpar command output
# lswpar
Name State Type Hostname Directory
mywpar D S mywpar /wpars/mywpar

To start your new WPAR and log in, run the following command: startwpar mywpar

Running the lswpar command again indicates that state of the WPAR changed from D to A (for Active).

You have not defined network information for this WPAR, so unless the name you picked for your WPAR already resolves to a valid network address, you probably won’t be able to do any kind of network login yet. Since you are still on the system console, do a console login to the new WPAR: clogin mywpar

The AIX welcome message and command prompt displays. You have created, started, and logged in to your first WPAR! Run the hostname command to confirm this.

From this point, you can run most AIX commands, define other users, and do most anything you would do with a full AIX system.

Once you have logged into the WPAR, there is one important point to remember: From the WPAR, you have no access to the global system or to any other WPAR. So some familiar commands or SMIT menus will not work as they usually do, or they might be missing altogether. For example, if you enter the hostname command, it returns the name of the WPAR and not the hostname of the global AIX system. So for now, let’s leave the WPAR, and return to the global AIX environment by typing the exit command. Then to stop the WPAR, just type: stopwpar mywpar

Using SMIT to change WPAR properties

How about using SMIT to define an IP address for the new WPAR? Of course, you can also do this using the command line, since SMIT is just a command processor. On the global AIX command line, type smit to display the initial SMIT menu. You’ll see a new menu choice, Workload Partition Administration.

After selecting Workload Partition Administration, you’ll see three choices: List All Workload Partitions
Administer SYSTEM Workload Partitions
Administer APPLICATION Workload Partitions

The first choice, List All Workload Partitions, executes the lswpar command to show all defined WPARs on your system. Choose Administer SYSTEM Workload Partitions to work with the WPAR you defined earlier. This selection displays the following sub-menu: List System Workload Partitions
Create a System Workload Partition or Specification File
Start / Stop / Reboot a System Workload Partition
System Workload Partition Software Maintenance
Change / Show System Workload Partition Characteristics
Remove a System Workload Partition
System Workload Partition Backup Manager

You do not need to create a WPAR, so select Change / Show System Workload Partition Characteristics, which results in the following submenu: Change / Show General Characteristics
Change / Show Network Interfaces
Change / Show File Systems

The first choice, Change / Show General Characteristics, displays an input panel that lets you view or change the basic WPAR properties, such as the WPAR name, hostname, start options, and more advanced settings, including resource controls and security settings. You set out to work with network settings, so select Change / Show Network Interfaces, which results in the following data entry fields: [Entry Fields]
* Workload Partition Name []
* Internet ADDRESS (dotted decimal) []
Network MASK []

Type or select the WPAR name in the Workload Partition Name field.
In the Network INTERFACE field press F4 or Esc+4 to show the list of available network interfaces. Select the one that you want to use, then enter a valid IP address and network mask in the remaining fields
If you plan to define a bunch of WPARs, you’ll need to secure in advance a group of available hostnames and IP addresses in your network.

After completing the panel for adding a network interface, you can start the WPAR, either by using SMIT menus, or issuing the startwpar command from the command line. After the WPAR has started, you should be able to log in remotely using telnet. Don’t forget to set a root password and any other security measures that you normally take when setting up a new AIX system. You might also want to add a line to the /etc/hosts file on the global system containing the hostname and IP address of the new WPAR.

Now that you can log in to your new system WPAR, either from the system console or remotely, you can do many of the things you would do with any new AIX system: create users, create new file systems, or install software. Regarding software installation, you might use NIM to perform network installs. Or, you can add a CD-ROM file system to the WPAR, which enables you to use a CD-ROM attached to the physical server to install software on the WPAR.

Creating and using application WPARs

Creating an application WPAR is similar to creating a system WPAR. However, instead of the mkwpar command, you use the wparexec command, which not only creates the WPAR, but it also starts the application inside it. As previously noted, an application WPAR only exists so long as the application process is running. Once the process terminates, the WPAR is stopped and cleaned up.

To create an (somewhat trivial) application WPAR named mywpar that will sleep for 100 seconds, enter the command: wparexec –n myappwpar /usr/bin/sleep 100 &

After pressing Enter, several messages display indicating that the WPAR is starting and that file systems are being mounted. If you type the lswpar command, the following displays: # lswpar
Name State Type Hostname Directory
myappwpar A A myappwpar /

This information indicates that a WPAR named myappwpar exists, that it is in an active state, and that it is an Application WPAR. After 100 seconds, a message displays that the system is shutting down all WPAR processes. Enter lswpar again to verify that the WPAR no longer exists.

WPAR Manager

IBM Workload Partitions Manager for AIX (WPAR Manager) is a platform management solution that provides a centralized point of control for managing workload partitions across a collection of managed systems running AIX 6.1. The managed systems might all be LPARs on a single physical server, or they might be located on multiple physical servers. Using WPAR Manager, you can monitor the health and status of multiple WPARs on multiple managed AIX systems. You can also perform all the basic WPAR life cycle operations—including create, view and manage properties, start, stop, and delete.

WPAR Manager also supports relocation of WPARs between systems in a collection of managed servers. WPAR Manager supports two kinds of relocation:

Manual relocation—This type of relocation is initiated by the user.
Policy-based relocation—This type of relocation is initiated by WPAR Manager in response to workload conditions defined in a relocation policy.

WPAR Manager is not part of AIX—it’s a separately purchased licensed program (Program number 5756-WPM). But, if you are working with an AIX 6 image that you downloaded during the Open Beta program, you might have the early version of WPAR Manager that was shipped with the beta. This article only touches on the main capabilities of WPAR Manager. A later article will present a more detailed description of how it works and how to use it.

Starting a WPAR & Logging WPAR

Starting a WPAR
This could not be simpler:

At the command line type "startwpar wp13"
At the WPAR Manager, select the WPAR in the defined state then Actions and start
Starting a WPAR takes only a few seconds

Logging into a WPAR
clogin WPAR_NAME

From the global area
WARNING any process started from a clogin will NOT survive a checkpoint and restart. This is regardless of any attempts to disconnect the processes created from the terminal session like UNIX daemon processes try to do.
Recommend - only ever use clogin to repair a broken network otherwise you risk forgetting and your important services halting on you first Relocate. Been there - it was mystifying, painful and wasted half a day.
See the example below:


Just as you would access a regular copy of AIX you ca
Personally, I use the excellent and freely available tool called PuTTY from my Windows XP based PC. Most of the screen captures here are taken from PuTTY.

Again just like a regular copy of AIX, VNC can be installed and used to gain graphical X Windows access to your machine.
I have not tried it personally, but I assume SSL and ssh will work fine too once set up.

WPAR views of the filesystems
# df - m

Filesystem MB blocks Free %Used %Iused Mounted O
ssc10:/nfs/wp03root 32768.00 32422.66 2% 24178 1% /
ssc10:/nfs/wp03home 32768.00 32422.66 2% 24178 1% /
/opt 96.00 2.05 98% 1863 71% /opt
/proc - - - - - -
ssc10:/nfs/wp03tmp 32768.00 32422.66 2% 24178 1% /tmp
/usr 1520.00 59.37 97% 32066 65% /usr
ssc10:/nfs/wp03var 32768.00 32422.66 2% 24178 1% /var

Here you can see the WPAR can only list the filesystems that it has - this is good for security. We can also see that the private filesystems (/, /home, /var and /tmp) are read/write but the file systems shared from the global AIX are read-only. This makes it very simple to make a tool or command available to all WPARs on the system - i.e. put the file in the global filesystem that is shared like /usr/local/bin and it becomes available to all WPARs.

WPAR view of the network
# ifconfig -a

en0: flags=5e080863,c0
inet netmask 0xffffff00 broadcast
tcp_sendspace 131072 tcp_recvspace 65536
lo0: flags=e08084b
inet netmask 0xff000000 broadcast
inet6 ::1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

Here you can see the the WPAR is only aware of this network connection and so it can't get access to the global network or the network of other WPAR. This is good for security.

Compare global and WPAR view of disks and paging space
lsps -a command can be executed from root as well as WPAR to get information of paging space of global paging space & WPAR global paging space.

Here we see that the global AIX as real disks and paging space but the WPAR has neither.
This can confuse some tools - how can a system run with no disks??? Well the WPAR does have filesystems but no direct access to the disks - this means a WPAR systems administrator can't create logical volumes nor filesystems. this is a two edged sword

The disk management must be done at the global AIX level and then a new filesystem added to a WPAR = OK we can live with that as the global AIX is in charge of real resources.
This stops WPAR system administrators from messing up the machine configuration.

From Global view
we can run
#topas --- to see global performance .
#topas -@ WPAR_NAME

Comparing AIX 6.1 WPAR to the global AIX

Lets take a look around a WPAR and compare it to the global AIX
What can we find out from the global AIX about the WPARs we already have?
List the WPARs with lswpar

WPARs called wp03 and wp05 are active system Workload Partiotion but wp09 is only defined it can be made Active by running the "startwpar wp09" command.


State A=active
State D=defined
State B=broken
State T=transitory i.e. changing state
Type A=Application WPAR
Type S=System WPAR
In this example all my WPAR are have simple names starting with "wp" and then two digits. This is, or course, not mandatory.

What is in /wpars ?
This is a new directory specifically for WPAR use in this we find:

One sub-directory for each WPAR and in this sub-directory we find:

If you have used AIX much you will recognize this as the regular files and directories of AIX because that is pretty much what you get with an WPAR.

When I check the disk space use of a WPAR on the NFS server I find a basic just installed WPAR is using:

I make that around 25MB in size - this is a very small overhead. Remember by default the big filesystems like /usr and /opt are shared with the global AIX. If you really need a writable /usr, for example, this is possible but then you need to find the extra disk space too. If you have an application that is normally, installed in these filesystems (generally regarded as a poor application) then you can install it in the global AIX and every sharing WPAR can access the files - this can reduce the workload of installing applications a great deal.

List the mount points
The global AIX has its own mount point and the mount points for the WPARs it is hosting:

Here we see the regular mount points of AIX: /, /usr, /var, /tmp, /home, /opt
and then for each of the active WPAR there are additional mounts as below

NFS mount for the read/write private filesystem: /, /home. /tmp and /var
remounts to make them read-only of: /opt and /user
More WPAR details with lswpar -L
This "lswpar -L " list all the attributes of the WPAR


General section - has the basic information and where the WPAR data can be found
Network section - has the IP address etc.
Filesystems - note some local read-only filesystems nd some read-write and private over NFS in this case
Resources like Workload Manager (WLM) which has been part of AIX for years and years - see for details of how these are used as the WPAR resource control is built on top of WLM. When a WPAR is started a WLM Class is automatically created.
Operation - this WPAR has not been moved
Security based on Role Based Access Control (RBAC) - not covered here see the AIX Security Redbook for more details
Export devices are various items that the WPAR has which are distinct form the global AIX for security and performance
In the global AIX we can find the following out about the network:

See the network aliases ( and 113) that are used to "piggy back" the real network card in the global AIX with IP address The top line with the IP Address is the IP Address that the global AIX uses the lines below are the network aliases used by the WPAR - one each. This also highlights that the global AIX and WPAR needs to be in the same sub-net

Creating a WPAR in AIX 6.1

You can create a WPAR in may ways:

Command mkwpar
AIX Smitty interface - the ever popular curses based AIX system admin tool
The new pconsole a replacement for the older WebSM
WPAR Manager GUI
Below we are going to use the command line because it is simple and straightforward.
If you use one of the other tools you have to support all the same information but it takes longer to type it all in and you can't cut'n'paste the next WPAR that you want to create. The command line is quite simple but there are options here too depending on what you want of your WPAR.

1 - Make the simplest possible WPAR
To make a simple WPAR with its file systems on the global AIX disks, just type the following:

mkwpar -n myfirstwparAll we have supplied is a WPAR name and this WPAR is not even on the network. We have to use a special command (clogin) to gain access to the WPAR from the global area. while very secure this is not very useful but shows that all the defaults can be taken. This mkwpar command takes a few minutes and does the following:

Creates the filesystems for the WPAR
Mounts the filesystems
copies over some files from the global AIX
Performance an install of AIX packages (much like what we see while installing AIX) to create the files in the WPAR private filesystems (/, /var, /home and /tmp) we don't need to rebuild the read-only filesystems).
The WPAR is prepared and made ready to run.
This takes about 3 to 4 minutes on my System p p550Q where my global LPAR is a Virtual I/O Server (VIOS) client so the disks are virtualized and actually on the VIOS. It also seems to be roughly the same regardless of local disk or NFS filesystems.

2 - Make local disk WPAR with a network.
We might as well put the WPAR straight on the network to save time. Simply add the -N options as you might expect. You will need to have a IP address and hostname allocated. We also need to supply the hostname with the -h option. Note: I name the WPAR after the hostname (i.e. wp13) - this makes life simpler but its not mandatory. Finally, the -r option means use the DNS setting of the global AIX for the WPAR - this saves time. In this example, we have assumed the global AIX is on just the one default network. If there was more than one we would need to specify which. We will explore how the WPAR gets network access later on.

mkwpar -n wp13 -h wp13 -N netmask= address= -rNote: Of course, replace the network IP addresses to suite your network - I just made these number up.

3 - Make NFS disk WPAR with a network - ready for Mobility/Relocation
If we want to move the WPAR between global AIX copies i.e. between LPARs or machines then we need to NFS mount the WPAR private filesystems. Assuming here that we have the NFS running and have made the NFS mount points available to this global AIX and to the WPAR hostnames (in this example wp13) then we use the following command.

mkwpar \
-n wp13 \
-h wp13 \
-N netmask= address= \
-r \
-c \
-M directory=/ vfs=nfs dev=/scratch/wp13root \
-M directory=/home vfs=nfs dev=/scratch/wp13home \
-M directory=/tmp vfs=nfs dev=/scratch/wp13tmp \
-M directory=/var vfs=nfs dev=/scratch/wp13varNote the extra options in this command:

-c means this WPAR is "checkpointable" which is used to in Live Application Mobility = Relocate to a different AIX.
-M there is one of these for each of the four private filesystems for the WPAR. Hopefully, it is clear in the example that we have the filesystem name (directory=), the connection(vfs=nfs) and there may be other ways of supporting the file system in the future, and the hostname and mount point of the NFS server.
This gives you a fully functioning relocatable WPAR and is the command I use to create new WPARs. I simply take an existing script containing this command and edit it to suit the next WPAR. You could make a more generic single script if you have time and things like the mount points are similar for each WPAR.

4 - As above but via a Spec File
An alternative way to create a WPAR is using a "spec file" which includes the options you want. The option you specify on the command like will over ride the file contents. You can ask the mkwpar command to save a spec file with the -o option the first time you run it or you can find the master copies in the /wpars directory. You can take a spec file of a current WPAR and change it for WPAR specific details and use that to create a new WPAR.

mkwpar -f my.specthe spec file looks like the one below:

name = "wp13"
preserve = "no"
hostname = "wp13"
checkpointable = "yes"
directory = "/wpars/wp13"
privateusr = "no"
devices = "/etc/wpars/devexports"

broadcast = ""
interface = "en0"
netmask = ""
address = ""

dev = "/scratch/wp13root"
mountopts = "bg,intr"
directory = "/"
vfs = "nfs"
host = ""

dev = "/scratch/wp13home"
mountopts = "bg,intr"
directory = "/home"
vfs = "nfs"
host = ""

dev = "/scratch/wp13tmp"
mountopts = "bg,intr"
directory = "/tmp"
vfs = "nfs"
host = ""

dev = "/scratch/wp13var"
mountopts = "bg,intr"
directory = "/var"
vfs = "nfs"
host = ""

dev = "/usr"
directory = "/usr"
vfs = "namefs"
mountopts = "ro"

dev = "/proc"
directory = "/proc"
vfs = "namefs"
mountopts = "rw"

dev = "/opt"
directory = "/opt"
vfs = "namefs"
mountopts = "ro"

secfile = "/etc/wpars/secattrs"5 - Creating with smitty
The "smitty wpar" command will take you to the smitty panels to control and create a WPAR.
If you have understood the above information requirements you should have no problem at all using smitty but I find filling in all the NFS mount points etc. a little tedious.

6 - Creating with WPAR Manager
The WPAR Manager allows two ways to create a WPAR:

The full Guided Activity - Create Workload Partition (take the link on the left had sidebar) which will take you through a series of panels for the various aspects of the WPAR and then create a WPAR for you
The simple quick Resource Views - Workload Partitions (the panel which shows the WPARs) and click on "New". this asks the bare minimum of info and creates a WPAR to which you can later add.
We will look at WPAR Manager further down this article.

Sunday, December 23, 2007

IBM System p 570 with POWER 6

* Advanced IBM POWER6™ processor cores for enhanced performance and reliability

* Building block architecture delivers flexible scalability and modular growth

* Advanced virtualization features facilitate highly efficient systems utilization

* Enhanced RAS features enable improved application availability

The IBM POWER6 processor-based System p™ 570 mid-range server delivers outstanding price/performance, mainframe-inspired reliability and availability features, flexible capacity upgrades and innovative virtualization technologies. This powerful 19-inch rack-mount system, which can handle up to 16 POWER6 cores, can be used for database and application serving, as well as server consolidation. The modular p570 is designed to continue the tradition of its predecessor, the IBM POWER5+™ processor-based System p5™ 570 server, for resource optimization, secure and dependable performance and the flexibility to change with business needs. Clients have the ability to upgrade their current p5-570 servers and know that their investment in IBM Power Architecture™ technology has again been rewarded.

The p570 is the first server designed with POWER6 processors, resulting in performance and price/performance advantages while ushering in a new era in the virtualization and availability of UNIX® and Linux® data centers. POWER6 processors can run 64-bit applications, while concurrently supporting 32-bit applications to enhance flexibility. They feature simultaneous multithreading,1 allowing two application “threads” to be run at the same time, which can significantly reduce the time to complete tasks.

The p570 system is more than an evolution of technology wrapped into a familiar package; it is the result of “thinking outside the box.” IBM’s modular symmetric multiprocessor (SMP) architecture means that the system is constructed using 4-core building blocks. This design allows clients to start with what they need and grow by adding additional building blocks, all without disruption to the base system.2 Optional Capacity on Demand features allow the activation of dormant processor power for times as short as one minute. Clients may start small and grow with systems designed for continuous application availability.

Specifically, the System p 570 server provides:

Common features Hardware summary

* 19-inch rack-mount packaging
* 2- to 16-core SMP design with building block architecture
* 64-bit 3.5, 4.2 or 4.7 GHz POWER6 processor cores
* Mainframe-inspired RAS features
* Dynamic LPAR support
* Advanced POWER Virtualization1 (option)
o IBM Micro-Partitioning™ (up to 160 micro-partitions)
o Shared processor pool
o Virtual I/O Server
o Partition Mobility2
* Up to 32 optional I/O drawers
* IBM HACMP™ software support for near continuous operation*
* Supported by AIX 5L (V5.2 or later) and Linux® distributions from Red Hat (RHEL 4 Update 5 or later) and SUSE Linux (SLES 10 SP1 or later) operating systems

* 4U 19-inch rack-mount packaging
* One to four building blocks
* Two, four, eight, 12 or 16 3.5 GHz, 4.2 GHz or 4.7 GHz 64-bit POWER6 processor cores
* L2 cache: 8 MB to 64 MB (2- to 16-core)
* L3 cache: 32 MB to 256 MB (2- to 16-core)
* 2 GB to 192 GB of 667 MHz buffered DDR2 or 16 GB to 384 GB of 533 MHz buffered DDR2 or 32 GB to 768 GB of 400 MHz buffered DDR2 memory3
* Four hot-plug, blind-swap PCI Express 8x and two hot-plug, blind-swap PCI-X DDR adapter slots per building block
* Six hot-swappable SAS disk bays per building block provide up to 7.2 TB of internal disk storage
* Optional I/O drawers may add up to an additional 188 PCI-X slots and up to 240 disk bays (72 TB additional)4
* One SAS disk controller per building block (internal)
* One integrated dual-port Gigabit Ethernet per building block standard; One quad-port Gigabit Ethernet per building block available as optional upgrade; One dual-port 10 Gigabit Ethernet per building block available as optional upgrade
* Two GX I/O expansion adapter slots
* One dual-port USB per building block
* Two HMC ports (maximum of two), two SPCN ports per building block
* One optional hot-plug media bay per building block
* Redundant service processor for multiple building block systems2

Wednesday, December 19, 2007

AIX pocket Survival guide

AIX Admin 101

PMR - Problem Management Record.
PTF - Program Temporary Fix eg Unnnnnn
APAR - Authorized Program Analysis Report, specific release of PTF. eg IYnnnnn, IXnnnnn
ML - Maintenance Level, grouping of APAR. eg 5300-04 is ML 4
SP - Service Pack (starting aix 5.3 ML 3) eg 5300-03-01 is SP 1 on ML3
TL -

Fileset - group of files, eg bos.adt.libm
VRMF - Version, Release, Modification/Maintenance level, and Fix.

A lot of the sys admin task in AIX can be done thru smit (or smitty for TUI version). It can accept a parameter to get to a specific menu section right away.

Here are some example:

smit mktcpip # configure network parameters
smit chfs # change file system, eg grow/extend it.
smit lsprt # list printers (don't list all, may need to go thru long menu)
smit installp # Add new software
smit update # add patches
smit update_all # automatic add patches to existing sw, no complain if patch is not relevant

smitty fastpath:

Action Prefix Device Abbreviation
------ ------ ------ ------------
(add) mk (printer) prt
(change) ch (tty) tty
(list) ls (pty) pty
(remove) rm (disk) dsk
(cdrom) cdr
(diskette) dskt
(tape) tpe
(adapter) adp

F3 or ESC, 3 Cancel, go back
F4 or ESC, 4 Provide list of items to choose from
F6 or ESC, 6 Show command that smit will actually run
F10 or ESC, 10 Exit smitty

Linux Affinity
AIX is affectionally known as It Ain't uniX. With version 5L that added Linux Affinity, it maybe called Ain't It linuX?
The linux toolkit does add lot of open source utilities for AIX, it even provides an rpm package manager to manipulate these open source tools. However, it is stuck in the past, circa 2002, and so many of the newer Linux updates are not available. For example, there is no rpmbuild but use the old rpm --recompile. There is no automatic patch to update the source codes from Source RPM. These deficiencies makes development in AIX extremely painful.

AIX Idiosyncrasies
If a file is held open by the OS with a running program, it will not allowed to be overwritten (think Windows). For example, /lib/security/NSS_LDAP and /usr/lib/netsvc/dynload/ are modules loaded by the authentication subsystem, and these files are locked and cannot be upgraded.

Initial System Setup
smitty assist # init os setup assistant to config basic system param.

/usr/sbin/install_assist # what get launched automatically after init install reboot

FS Layout
AIX uses a pretty good volume manager out of the box. Every FS can be expanded on the fly, so no special work is really needed on initial setup. If you use /home as NFS mounted home dir, you may wish to update /etc/filesystems so that the the local disk is mounted as /localhoome or something.

Bundle Install
AIX that comes with the machine often don't have all the desired software packages installed. It maybe good to add some bundles before releasing the machine for general use.

eg: Add the Application Development bundle ::
/usr/lib/instl/sm_inst installp_cmd -a -Q -d '/nfshome/sa/aix53/cd1' -b 'App-Dev' -f 'all' '-c' '-N' '-g' '-X' '-G'

Other bundles that can be installed are:
Kerberos_5 (Expansion Pack)
Mozilla (AIX Toolbox for Linux Applications, Mozilla CD)
Note that not everything is in the first CD. Time for IBM to get with DVD media, no? :)

See also Config Files

When upgrading an older machine to new version of AIX, be sure to check the AIX release notes to ensure the machine in question is still supported, and whether any firmware update maybe needed.

RS/6000 / pSeries machine firmware is typically updated when AIX is still running. Many older machines does not support firmware update in SMS. Old hardware or firmware have tendency to crap out in a boot process giving error 20EE000B (unable to find boot device), even when boot from the CD for the initial install works fine. The saving grace is that one can boot and reinstall the old OS should machine become unbootable.

# show firmware version, sample output included
# the last 6 digit of the firmware is a date code YYMMDD
lscfg -vp | grep -p Platform

Platform Firmware:
ROM Level.(alterable).......3R040323
System Info Specific.(YL)...U0.1-P1/Y1
Physical Location: U0.1-P1/Y1

# copy new firmware from CDROM into a new dir /tmp/fwupdate
# inside the microcode dir in the CDROM are subdir for each machine type
# refer to the doc inside this dir for full details on firware upgrade.
cp /mnt/cdrom/microcode/... /tmp/fwupdate

# run checksum on the firmware image.
sum vvYYMMDD.img

# perform the update, it will reboot the machine automatically when done
cd /usr/lpp/diagnostics/bin
./update_flash -f /tmp/fwupdate/3R041029.img

Boot Time Troubleshooting

RC scripts executed at startup:

same as solaris, Snn--- script, but there is nothing in here from basic OS.
normal run level is 2. Placed S74autofs and S89sshd in rc2.d .
/etc/rc.d/rc script is the one that source all the rcN.d,
but this script doesn't seems to exist by default,
had to be copied from another 4.3.3 machine and then it was fine.
For some unknown reason, init script for AIX 5.3 doesn't seems to run
correctly!! (eg, opensshd script will create log, but fail to start)

AIX default system config is to have a few named rc scripts,
they are all started by init as per /etc/inittab:
/etc/rc.tcpip # tcp config, but could not start sshd from here at boot, so placed in rc2.d/S89sshd.
/etc/rc.nfs # includes NIS, rcp
/etc/rc.emcpower # emc added their own startup script here, which is called form /etc/inittab.

Single User/Maintenance Mode
For servers with Service Processor:
Power off machine
Navigate the Service Processor menu (avail only when machine is off, from serial console):
go to (2) system power control menu
go to (7) Boot Mode Menu (some system list it as AIX/Linux mode config)
go to (2) Service Mode boot from Saved List (to enable Maintenance Mode, diff than SMS mode).
Power on machine.
Kernel will boot, then ask which options to boot to, choose single user mode (maintenance mode has less capability).

To install new OS to system, change system to get into System Management Service (SMS) mode. Then choose to boot from cdrom (first CD for OS install).

A note about the old desktop machines (eg 43P-140 604e-332 PowerPC 760):
When machine first boot, it will display various number on the various terminal.
eg. 0 for ASCII console (dumb terminal), 1 on first graphics video, 2 on second graphics video.
Press the number corresponding to the video that you wish to use.
This setting is "memorized" by the system, prompt again only when a there is hardware config change.
To get into the graphical System Management Service (SMS) mode, press F1 as soon as the double beep "dirip-dirip" chirps happens (and the keyboard icons is displayed).
You better be quick, do it before the long chime of the speaker test happens (the fifth/last icon in startup: speaker icon).
If using ASCII console, F-keys are simulated via ESC+Number keys. The graphical icons won't appear, but the equivalent text will be displayed progressively across the screen:

memory keyboard network scsi speaker

Pressing F8 will go to the open firmware OK prompt. There are only a few commands accepted:

boot [DEVICE]

boot disk will do a normal boot from hard drive. This is the default action if open firmware is not explicitly invoked.
boot cd will boot from the cdrom and run the installer program, whereby it will prompt for install config info.
There is also option to get into maintenance mode (?? It is NOT boot -s !!)
More info about open firmware: IEEE 1275.
SMS has entry to define boot device scan sequence, which is based on SCSI (lowest ID first). However, actual boot is according to Open Firmware boot command, so which device is booted depends on what the alias for disk is defined as. In summary, ignore the SCSI id boot sequence in SMS.

Some system require pressing F5 instead of F1 to get into SMS mode. If you are lucky, some will display what key to press to get into what mode right before the hardware scan progress, eg:

1 = SMS Menu 5 = Default Boot List
6 = Stored Boot List 8 = Open Firmware Prompt

IBM RS/6000 hardware is pretty finiky and OS support may not be available for some machines. AIX 5.2 will no support any machines with ISA bus. Some 43P have such bus and thus can only run AIX 5.1 as latest OS. Other 43P that don't have ISA bus can run the newer AIX. If you wish to install Linux, expect even more finickyness, as there are lot of small modifications between motherboards of different serial numbers. Linux may run on one 43P, but not another that looks the same. ie: don't install Linux on these putters!
Random Daily Sys Admin Tasks

See if system has ASync IO feature installed:

lslpp -l | grep -i asyn # list bos.rte.aio package installation
lppchk -c # check to ensure all fileset are installed correctly
lsdev -C -t aio # list whether async io is avail as device
smitty chgaio # smit interface to activate aio, reboot req.


smitty chtz # change timezone info
# /etc/environments TZ=PST8PDT
date -u # display internal system clock (in CUT/GMT).
# reboot was recomended, but all future login will see
# corect TZ. cron and stuff may not update till reboot.


AIX WebSM, default port is 9090 (/etc/services)
To disable, use /usr/websm/bin/wsmserver -disable; -enable will re-enable it.

HTTP server, started in /etc/inittab !
So it will respawn if it is just killed, edit inittab to free up port 80!

EMC navisphere agent also started in inittab, I guess it is the AIX way.
it calls /etc/rc.agent


ibm option number for universal (oem) cabinet rack mount rail part. OEM means 3rd party cabinet. IBM cabinet rails are fixed length!
p5 9113-550 :: 7162 IBM/OEM RACK-MOUNT DR.RAIL KIT 1 168.00

p5 510 :: 7166 IBM/OEM RACK-MOUNT DR.RAIL KIT 1 150.00

Disk/Volume Management/Filesystem
AIX has probably the most admin-friendly Logical Volume Manager and Filesystem of all the major Unices out there. It use a single LVM for every FS. Every FS is extendable online without the need to unmount. It does have lot of commands that are needed to manipulate the system though. But if you just need to get more space on a given FS/partition, just use smit chfs.
TLA name eg sample cmd
--- ------------- ------------------------ --------------
PP physical part
LP logical part

PV physical vol hdisk0 hdisk1 lspv
VG volume group rootvg appvg lsvg mkvg extendvg
LV logical vol /dev/hd0 /dev/hd9var lslv mklv
FS filesystem / /var lsfs mount

hdiskN are physical hard drives (or RAID device?)
/dev/hdN are FS level mountable device, these are created by the LVM.
/dev/hdN are subcomponents of VG such as rootvg.

smit vg # display and set logical volume group info

lsdev -Cc adapter # list many adapters, include fc, scsi, ide, pci, LPAR virtual, usb, graphics
lsdev -Cc disk # list hard disks. eg hdisk0 hdisk1
rmdev -dl hdisk2 # remove a named disk from config, often needed when san disk has been
# changed on the storage server side. after rm, rescan the bus.

lsvg # list all VG present in system
lsvg rootvg # VG space usage and free, PP size, etc
lsvg -l rootvg # list LP content of rootvg
lsvg -p rootvg # list PP used and free for a VG
# when LV/FS need to be extended.

extendvg -f rootvg hdisk8 # allocate physical hd to VG rootvg
smitty vg # smitty for Vol Grp, allow remove vg

mklv -y'appvol00' appvg 1 # create logical volume (after volume group defined via mkvg)
# if -y is not given, a generic volume name will be assigned.
# This step isn't strictly needed, mkfs will create generic vol as needed.
mkvg -f -y'appvg' hdisk2 hdisk3 # create a VG appvg from 2 physical hd
mkvg # original Vol Grp (Max 32 PV, 255 LV)
mkvg -B # Big Volume Group (Max 128 PV, 512 LV, 4.3.1+)
mkvg -S # Scalable Vol Group (Max 1024 PV, 256 LV, 5.2+)

smit fs # best to use smit to create a fs, many parameters.
# it typically call cffs -v jfs2

reorgvg # reorganize PP w/in vol grp

lsfs # list fs on machine, kinda like mount,
# diff output, only list fs in /etc/filesystems.

chfs -a size=+1 /dev/hd2 # grow a file system, size mult of 512 bytes, but
# always rounded up to integer number of PP
# 8 mb, 64 mb, etc (see lsvg rootvg pp size)
# to add 256mb, use size=+524288
# 256 * 1024*1024 / 512 = 524288 blocks
# ie, use size val of [ X MB * 2048 (constant) ]
chfs -a size=+1 /tmp # /dev/hd2 can be substituted by the fs mount pt.
smitty chfs # will see SIZE for more accurate resizing.
# count is # of 512 bytes block,
# value is absolute num only.
# Can also strink fs while mounted (at least tested in 5.3)

lslv hd1 # info of LV hd1 (find from mount
# what fs it belongs to).

cplv # copy LV
chlv # change LV,
# cplv + chlv = move Log Vol b/w Vol Grp.

lspv # list PVID (physical volume id) and vg on disk
lspv -l hdisk0 # list what fs are on a given disk
# good to check to ensure fs does not span more
# than one disk unecessarily, to reduce disk
# crash damage.

migratepv -l LVname oldPV newPV # move a fs w/in same vol grp, but diff hd. eg
migratepv -l paging00 hdisk1 hdisk2 # migrate pagin, can take a while!

varyonvg VGname # vary on a vol grp, needed before VG is accessible,
# typically automatica with most commands now
varyoffvg VGname # vary off, ie, make vol grp offline.

exportvg VGname # disociate /etc/filesystems etc from the computer,
# making the VG available for mount by another computer
importvg -y VGname hdiskN # reimport the VG. Remember the vary cmd.

lqueryvg -p hdisk0 -v # Determine the VG ID# on hdisk0
lqueryvg -p hdisk0 -L # Show all the LV ID#/names in the VG on hdisk0
lqueryvg -p hdisk0 -P # Show all the PV ID# that reside in the VG on hdisk0

getlvodm -u rootvg # Determine if ODM and VGDA data are correct (in sync)

chvg -u rootvg # unlick rootvg (maybe locked during crash, ODM problems)
getlvodm/putlvodm # disk ODM repair related.

smitty mklvcopy # smitty fastPath for making mirrors
# work on each logical volume, eg hd1
# Lot of menu options then, but don't like it much,
# not obvious how to make 2 disk mirror identically.
# maybe one don't have to, as it will be mapped blocks anyway
# not like solaris that match cylinder allocation, but solaris maybe more resilient
# aix wants to find where to place vol (center of disk, etc).
# Maybe multiple copies of a logical vol inside same volume group (and potnetially
# same disk!
# aix book p 210

mirrorvg rootvg # mirror whole volume group, simple one command does it.
# aix book p 202

istat /opt # show inode status

ipl_varyon -i # Determine which disk(PV) is the boot drive

Other ref: Advanced Horizons AIX File Info

swap / paging

/etc/swpaspaces # config file
swapon -a # activate all swap spaces
swapon /dev/paging00 # activate additional device
swapoff /dev/paging00 # deactivate

chps -s16 hd6 # change attrib of paging space
# add 16 PP to existing paging space in /dev/hd6
# PP size determined by lslv hd6", eg 256, 512 MB
chps -d8 hd6 # remove 8 PP to existing paging space in LV hd6
mkps -s16 rootvg -a -n # add new paging space worth 16 PP to
# vg called rootvg,
# -a = activate at once,
# -n = active on reboot.
mkps -s32 datavg hdisk1 # add new paging space on diff vg, specifying
# which disk to put it on.
rmps paginig00 # remove the whole paging space from sys
lsps -a # list paging space stat
shrinkps # 5L, shrink paging space (script)
# not sure why need this??

svmon # view current vm usage. Need

Connectivity (Network)
Serial/Console Port
DB9 connector wiring is slightly different than Sun. Use a real null modem cable. "Psseudo" cable from sun DB9-RJ45 adaptors and ribbon cable don't work. One will see text and be able to type text, but it won't accept the login, even when password is right. can't loging!! Terminal is VT100, none of the flow control stuff, but that probably don't matter. Also, for running system, when NULL modem is connected to serial, it should automatically display new text and prompt for login. ribbon cable probably don't work at all here.
P4 and older machines use standard 9600 for serial port. But new POWER5 machines, they changed serial port to use 19200!! All other settings are same as before.
Dumb Terminal
The tip command exist on AIX, but it is slightly different than Solaris.
# aix tip host spec, typically placed in /etc/remote-file
# with a /etc/remote file defining its location
# alternatively, env var REMOTE can define location of this remote-file
# aix tip escape sequence is same as solaris.
# ~? produces full list.
# ~^D terminate the connection.
# tty0 is the system console, like Solaris Serial A, not usually usable as dumb terminal emulator
# tty1 is the serial port labeled T2, the equi of serial B in Solaris.
# IBM AIX serial connection is slightly diff than Sun, req NULL modem cable.
# This emulated TIP does not fully act as dumb terminal :(
# Depending on the state of the machine, and whether tip session is established first,
# or the cable is connected first, text may or may not be visible :(
# So, tip in aix can probably only work as dumb terminal for sun and hp machines,
# and the most reliable console is still a dumb terminal.
# eg usage, runnable as normal user:
# export REMOTE=$HOME/etc/remote-file
# tip dumb19200
# tip -9600 serial1
dumb9600|direct connect at 9600 bps,br#9600:dv=/dev/tty1
dumb19200|direct connect at 19200 bps,br#19200:dv=/dev/tty1
# The serial ports ttyp0...ttyp9,ttypa...ttypf do not usually exist

cu Connect Unix.
Opening a serial line may need some file config, cli below get error :(
I guess need to get minicom/telix or some other similar program from the Linux world.

cu -s9600 -l/dev/ttyp1
-s speed
-l device line
cu commands:
~%b send a break
~%! give shell
~. end session, logout user.


netstat -i

lsdev | grep -i ether # see Ethernet devices and drirver.
# entX = h/w card.
# enX = ethernet (DIX II framing) for IP
# etX = ethernet (IEEE 802.3) for SNA, don't bother :)

lsattr -R -l ent0 -a media_speed # show capabilities of ent0
lsattr -EH -l ent0 -a media_speed # show current settings
lsattr -D -l ent0 # show all def val for Eth dev.

chdev -P -l ent0 -a media_speed=100_Full_Duplex # change to forced full 100
chdev -P -l ent0 -a media_speed=Auto_Negotiation # change to auto negotiate for speed duplex
# effective after reboot !!!

smitty mktcpip # configure/change ip of interface, default route, netmask
# permanently set ip option for interface
# smitty just run mktcpip cmd:
-i'NIC' # eg en0, "standard network interface"
-n'DNS.SERVER.IP' # may want to add more to /etc/resolv.conf
-A'no' # Start now? no or yes # just omit it.
mktcpip -h'aix01' -a'' -m'' -i'en0' -n'' -d'' -g''

Network Services
lssrc -a # list all services and their status
startsrc # start network service
stopsrc # stop network service
-g # group
-s # subsystem, g or s is largely how AIX define the service.
-a #
-D # Debug

startsrc -g nis # start NIS service group
startsrc -s rcp.mountd # rpc/mount service
startsrc -s xntpd # start ntp daemon
# init script starts it from /etc/rc.tcpip

startsrc -s sendmail -a -bd # start mail server to allow inbound mail.
# essentially, do sendmail -bd, makes it a
# daemon listening on port 25 for mail services.

startsrc -s iptrace -a "/tmp/iptrc.bin" # start ip tracing facility,
# -a = stor in file (binary).
stopsrc -s iptrace # stop tracing after problem is reproduced.

/etc/resolv.conf # main config file, like other Unix.

accept up to 3 name servers
change server after TimeOut (def of 5 sec), retry (def = 3),
so 5+10+20+40=75 sec.

namerslv -s # run cmd to see settings are understood by system.

DNS resolution depends on file /etc/netsvc.conf
and env var NSORDER=local,bind
AIX 4.3 accepts bind4 and bind8


chypdom -B # set the NIS domain for the machine
# it proabably edit /etc/rc.nfs to run cmd domainname
domainname # show the NIS domain
smitty yp # general YP NIS config
smitty mkclient # configure machine as NIS client
rmyp -c # remove yp client config
lssrc -s ypbind # display active vs inoperative NIS
stopsrc -s ypbind # nis client process
startsrc -s ypbind
# /etc/rc.nfs is where the ypbind is set to use specific server (if not broadbcast)

startsrc -g nis # start nis server daemon
stopsrc -g nis

AIX does not have a /etc/nsswitch.conf, instead use /etc/netsvc.conf
and /etc/irs.conf (Information Retrieval System, bind 8 code base, used in FreeBSD also).

Also, changes to irs.conf doesn't seems to be effective till next reboot.
At least that seems to be the case with automount entry,
restarting autofs a/o secldapclntd didn't refresh it.

May want to try these commands in /usr/sbin

eg of irs.conf

Okay, here a real sample of /etc/irs.conf from an AIX 5.3 machine:
hosts dns continue
hosts nss_ldap continue
hosts nis continue
hosts local
services nss_ldap continue
services nis continue
services local
networks dns continue
networks nss_ldap continue
networks nis continue
networks local
netgroup nss_ldap continue
netgroup nis continue
netgroup local
protocols nss_ldap continue
protocols nis continue
protocols local
automount nis_ldap
##automount nis
##automount files
##automount nis_ldap nis files

eg of /etc/netsvc.conf

# bind Uses BIND/DNS services for resolving names
# local Searches the local /etc/hosts file for resolving names
# nis Uses NIS services for resolving names. NIS must be running if you specify this option
# nis+ Uses NIS plus services for resolving names. NIS plus must be running if you specify this option
# ldap Uses LDAP services for resolving names
# ldap_nis Uses LDAP NIS services for resolving names
# bind4 Uses BIND/DNS services for resolving only IPv4 addresses
# bind6 Uses BIND/DNS services for resolving only IPv6 addresses
# local4 Searches the local /etc/hosts file for resolving only IPv4 addresses
# local6 Searches the local /etc/hosts file for resolving only IPv6 addresses
# nis4 Uses NIS services for resolving only IPv4 addresses
# nis6 Uses NIS services for resolving only IPv6 addresses
# nis+4 Uses NIS plus services for resolving only IPv4 addresses
# nis+6 Uses NIS plus services for resolving only IPv6 addresses
# ldap4 Uses LDAP services for resolving only IPv4 addresses
# ldap6 Uses LDAP services for resolving only IPv6 addresses
# ldap_nis4 Uses NIS LDAP services for resolving only IPv4 addresses

hosts = nis_ldap, nis, bind, local


nfso -a # show all nfs options and current value
nfso -o varname[=val] # display/set nfs option.
nfso -o nfs_use_reserved_ports=1
# AIX default does not use port <1024, which result in auth error.
# only needed for /net with certain solaris version?

Manual NFS mount can be added to /etc/filesystems ::

dev = "/vol/vol1/users"
vfs = nfs
nodename = netapp
mount = true
options = rw,fg,soft,intr,nosuid
account = false

dev = "/vol/vol1/depot"
vfs = nfs
nodename = netapp
mount = false
options = ro,fg,hard,intr,nosuid
account = false

mount -o vers=2,proto=tcp,wsize=8192,rsize=8192,llock,soft,intr netapp:/vol/vol1/users /nethome
mount -o vers=2,proto=tcp,wsize=8192,rsize=32768,llock,soft,intr desktop:/mnt/cdrom /mnt/rcdrom
mount -o ro -v cdrfs /dev/cd0 /cdrom

startsrc -g autofs # start autofs service group.
stopsrc -g autofs # stop autofs service group.
# autofs group has only 1 subsystem, so -s or -g is same
startsrc -s automountd # start automount service, more reliable than -g autofs !!

automount is started in the /etc/rc.nfs script.
An alternative is to use the Sun style script (aix supports them, but nothing added
by default), eg in /etc/rc.d/rc2.d/S74autofs, have something like:

/usr/sbin/automount -M /home /-
# monitor /home (for user),
# /- will give the /net/HOST access like sol (and other direct mount)
# aix 5.1 no longer support the -M param

aix 5.1L ML 3, automount started in /etc/rc.nfs as:

/usr/sbin/automount -f /etc/auto_master -D ARCH=SC_AIX

# auto_master had only "+auto_master"
# remember that /home may be a mounted fs, so may wan to use /nethome.
# /net will work okay without -M /- .
# automount will call the automountd process, massage the mount points, and exit.
# do NOT start automountd on the CLI manually, it will not interface with mount correctly.

/etc/exports # export files, similar to HP-UX, Linux
eg content of the file:
/usr -ro,root=admin-desktop"

exportfs -a # export everything
exportfs -v # display active exports
exportfs -i /tmp # manually /tmp w/o entry in exportfs

startrc -g nfs # start mountd, etc

lsauthent # list authenticaltion methods
mknfs -B # start nfs service now and at boot?

Use smit to add printer, prints to windows print server easily (provided the windows print server has Unix printing services setup):

smitty, Print Spooling, (AIX Print Spooling, choose it if it pops up),
Add a Print Queueus, type is remot, std processing :
Name of Queue to add --> Use printer name maching remote queue name (ie win prt name)
Hostname of remote server --> Windows print server name
Name of queue on remote server --> Windows printer name.
Type of print spooler on remote server --> System V

/usr/lib/lpd/pio/etc/piomisc_ext mkpq_remote_ext -q 'QueueName' -h 'Hostname' -r 'RemoteQueueName' -t 'att' -C 'FALSE' -d 'description'

To see what printers are installed, use:
/usr/bin/lsallq # brief listing of printer name only
/usr/lib/lpd/pio/etc/piolsvp -p # listing with queue server and description
/bin/lpstat # query windows print server on printer status, but names are truncated

Sys Config
General SA Commands
oslevel -rq # list all known and recommended ML
oslevel -r # which ML (maint level) machine is at.
oslevel -l # list fileset missing to bring machine to specified level.
oslevel -l 5200-02 -r # aix 5L is weired wrt oslevel -l
oslevel -s # service pack, in addition to ML, not avail on all sys.
# ( -s is new flag starting ca 2006, aix 5.3 ML 3? not in base 5.3)

uname -a # ver info, also with val of -m at the end
uname -m # some sort of machine code, includes serial number of the machine:
# 000F2C9A4C00 embeds serial 00F2C9A4 (jc)
# 000750AC4C00 embeds serial 10-750AC (vs -u opt)
uname -u # serial number (of management frame).
# IBM,0110750AC embeds serial 10-750ac (targa, 4.3 )
uname -L # first number = the LPAR partition number
# OS is running inside of.

errpt # generate ERRor rePorT. This is more detailed than syslog.
errpt -a # all entries, detailed view. Default is brief listing only.
errpt -A # Abreviated detailed view.
-D # Collapse duplicate entries.

watch cmd -o logfile # similar to truss cmd, but can't watch existing pid
truss # exist for 5.x, in /bin

topas # top/monitor clone

NIM Network Install Manager
- Network installation of aix, equiv of solaris jumpstart
- r-cmd to control remote machine

Config Files
/etc/security/passwd # similar to shadow file
/etc/security/login # dictate shells that are valid shell for various process.
# if user shell not listed here, ftp will fail.
/etc/ftpaccess # set ftp access priviledges, allow/deny access, etc.
/etc/nologin # tmp disable login, presence of file set this behaviour
/etc/filesystems # instead of /etc/fstab

# /etc/syslog.conf

# can start syslog simply as: /usr/sbin/syslogd
# kill -HUP reload config file, adding note to error level (it whines).
# ensure the two columns are separated by TAB, not spaces
# or syslogd will fail to log silently!!
# AIX 5.x works okay with spaces now.

# IBM don't seems to have any standard, there are no default settings.

# *.info /var/adm/syslog_info.log
*.notice /var/adm/syslog_notice.log rotate size 100k files 4
# *.warning /var/adm/syslog_warning.log
# *.err /var/adm/syslog_err.log
*.crit /var/adm/syslog_crit.log

# create files as follows:
# touch /var/adm/syslog_info.log /var/adm/syslog_crit.log
# touch /var/adm/syslog_notice.log
# touch /var/adm/syslog_warning.log /var/adm/syslog_err.log
# really just need crit and notice
# warning and notice are same, both just marginally smaller than info.

# /etc/filesystems

dev = /dev/hd4
vol = "root"
mount = automatic
check = false
free = true
vfs = jfs2
log = /dev/hd8
type = bootfs

dev = /dev/hd1
vol = "/home"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8

dev = /dev/hd2
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = /usr
free = false

dev = /dev/hd9var
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = /var
free = false

dev = /dev/hd3
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
vol = /tmp
free = false

dev = /proc
vol = "/proc"
mount = true
check = false
free = false
vfs = procfs

dev = /dev/hd10opt
vol = "/opt"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8

dev = /dev/vol1
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false

dev = "/vol/vol1/users"
vfs = nfs
nodename = na_data
mount = true
options = rw,fg,hard,intr,nosuid
account = false

dev = "/vol/vol1/depot"
vfs = nfs
nodename = na_data
mount = true
options = rw,fg,hard,intr,nosuid
account = false

dev = "/dev/cd0"
vfs = cdrfs
mount = false
check = false
options = ro
vol = "/mnt/cdrom"
free = false

Hardware commands

Hot swap PCI cards, or hot remove. Essentailly, issue command to identify, then power off a given pci slot, then reactivate it again.
smit, devices, pci hot plug manager

shutdown -F # shutdown right away, no delay time
-r # reboot
-m # maintenance mode
shutdown -r +5 "msg to users" # +5 = 5 minutes later.

lsattr # list attributes
-D # display def val
-R # display range of legal values
-E # display Effective vall (current settings)
-l name # specify dev logical name
-a attr # specify attribute of NAME logical dev

lsattr -El sys0 # show lot of hardware info, include mem
lsattr -El sys0 -a realmem # get specifically the memory attribute, in KB.

lsdev -Cc processor # see number of processor on machine (may not be numbered in sequence)
lsattr -El proc0 # find processor speed

pmcycles -m # list total number of CPU. installed in /bin by bos.pmapi.
# AIX 5.2 and above, CD #1.

A note about IBM processors.
POWER4 and POWER5 processor are typically packed in a processor card as a Dual Chip Module (DCM). The processor card has a single physical "CPU" in the traditional sense of touchable chip, but internally it has two cores and is marketed as a 2-way processor.
The CPU listed by the output of pmcycles -m is similar to the Intel Hyperthreadig tech whereby a processor can run more than one thread at a time, it is not a physicall processor per se, but available to the programmer.
Thus, a fully populated 4-way processor P5-550 would have 2 DCM processor card (two 2-way processor cards), lsdev -Cc processor will show 4 processors, and pmcycles -m will show 8 CPU.
REF: IBM redbook-p5-550.pdf

lscfg # list config
# ses are internal scsi disks
# scsi includes int and ext disks
# procX are CPUs
# fca = Fiber Channel HBA
lscfg -vp # lot more detailed info, eg: use to search for fca
lscfg | grep disk # see number and size of HD

lsslot -c pci -a # list pci slot info

lsdev # list devices

cfgmgr # rescan bus and install driver for new devices
# eg when new device made available over SAN
-S # scan serially (instead of parallel)
-v # verbose, print more status info
# Note that emc come with its wrapper script to do the work.

bootinfo -y # 32 v 64-bit enabled
# NOTE: bootinfo is runnable by root only.
-K # current kernel mode
# show kernel native bits,
# NOTE: 32-bit can run 64 bit app anyway.
-r # real memory in system in KB
-s hdisk0 # disk size in MB
bootinfo -b # last boot dev
bootinfo -m # machine model code
-p # hw platform (type of bus, etc)
-r # show real memory in sys, in Kb


LPAR sysmtem
From HMC (hardware manager console), cmds in /opt/hsc/bin

query_cecs # list all online managed sys
get_cec_state -m # find curret state of sys

get_op_panel -m # get operator panel lcd code

get_cec_mtms -m # frame type and serial number, buggy.

Package/Software Management

lslpp -h bos.rte # show fileset history (from package mgnt?)
lslpp -L bos.rte # snapshot of main levele and statet of fileset
lslpp -f bos.rte # see what files are installed by a given fileset.
lslpp -l # show fileset revision level
lppchk -v # chk see if any lpp product are broken, obsolete, missing

lslpp -l | grep vacpp # show all fileset info about the ibm compiler

installp flags
a apply update (def action)
c commit
g recursively install prereq
X eXpand (local) FS is more space is needed.
d file specify the location of the media file ( . for current dir).
p preview only, nothing will actually be done.


installp -qa -d . -X all # apply updates
installp -rB -X all # reject updates
installp -c -g -X all # commit updates
smitty install_commit # same as above.
installp -qac -N all -d . # install w/ commit on, no backup, no simple roll back.
installp -u [filesetname] # uninstall comitted lpp product

installp -iq -d /dev/cd0 all # display supplemental info abouut ML patch in cd
installp -qA -d /dev/cd0 all # display APAR info

IBM Software iFOR licensing commands
i4cfg -list # list license services status

i4blt # license management for visual age. no param = help
-r 6 # print report type 6. see help for more types.
-lp # list licenses
-lp -i # list licenses with extra info, such as time stamp
-s # prod license status
-a # add/enroll a produt

-d # delete license
-v # opt vendor info (for some custom lic, used by VA C++
-p # opt product info
-U # update license
-T # specify number of user, cn license only

14blt -a -f /usr/vac/c44aix_cn.lic -T 10 -R "registration_comment_avoid_space"
# enroll a license. -T 10 inidcates number of licenses.

i4blt -U -v "'IBM Software Solutions Toronto'" -p "'VisualAge C++ Professional' 6.0.n" -T 100
# Update license to allow 100 users. Only for _cn license type.
# Be very careful about quotes! Name with spaces need additional
# single quotes around them!!! Awful syntax and very cryptic error messge!!

i4blt -d -n server_name -v "'vendor name with space'" -p "'product name' product_version" -t timestamp
i4blt -d -v "'IBM Software Solutions Toronto'" -p "'VisualAge C++ Professional' 6.0.n" -t 1022291809
i4blt -d -v "'IBM Software Solutions Toronto'" -p "'C for AIX' 6.0.n" -t 1022291952
# delete a license.
# -t is timestapm retrieved from output of i4blt -lp -i

License files are located in

The files type are:
C C++ license file names
cforaix_cn vacpp_cn = concurrent nodelock LUM license
_c _c = concurrent network
_n _n = simple nodelock

The First line of file is actually command for license enrollment.

Visual Age compiler license file installation requires the package bos.adt.libm For 5.1L, it is in CD 4/6. However, its install need to kick started from CD 1, by requesting the install of all all componets of bos.adt, which is not installed by default.

Applying ML

get aix ML (Maintenance Level patch) and instructions on installing it.

inutoc ./usr/sys/inst.images/
installp -acgXd ./usr/sys/inst.images bos.rte.install
smit update_all #

cd /home_sc/sa/share/
inutoc . # this creates the .toc file
installp -acgXd . bos.rte.install # install the basic os patch ?
smit update_all # add the other patches
oslevel -r # + reboot

If getting APAR fixes with a series of .bff files, use
(touch .toc, chmod 777 .toc)
inutoc .
and then smitty update_all on the dir to install all the patches.

java 1.4 download, they came in .tar.gz format.
strangely, it seems that I have to use tar xf from aix to correctly extract the archive.
it become a backup/restore file which "smitty installp" as "Install Software"
with path to the file as dir location will work.
May actually need to specify the full name of the installp image filename in the path.
tar off from solaris doesn't seems to work!!

Software Patches
aka Program Temporary Fix
instfix -i # show applied APAR fix
instfix -i | grep AIX_ML # fix done by ML patch
instfix -i -k IY78933 # see if a given IY APAR fix had been applied.
instfix -ivq | grep xlC.aix5.*rte | sort -u # list installed xlC runtime environment

/usr/lib/instl/sm_inst instfix_cmd -d '/lhome/root/vacpp7_rte8' -f 'IY78993' -c -N -X
# install the specific IY78933 from the RunTimeEnv v8 for "xlC v7"
# this can be done over NFS dir, provided .toc is created correctly
# and stored on this NFS source.
# The downloaded PTF file vacpp.70.aix.nov2005.ptf.tar.Z need to be extracted
# which produce a series of .bff files in backup/restore format.

/usr/lib/instl/sm_inst installp_cmd -a -Q -c -N -g -X -G \
-d '/nfshome/sa/share/aixX.smit/aix_vacpp_rte7_nov2005/extract' -f _all_latest
# install the whole RunTimeEnv v8 for "xlC v7"

/usr/lib/instl/sm_inst installp_cmd -a -c -N -g -X \
-d '/nfshome/sa/share/aixX.smit/aix_vacpp_rte7_nov2005/extract' -f _update_all
# apply relevant updates from RunTimeEnv v8 for "xlC v7"
# it will not display failure msg when optional debugger
# components are not installed.

Example: Installing and Patching IBM Visual Age c++

copy cdrom image
run smit

use dir of
eg /nethome/sa/software/VisualAge_5.0.2_cd/usr/sys/inst.images

NOTE: use inst.images first, then mvCD.

mvCD may have complain of wrong path, but it generally list more stuff and install more programs, even when some may fail.
mvCD may be listing all software in the whole CD set, not just a given CD.
mvCD would fail if content is network path and no CD media change is possible.
actually, aix5l book suggest use of inst.images dir (build .toc before install if obtaining as tar is normal procedure.)

use F7 or ESC,7 to toggle selection.
can use keyword "all" to select all subpackages.
but note that it will not currectly detect os level and then cause fialure notices.

Applying patches :


it is like installing normal software, but the tar didn't have a .toc file.
thru smit, there was an entry to list software in media, run it so that it created a .toc file.
After that, install the patch as software (via smit update_all), which generate commands like:

geninstall -I "a -cgNqwX -J" -Z -d /nethome/sa/software/VisualAge_patch_March2003_runtimePTF -f File 2>&1


geninstall -I "a -cgNqwX -J" -Z -d /nethome/sa/software/VisualAge_patch_March2003PTF -f File 2>&1

Adding international LOCALE
smitty lang (System Environments,Manage Language Environment),
go to "Add Additional Language Environments"
Then there are two possibilities:
- CULTURAL convention to install
This add support for desired lang (already supported language can be
found from "locale -a")
- LANGUAGE translation to install
This add system error message for many different software packages
installed on the machine. Not typically needed for dev/test of intl lang

Instead of putting CD into machine CD-ROM drive, one can specify network shared CD-ROM
such as /net/tin-sun/cdrom, but it will NOT prompt to change CD,
and any language locale pack selected not avail on network path will simply not be queue for
install, so not even error message. If the CD has nothing about the related
language, it will display error. Most International language locale start
with CD #5.


Can use Remove Lang Env to see list of installed lang translation locale.
Sometime adding a language locale complain missing file set pre-req. do:
cd directy to the dir with the file, and install it manually.
smitty installp on any of the CD doesn't show option to add this fileset!

cd /share/aix5.2/disk1/usr/sys/inst.images
installp -acgXd .

lslpp -l | grep COMMITTED Common Locale Support - COMMITTED Common Locale Support - UTF-8

May also need to put in CD #1 and use smitty installp, and add the necessary
bos.iconv set appropriate to the desired language.


other locale/intl related cmd:
chlang es_ES # change to use spanish from spain... update .profile, effective after re-login.
# but I don't see the effects...


Ref: Understanding Locale from AIX online ref.

Loose ends
AIX dev env does not use LD_LIBRARY_PATH, but instead use LIBPATH

Places to get freeware for aix. [recommended by esj]

monitor # top like tool for real time monitor
# t = top processes

# a = toggle view mode
# ? = help


Reference AIX portal, lot of sutff!

IBM Online documentation at
Service Guide for RS/6000 F80 (Ch 4 and 5 have 4 digits LED error code for boot time hardware/firmware problem).
RS/6000 Diagnostic LEDs (BITS code, 3 digits used in older, small machines). BIST Error Code

AIX Toolbox for Linux
Download specific IBM fileset Specify OS version and "specific fixes", and it will bring a search page that allows retrieval of a specific version of a given fileset. eg