Wednesday, December 19, 2007

AIX pocket Survival guide

AIX Admin 101

PMR - Problem Management Record.
PTF - Program Temporary Fix eg Unnnnnn
APAR - Authorized Program Analysis Report, specific release of PTF. eg IYnnnnn, IXnnnnn
ML - Maintenance Level, grouping of APAR. eg 5300-04 is ML 4
SP - Service Pack (starting aix 5.3 ML 3) eg 5300-03-01 is SP 1 on ML3
TL -

Fileset - group of files, eg bos.adt.libm
VRMF - Version, Release, Modification/Maintenance level, and Fix.
eg 5.2.0.60


smit
A lot of the sys admin task in AIX can be done thru smit (or smitty for TUI version). It can accept a parameter to get to a specific menu section right away.

Here are some example:

smit mktcpip # configure network parameters
smit chfs # change file system, eg grow/extend it.
smit lsprt # list printers (don't list all, may need to go thru long menu)
smit installp # Add new software
smit update # add patches
smit update_all # automatic add patches to existing sw, no complain if patch is not relevant


smitty fastpath:

Action Prefix Device Abbreviation
------ ------ ------ ------------
(add) mk (printer) prt
(change) ch (tty) tty
(list) ls (pty) pty
(remove) rm (disk) dsk
(cdrom) cdr
(diskette) dskt
(tape) tpe
(adapter) adp
lang

Keystrokes:
F3 or ESC, 3 Cancel, go back
F4 or ESC, 4 Provide list of items to choose from
F6 or ESC, 6 Show command that smit will actually run
F10 or ESC, 10 Exit smitty


Linux Affinity
AIX is affectionally known as It Ain't uniX. With version 5L that added Linux Affinity, it maybe called Ain't It linuX?
The linux toolkit does add lot of open source utilities for AIX, it even provides an rpm package manager to manipulate these open source tools. However, it is stuck in the past, circa 2002, and so many of the newer Linux updates are not available. For example, there is no rpmbuild but use the old rpm --recompile. There is no automatic patch to update the source codes from Source RPM. These deficiencies makes development in AIX extremely painful.


AIX Idiosyncrasies
If a file is held open by the OS with a running program, it will not allowed to be overwritten (think Windows). For example, /lib/security/NSS_LDAP and /usr/lib/netsvc/dynload/nss_ldap.so are modules loaded by the authentication subsystem, and these files are locked and cannot be upgraded.


Initial System Setup
smitty assist # init os setup assistant to config basic system param.

/usr/sbin/install_assist # what get launched automatically after init install reboot




FS Layout
AIX uses a pretty good volume manager out of the box. Every FS can be expanded on the fly, so no special work is really needed on initial setup. If you use /home as NFS mounted home dir, you may wish to update /etc/filesystems so that the the local disk is mounted as /localhoome or something.


Bundle Install
AIX that comes with the machine often don't have all the desired software packages installed. It maybe good to add some bundles before releasing the machine for general use.

eg: Add the Application Development bundle ::
/usr/lib/instl/sm_inst installp_cmd -a -Q -d '/nfshome/sa/aix53/cd1' -b 'App-Dev' -f 'all' '-c' '-N' '-g' '-X' '-G'

Other bundles that can be installed are:
AllDevicesKernels
Alt_Disk_Install
App-Dev
CC_EVAL.Graphics
CDE
GNOME
Graphics
KDE
Kerberos_5 (Expansion Pack)
Media-Defined
Mozilla (AIX Toolbox for Linux Applications, Mozilla CD)
PerfTools
Server
Note that not everything is in the first CD. Time for IBM to get with DVD media, no? :)


See also Config Files


Firmware/BIOS
When upgrading an older machine to new version of AIX, be sure to check the AIX release notes to ensure the machine in question is still supported, and whether any firmware update maybe needed.

RS/6000 / pSeries machine firmware is typically updated when AIX is still running. Many older machines does not support firmware update in SMS. Old hardware or firmware have tendency to crap out in a boot process giving error 20EE000B (unable to find boot device), even when boot from the CD for the initial install works fine. The saving grace is that one can boot and reinstall the old OS should machine become unbootable.

# show firmware version, sample output included
# the last 6 digit of the firmware is a date code YYMMDD
lscfg -vp | grep -p Platform

Platform Firmware:
ROM Level.(alterable).......3R040323
Version.....................RS6K
System Info Specific.(YL)...U0.1-P1/Y1
Physical Location: U0.1-P1/Y1


# copy new firmware from CDROM into a new dir /tmp/fwupdate
# inside the microcode dir in the CDROM are subdir for each machine type
# refer to the doc inside this dir for full details on firware upgrade.
cp /mnt/cdrom/microcode/... /tmp/fwupdate

# run checksum on the firmware image.
sum vvYYMMDD.img

# perform the update, it will reboot the machine automatically when done
cd /usr/lpp/diagnostics/bin
./update_flash -f /tmp/fwupdate/3R041029.img


Boot Time Troubleshooting

RC scripts executed at startup:

/etc/rc.d/rcN.d/
same as solaris, Snn--- script, but there is nothing in here from basic OS.
normal run level is 2. Placed S74autofs and S89sshd in rc2.d .
/etc/rc.d/rc script is the one that source all the rcN.d,
but this script doesn't seems to exist by default,
had to be copied from another 4.3.3 machine and then it was fine.
For some unknown reason, init script for AIX 5.3 doesn't seems to run
correctly!! (eg, opensshd script will create log, but fail to start)



AIX default system config is to have a few named rc scripts,
they are all started by init as per /etc/inittab:
/etc/rc.tcpip # tcp config, but could not start sshd from here at boot, so placed in rc2.d/S89sshd.
/etc/rc.nfs # includes NIS, rcp
/etc/rc.emcpower # emc added their own startup script here, which is called form /etc/inittab.


Single User/Maintenance Mode
For servers with Service Processor:
Power off machine
Navigate the Service Processor menu (avail only when machine is off, from serial console):
go to (2) system power control menu
go to (7) Boot Mode Menu (some system list it as AIX/Linux mode config)
go to (2) Service Mode boot from Saved List (to enable Maintenance Mode, diff than SMS mode).
Power on machine.
Kernel will boot, then ask which options to boot to, choose single user mode (maintenance mode has less capability).

To install new OS to system, change system to get into System Management Service (SMS) mode. Then choose to boot from cdrom (first CD for OS install).

A note about the old desktop machines (eg 43P-140 604e-332 PowerPC 760):
When machine first boot, it will display various number on the various terminal.
eg. 0 for ASCII console (dumb terminal), 1 on first graphics video, 2 on second graphics video.
Press the number corresponding to the video that you wish to use.
This setting is "memorized" by the system, prompt again only when a there is hardware config change.
To get into the graphical System Management Service (SMS) mode, press F1 as soon as the double beep "dirip-dirip" chirps happens (and the keyboard icons is displayed).
You better be quick, do it before the long chime of the speaker test happens (the fifth/last icon in startup: speaker icon).
If using ASCII console, F-keys are simulated via ESC+Number keys. The graphical icons won't appear, but the equivalent text will be displayed progressively across the screen:


memory keyboard network scsi speaker

Pressing F8 will go to the open firmware OK prompt. There are only a few commands accepted:

devalias
printenv
setenv
boot [DEVICE]

boot disk will do a normal boot from hard drive. This is the default action if open firmware is not explicitly invoked.
boot cd will boot from the cdrom and run the installer program, whereby it will prompt for install config info.
There is also option to get into maintenance mode (?? It is NOT boot -s !!)
More info about open firmware: IEEE 1275.
SMS has entry to define boot device scan sequence, which is based on SCSI (lowest ID first). However, actual boot is according to Open Firmware boot command, so which device is booted depends on what the alias for disk is defined as. In summary, ignore the SCSI id boot sequence in SMS.

Some system require pressing F5 instead of F1 to get into SMS mode. If you are lucky, some will display what key to press to get into what mode right before the hardware scan progress, eg:


1 = SMS Menu 5 = Default Boot List
6 = Stored Boot List 8 = Open Firmware Prompt

IBM RS/6000 hardware is pretty finiky and OS support may not be available for some machines. AIX 5.2 will no support any machines with ISA bus. Some 43P have such bus and thus can only run AIX 5.1 as latest OS. Other 43P that don't have ISA bus can run the newer AIX. If you wish to install Linux, expect even more finickyness, as there are lot of small modifications between motherboards of different serial numbers. Linux may run on one 43P, but not another that looks the same. ie: don't install Linux on these putters!
Random Daily Sys Admin Tasks

See if system has ASync IO feature installed:

lslpp -l | grep -i asyn # list bos.rte.aio package installation
lppchk -c # check to ensure all fileset are installed correctly
lsdev -C -t aio # list whether async io is avail as device
smitty chgaio # smit interface to activate aio, reboot req.


---

smitty chtz # change timezone info
# /etc/environments TZ=PST8PDT
date -u # display internal system clock (in CUT/GMT).
# reboot was recomended, but all future login will see
# corect TZ. cron and stuff may not update till reboot.


---

AIX WebSM, default port is 9090 (/etc/services)
To disable, use /usr/websm/bin/wsmserver -disable; -enable will re-enable it.

HTTP server, started in /etc/inittab !
So it will respawn if it is just killed, edit inittab to free up port 80!

EMC navisphere agent also started in inittab, I guess it is the AIX way.
it calls /etc/rc.agent

----

ibm option number for universal (oem) cabinet rack mount rail part. OEM means 3rd party cabinet. IBM cabinet rails are fixed length!
p5 9113-550 :: 7162 IBM/OEM RACK-MOUNT DR.RAIL KIT 1 168.00

p5 510 :: 7166 IBM/OEM RACK-MOUNT DR.RAIL KIT 1 150.00


Storage
Disk/Volume Management/Filesystem
AIX has probably the most admin-friendly Logical Volume Manager and Filesystem of all the major Unices out there. It use a single LVM for every FS. Every FS is extendable online without the need to unmount. It does have lot of commands that are needed to manipulate the system though. But if you just need to get more space on a given FS/partition, just use smit chfs.
TLA name eg sample cmd
--- ------------- ------------------------ --------------
PP physical part
LP logical part

PV physical vol hdisk0 hdisk1 lspv
VG volume group rootvg appvg lsvg mkvg extendvg
LV logical vol /dev/hd0 /dev/hd9var lslv mklv
FS filesystem / /var lsfs mount

hdiskN are physical hard drives (or RAID device?)
/dev/hdN are FS level mountable device, these are created by the LVM.
/dev/hdN are subcomponents of VG such as rootvg.


smit vg # display and set logical volume group info

lsdev -Cc adapter # list many adapters, include fc, scsi, ide, pci, LPAR virtual, usb, graphics
lsdev -Cc disk # list hard disks. eg hdisk0 hdisk1
rmdev -dl hdisk2 # remove a named disk from config, often needed when san disk has been
# changed on the storage server side. after rm, rescan the bus.

lsvg # list all VG present in system
lsvg rootvg # VG space usage and free, PP size, etc
lsvg -l rootvg # list LP content of rootvg
lsvg -p rootvg # list PP used and free for a VG
# when LV/FS need to be extended.

extendvg -f rootvg hdisk8 # allocate physical hd to VG rootvg
smitty vg # smitty for Vol Grp, allow remove vg

mklv -y'appvol00' appvg 1 # create logical volume (after volume group defined via mkvg)
# if -y is not given, a generic volume name will be assigned.
# This step isn't strictly needed, mkfs will create generic vol as needed.
mkvg -f -y'appvg' hdisk2 hdisk3 # create a VG appvg from 2 physical hd
mkvg # original Vol Grp (Max 32 PV, 255 LV)
mkvg -B # Big Volume Group (Max 128 PV, 512 LV, 4.3.1+)
mkvg -S # Scalable Vol Group (Max 1024 PV, 256 LV, 5.2+)

smit fs # best to use smit to create a fs, many parameters.
# it typically call cffs -v jfs2

reorgvg # reorganize PP w/in vol grp

lsfs # list fs on machine, kinda like mount,
# diff output, only list fs in /etc/filesystems.

chfs -a size=+1 /dev/hd2 # grow a file system, size mult of 512 bytes, but
# always rounded up to integer number of PP
# 8 mb, 64 mb, etc (see lsvg rootvg pp size)
# to add 256mb, use size=+524288
# 256 * 1024*1024 / 512 = 524288 blocks
# ie, use size val of [ X MB * 2048 (constant) ]
chfs -a size=+1 /tmp # /dev/hd2 can be substituted by the fs mount pt.
smitty chfs # will see SIZE for more accurate resizing.
# count is # of 512 bytes block,
# value is absolute num only.
# Can also strink fs while mounted (at least tested in 5.3)

lslv hd1 # info of LV hd1 (find from mount
# what fs it belongs to).

cplv # copy LV
chlv # change LV,
# cplv + chlv = move Log Vol b/w Vol Grp.

lspv # list PVID (physical volume id) and vg on disk
lspv -l hdisk0 # list what fs are on a given disk
# good to check to ensure fs does not span more
# than one disk unecessarily, to reduce disk
# crash damage.

migratepv -l LVname oldPV newPV # move a fs w/in same vol grp, but diff hd. eg
migratepv -l paging00 hdisk1 hdisk2 # migrate pagin, can take a while!




varyonvg VGname # vary on a vol grp, needed before VG is accessible,
# typically automatica with most commands now
varyoffvg VGname # vary off, ie, make vol grp offline.

exportvg VGname # disociate /etc/filesystems etc from the computer,
# making the VG available for mount by another computer
importvg -y VGname hdiskN # reimport the VG. Remember the vary cmd.

lqueryvg -p hdisk0 -v # Determine the VG ID# on hdisk0
lqueryvg -p hdisk0 -L # Show all the LV ID#/names in the VG on hdisk0
lqueryvg -p hdisk0 -P # Show all the PV ID# that reside in the VG on hdisk0

getlvodm -u rootvg # Determine if ODM and VGDA data are correct (in sync)




chvg -u rootvg # unlick rootvg (maybe locked during crash, ODM problems)
getlvodm/putlvodm # disk ODM repair related.

smitty mklvcopy # smitty fastPath for making mirrors
# work on each logical volume, eg hd1
# Lot of menu options then, but don't like it much,
# not obvious how to make 2 disk mirror identically.
# maybe one don't have to, as it will be mapped blocks anyway
# not like solaris that match cylinder allocation, but solaris maybe more resilient
# aix wants to find where to place vol (center of disk, etc).
# Maybe multiple copies of a logical vol inside same volume group (and potnetially
# same disk!
# aix book p 210

mirrorvg rootvg # mirror whole volume group, simple one command does it.
# aix book p 202

istat /opt # show inode status

ipl_varyon -i # Determine which disk(PV) is the boot drive



Other ref: Advanced Horizons AIX File Info


swap / paging

/etc/swpaspaces # config file
swapon -a # activate all swap spaces
swapon /dev/paging00 # activate additional device
swapoff /dev/paging00 # deactivate

chps -s16 hd6 # change attrib of paging space
# add 16 PP to existing paging space in /dev/hd6
# PP size determined by lslv hd6", eg 256, 512 MB
chps -d8 hd6 # remove 8 PP to existing paging space in LV hd6
mkps -s16 rootvg -a -n # add new paging space worth 16 PP to
# vg called rootvg,
# -a = activate at once,
# -n = active on reboot.
mkps -s32 datavg hdisk1 # add new paging space on diff vg, specifying
# which disk to put it on.
rmps paginig00 # remove the whole paging space from sys
lsps -a # list paging space stat
shrinkps # 5L, shrink paging space (script)
# not sure why need this??

svmon # view current vm usage. Need perfagent.tools

Connectivity (Network)
Serial/Console Port
DB9 connector wiring is slightly different than Sun. Use a real null modem cable. "Psseudo" cable from sun DB9-RJ45 adaptors and ribbon cable don't work. One will see text and be able to type text, but it won't accept the login, even when password is right. can't loging!! Terminal is VT100, none of the flow control stuff, but that probably don't matter. Also, for running system, when NULL modem is connected to serial, it should automatically display new text and prompt for login. ribbon cable probably don't work at all here.
P4 and older machines use standard 9600 for serial port. But new POWER5 machines, they changed serial port to use 19200!! All other settings are same as before.
Dumb Terminal
The tip command exist on AIX, but it is slightly different than Solaris.
# aix tip host spec, typically placed in /etc/remote-file
# with a /etc/remote file defining its location
# alternatively, env var REMOTE can define location of this remote-file
#
# aix tip escape sequence is same as solaris.
# ~? produces full list.
# ~^D terminate the connection.
#
# tty0 is the system console, like Solaris Serial A, not usually usable as dumb terminal emulator
# tty1 is the serial port labeled T2, the equi of serial B in Solaris.
#
# IBM AIX serial connection is slightly diff than Sun, req NULL modem cable.
# This emulated TIP does not fully act as dumb terminal :(
# Depending on the state of the machine, and whether tip session is established first,
# or the cable is connected first, text may or may not be visible :(
# So, tip in aix can probably only work as dumb terminal for sun and hp machines,
# and the most reliable console is still a dumb terminal.
#
# eg usage, runnable as normal user:
# export REMOTE=$HOME/etc/remote-file
# tip dumb19200
# tip -9600 serial1
#
#
dumb9600|direct connect at 9600 bps,br#9600:dv=/dev/tty1
dumb19200|direct connect at 19200 bps,br#19200:dv=/dev/tty1
serial0|dumbterminal:dv=/dev/tty0
serial1|tty1|dumbterminal:dv=/dev/tty1
tty|dumbterminal:br#19200:dv=/dev/tty
#
# The serial ports ttyp0...ttyp9,ttypa...ttypf do not usually exist
#
ttyp0|dumbterminal:br#19200:dv=/dev/ttyp0
ttyp1|dumbterminal:br#19200:dv=/dev/ttyp1
ttyp2|dumbterminal:br#19200:dv=/dev/ttyp2
ttyp3|dumbterminal:br#19200:dv=/dev/ttyp3
ttyp9|dumbterminal:br#19200:dv=/dev/ttyp9
ttypa|dumbterminal:br#19200:dv=/dev/ttypa
ttypb|dumbterminal:br#19200:dv=/dev/ttypb
ttypc|dumbterminal:br#19200:dv=/dev/ttypc
ttypf|dumbterminal:br#19200:dv=/dev/ttypf


cu Connect Unix.
Opening a serial line may need some file config, cli below get error :(
I guess need to get minicom/telix or some other similar program from the Linux world.

cu -s9600 -l/dev/ttyp1
-s speed
-l device line
cu commands:
~%b send a break
~%! give shell
~. end session, logout user.

NIC

ifconfig
netstat -i

lsdev | grep -i ether # see Ethernet devices and drirver.
# entX = h/w card.
# enX = ethernet (DIX II framing) for IP
# etX = ethernet (IEEE 802.3) for SNA, don't bother :)

lsattr -R -l ent0 -a media_speed # show capabilities of ent0
lsattr -EH -l ent0 -a media_speed # show current settings
lsattr -D -l ent0 # show all def val for Eth dev.

chdev -P -l ent0 -a media_speed=100_Full_Duplex # change to forced full 100
chdev -P -l ent0 -a media_speed=Auto_Negotiation # change to auto negotiate for speed duplex
# effective after reboot !!!


smitty mktcpip # configure/change ip of interface, default route, netmask
# permanently set ip option for interface
# smitty just run mktcpip cmd:
/usr/sbin/mktcpip
-h'HOSTNAME'
-a'HOST.IP'
-m'HOST.IP.NETMASK'
-i'NIC' # eg en0, "standard network interface"
-n'DNS.SERVER.IP' # may want to add more to /etc/resolv.conf
-d'DNS.DOMAIN.NAME' # eg titaniumleg.com
-g'DEF.GATEWAY.IP'
-A'no' # Start now? no or yes # just omit it.
eg:
mktcpip -h'aix01' -a'10.215.11.101' -m'255.255.255.0' -i'en0' -n'10.215.2.1' -d'titaniumleg.com' -g'10.215.11.1'


Network Services
lssrc -a # list all services and their status
startsrc # start network service
stopsrc # stop network service
-g # group
-s # subsystem, g or s is largely how AIX define the service.
-a #
-D # Debug

startsrc -g nis # start NIS service group
startsrc -s rcp.mountd # rpc/mount service
startsrc -s xntpd # start ntp daemon
# init script starts it from /etc/rc.tcpip

startsrc -s sendmail -a -bd # start mail server to allow inbound mail.
# essentially, do sendmail -bd, makes it a
# daemon listening on port 25 for mail services.

startsrc -s iptrace -a "/tmp/iptrc.bin" # start ip tracing facility,
# -a = stor in file (binary).
stopsrc -s iptrace # stop tracing after problem is reproduced.


DNS
/etc/resolv.conf # main config file, like other Unix.

accept up to 3 name servers
change server after TimeOut (def of 5 sec), retry (def = 3),
so 5+10+20+40=75 sec.
eg:
domain hybridauto.com
nameserver 10.210.2.11
nameserver 10.210.2.12
nameserver 165.87.201.244
search hybridauto.com
search titaniumleg.com
search titaniumlegcorp.com

namerslv -s # run cmd to see settings are understood by system.

DNS resolution depends on file /etc/netsvc.conf
hosts=local,nis,bind
and env var NSORDER=local,bind
AIX 4.3 accepts bind4 and bind8

NIS

chypdom -B titaniumleg.com # set the NIS domain for the machine
# it proabably edit /etc/rc.nfs to run cmd domainname
domainname # show the NIS domain
smitty yp # general YP NIS config
smitty mkclient # configure machine as NIS client
rmyp -c # remove yp client config
lssrc -s ypbind # display active vs inoperative NIS
stopsrc -s ypbind # nis client process
startsrc -s ypbind
# /etc/rc.nfs is where the ypbind is set to use specific server (if not broadbcast)

startsrc -g nis # start nis server daemon
stopsrc -g nis


CD
AIX does not have a /etc/nsswitch.conf, instead use /etc/netsvc.conf
and /etc/irs.conf (Information Retrieval System, bind 8 code base, used in FreeBSD also).

Also, changes to irs.conf doesn't seems to be effective till next reboot.
At least that seems to be the case with automount entry,
restarting autofs a/o secldapclntd didn't refresh it.

May want to try these commands in /usr/sbin
flush-secldapclntd
restart-secldapclntd
stop-secldapclntd
start-secldapclntd
ls-secldapclntd


eg of irs.conf





Okay, here a real sample of /etc/irs.conf from an AIX 5.3 machine:
hosts dns continue
hosts nss_ldap continue
hosts nis continue
hosts local
services nss_ldap continue
services nis continue
services local
networks dns continue
networks nss_ldap continue
networks nis continue
networks local
netgroup nss_ldap continue
netgroup nis continue
netgroup local
protocols nss_ldap continue
protocols nis continue
protocols local
###
### http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.doc/cmds/aixcmds1/autom
ount.htm
###
automount nis_ldap
##automount nis
##automount files
##automount nis_ldap nis files





eg of /etc/netsvc.conf

# bind Uses BIND/DNS services for resolving names
# local Searches the local /etc/hosts file for resolving names
# nis Uses NIS services for resolving names. NIS must be running if you specify this option
# nis+ Uses NIS plus services for resolving names. NIS plus must be running if you specify this option
# ldap Uses LDAP services for resolving names
# ldap_nis Uses LDAP NIS services for resolving names
# bind4 Uses BIND/DNS services for resolving only IPv4 addresses
# bind6 Uses BIND/DNS services for resolving only IPv6 addresses
# local4 Searches the local /etc/hosts file for resolving only IPv4 addresses
# local6 Searches the local /etc/hosts file for resolving only IPv6 addresses
# nis4 Uses NIS services for resolving only IPv4 addresses
# nis6 Uses NIS services for resolving only IPv6 addresses
# nis+4 Uses NIS plus services for resolving only IPv4 addresses
# nis+6 Uses NIS plus services for resolving only IPv6 addresses
# ldap4 Uses LDAP services for resolving only IPv4 addresses
# ldap6 Uses LDAP services for resolving only IPv6 addresses
# ldap_nis4 Uses NIS LDAP services for resolving only IPv4 addresses

hosts = nis_ldap, nis, bind, local



NFS

nfso -a # show all nfs options and current value
nfso -o varname[=val] # display/set nfs option.
nfso -o nfs_use_reserved_ports=1
# AIX default does not use port <1024, which result in auth error.
# http://www.faqs.org/faqs/aix-faq/part3/
# only needed for /net with certain solaris version?


Manual NFS mount can be added to /etc/filesystems ::

/nethome:
dev = "/vol/vol1/users"
vfs = nfs
nodename = netapp
mount = true
options = rw,fg,soft,intr,nosuid
account = false

/Import:
dev = "/vol/vol1/depot"
vfs = nfs
nodename = netapp
mount = false
options = ro,fg,hard,intr,nosuid
account = false


mount -o vers=2,proto=tcp,wsize=8192,rsize=8192,llock,soft,intr netapp:/vol/vol1/users /nethome
mount -o vers=2,proto=tcp,wsize=8192,rsize=32768,llock,soft,intr desktop:/mnt/cdrom /mnt/rcdrom
mount -o ro -v cdrfs /dev/cd0 /cdrom



startsrc -g autofs # start autofs service group.
stopsrc -g autofs # stop autofs service group.
# autofs group has only 1 subsystem, so -s or -g is same
startsrc -s automountd # start automount service, more reliable than -g autofs !!

automount is started in the /etc/rc.nfs script.
An alternative is to use the Sun style script (aix supports them, but nothing added
by default), eg in /etc/rc.d/rc2.d/S74autofs, have something like:


/usr/sbin/automount -M /home /-
# monitor /home (for user),
# /- will give the /net/HOST access like sol (and other direct mount)
# aix 5.1 no longer support the -M param

aix 5.1L ML 3, automount started in /etc/rc.nfs as:

/usr/sbin/automount -f /etc/auto_master -D ARCH=SC_AIX

# auto_master had only "+auto_master"
# remember that /home may be a mounted fs, so may wan to use /nethome.
# /net will work okay without -M /- .
# automount will call the automountd process, massage the mount points, and exit.
# do NOT start automountd on the CLI manually, it will not interface with mount correctly.

/etc/exports # export files, similar to HP-UX, Linux
eg content of the file:
/usr -ro,root=admin-desktop"

exportfs -a # export everything
exportfs -v # display active exports
exportfs -i /tmp # manually /tmp w/o entry in exportfs

startrc -g nfs # start mountd, etc

lsauthent # list authenticaltion methods
mknfs -B # start nfs service now and at boot?




Printing
Use smit to add printer, prints to windows print server easily (provided the windows print server has Unix printing services setup):

smitty, Print Spooling, (AIX Print Spooling, choose it if it pops up),
Add a Print Queueus, type is remot, std processing :
Name of Queue to add --> Use printer name maching remote queue name (ie win prt name)
Hostname of remote server --> Windows print server name
Name of queue on remote server --> Windows printer name.
Type of print spooler on remote server --> System V

CLI:
/usr/lib/lpd/pio/etc/piomisc_ext mkpq_remote_ext -q 'QueueName' -h 'Hostname' -r 'RemoteQueueName' -t 'att' -C 'FALSE' -d 'description'


To see what printers are installed, use:
/usr/bin/lsallq # brief listing of printer name only
/usr/lib/lpd/pio/etc/piolsvp -p # listing with queue server and description
/bin/lpstat # query windows print server on printer status, but names are truncated



Sys Config
General SA Commands
oslevel -rq # list all known and recommended ML
oslevel -r # which ML (maint level) machine is at.
oslevel -l 4.3.3.0 # list fileset missing to bring machine to specified level.
oslevel -l 5200-02 -r # aix 5L is weired wrt oslevel -l
oslevel -s # service pack, in addition to ML, not avail on all sys.
# ( -s is new flag starting ca 2006, aix 5.3 ML 3? not in base 5.3)

uname -a # ver info, also with val of -m at the end
uname -m # some sort of machine code, includes serial number of the machine:
# 000F2C9A4C00 embeds serial 00F2C9A4 (jc)
# 000750AC4C00 embeds serial 10-750AC (vs -u opt)
uname -u # serial number (of management frame).
# IBM,0110750AC embeds serial 10-750ac (targa, 4.3 )
uname -L # first number = the LPAR partition number
# OS is running inside of.

errpt # generate ERRor rePorT. This is more detailed than syslog.
errpt -a # all entries, detailed view. Default is brief listing only.
errpt -A # Abreviated detailed view.
-D # Collapse duplicate entries.


watch cmd -o logfile # similar to truss cmd, but can't watch existing pid
truss # exist for 5.x, in /bin

topas # top/monitor clone
vmstat
sar
istat
slibclean
svmon



----
NIM Network Install Manager
- Network installation of aix, equiv of solaris jumpstart
- r-cmd to control remote machine


Config Files
/etc/passwd
/etc/security/passwd # similar to shadow file
/etc/security/login # dictate shells that are valid shell for various process.
# if user shell not listed here, ftp will fail.
/etc/ftpaccess # set ftp access priviledges, allow/deny access, etc.
/etc/nologin # tmp disable login, presence of file set this behaviour
/etc/filesystems # instead of /etc/fstab




# /etc/syslog.conf

# can start syslog simply as: /usr/sbin/syslogd
# kill -HUP reload config file, adding note to error level (it whines).
#
# ensure the two columns are separated by TAB, not spaces
# or syslogd will fail to log silently!!
# AIX 5.x works okay with spaces now.

# IBM don't seems to have any standard, there are no default settings.

# *.info /var/adm/syslog_info.log
*.notice /var/adm/syslog_notice.log rotate size 100k files 4
# *.warning /var/adm/syslog_warning.log
# *.err /var/adm/syslog_err.log
*.crit /var/adm/syslog_crit.log

# create files as follows:
# touch /var/adm/syslog_info.log /var/adm/syslog_crit.log
# touch /var/adm/syslog_notice.log
# touch /var/adm/syslog_warning.log /var/adm/syslog_err.log
# really just need crit and notice
# warning and notice are same, both just marginally smaller than info.









# /etc/filesystems

/:
dev = /dev/hd4
vol = "root"
mount = automatic
check = false
free = true
vfs = jfs2
log = /dev/hd8
type = bootfs

/home-old:
dev = /dev/hd1
vol = "/home"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8

/usr:
dev = /dev/hd2
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = /usr
free = false

/var:
dev = /dev/hd9var
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
type = bootfs
vol = /var
free = false

/tmp:
dev = /dev/hd3
vfs = jfs2
log = /dev/hd8
mount = automatic
check = false
vol = /tmp
free = false

/proc:
dev = /proc
vol = "/proc"
mount = true
check = false
free = false
vfs = procfs

/opt:
dev = /dev/hd10opt
vol = "/opt"
mount = true
check = true
free = false
vfs = jfs2
log = /dev/hd8

/lhome:
dev = /dev/vol1
vfs = jfs2
log = /dev/loglv00
mount = true
options = rw
account = false

/home_na:
dev = "/vol/vol1/users"
vfs = nfs
nodename = na_data
mount = true
options = rw,fg,hard,intr,nosuid
account = false

/mnt/import:
dev = "/vol/vol1/depot"
vfs = nfs
nodename = na_data
mount = true
options = rw,fg,hard,intr,nosuid
account = false

/mnt/cdrom:
dev = "/dev/cd0"
vfs = cdrfs
mount = false
check = false
options = ro
vol = "/mnt/cdrom"
free = false



Hardware commands
lspci
lsattr

Hot swap PCI cards, or hot remove. Essentailly, issue command to identify, then power off a given pci slot, then reactivate it again.
smit, devices, pci hot plug manager

shutdown -F # shutdown right away, no delay time
-r # reboot
-m # maintenance mode
shutdown -r +5 "msg to users" # +5 = 5 minutes later.

lsattr # list attributes
-D # display def val
-R # display range of legal values
-E # display Effective vall (current settings)
-l name # specify dev logical name
-a attr # specify attribute of NAME logical dev

lsattr -El sys0 # show lot of hardware info, include mem
lsattr -El sys0 -a realmem # get specifically the memory attribute, in KB.

lsdev -Cc processor # see number of processor on machine (may not be numbered in sequence)
lsattr -El proc0 # find processor speed

pmcycles -m # list total number of CPU. installed in /bin by bos.pmapi.
# AIX 5.2 and above, CD #1.


A note about IBM processors.
POWER4 and POWER5 processor are typically packed in a processor card as a Dual Chip Module (DCM). The processor card has a single physical "CPU" in the traditional sense of touchable chip, but internally it has two cores and is marketed as a 2-way processor.
The CPU listed by the output of pmcycles -m is similar to the Intel Hyperthreadig tech whereby a processor can run more than one thread at a time, it is not a physicall processor per se, but available to the programmer.
Thus, a fully populated 4-way processor P5-550 would have 2 DCM processor card (two 2-way processor cards), lsdev -Cc processor will show 4 processors, and pmcycles -m will show 8 CPU.
REF: IBM redbook-p5-550.pdf


lscfg # list config
# ses are internal scsi disks
# scsi includes int and ext disks
# procX are CPUs
# fca = Fiber Channel HBA
lscfg -vp # lot more detailed info, eg: use to search for fca
lscfg | grep disk # see number and size of HD


lsslot -c pci -a # list pci slot info

lsdev # list devices



cfgmgr # rescan bus and install driver for new devices
# eg when new device made available over SAN
-S # scan serially (instead of parallel)
-v # verbose, print more status info
# Note that emc come with its wrapper script to do the work.

bootinfo -y # 32 v 64-bit enabled
# NOTE: bootinfo is runnable by root only.
-K # current kernel mode
# show kernel native bits,
# NOTE: 32-bit can run 64 bit app anyway.
-r # real memory in system in KB
-s hdisk0 # disk size in MB
bootinfo -b # last boot dev
bootinfo -m # machine model code
-p # hw platform (type of bus, etc)
-r # show real memory in sys, in Kb

----

LPAR sysmtem
From HMC (hardware manager console), cmds in /opt/hsc/bin

query_cecs # list all online managed sys
get_cec_state -m # find curret state of sys

get_op_panel -m # get operator panel lcd code

get_cec_mtms -m # frame type and serial number, buggy.




Package/Software Management

lslpp -h bos.rte # show fileset history (from package mgnt?)
lslpp -L bos.rte # snapshot of main levele and statet of fileset
lslpp -f bos.rte # see what files are installed by a given fileset.
lslpp -l bos.net.nfs.client # show fileset revision level
lppchk -v # chk see if any lpp product are broken, obsolete, missing

lslpp -l | grep vacpp # show all fileset info about the ibm compiler

installp flags
a apply update (def action)
c commit
g recursively install prereq
X eXpand (local) FS is more space is needed.
d file specify the location of the media file ( . for current dir).
p preview only, nothing will actually be done.

eg:

installp -qa -d . -X all # apply updates
installp -rB -X all # reject updates
installp -c -g -X all # commit updates
smitty install_commit # same as above.
installp -qac -N all -d . # install w/ commit on, no backup, no simple roll back.
installp -u [filesetname] # uninstall comitted lpp product

installp -iq -d /dev/cd0 all # display supplemental info abouut ML patch in cd
installp -qA -d /dev/cd0 all # display APAR info


IBM Software iFOR licensing commands
i4cfg -list # list license services status

i4blt # license management for visual age. no param = help
-r 6 # print report type 6. see help for more types.
-lp # list licenses
-lp -i # list licenses with extra info, such as time stamp
-s # prod license status
-a # add/enroll a produt

-d # delete license
-v # opt vendor info (for some custom lic, used by VA C++
-p # opt product info
-U # update license
-T # specify number of user, cn license only

eg
14blt -a -f /usr/vac/c44aix_cn.lic -T 10 -R "registration_comment_avoid_space"
# enroll a license. -T 10 inidcates number of licenses.

i4blt -U -v "'IBM Software Solutions Toronto'" -p "'VisualAge C++ Professional' 6.0.n" -T 100
# Update license to allow 100 users. Only for _cn license type.
# Be very careful about quotes! Name with spaces need additional
# single quotes around them!!! Awful syntax and very cryptic error messge!!

i4blt -d -n server_name -v "'vendor name with space'" -p "'product name' product_version" -t timestamp
i4blt -d -v "'IBM Software Solutions Toronto'" -p "'VisualAge C++ Professional' 6.0.n" -t 1022291809
i4blt -d -v "'IBM Software Solutions Toronto'" -p "'C for AIX' 6.0.n" -t 1022291952
# delete a license.
# -t is timestapm retrieved from output of i4blt -lp -i


License files are located in
/usr/vac/*.lic
/usr/vacpp/*.lic

The files type are:
C C++ license file names
cforaix_cn vacpp_cn = concurrent nodelock LUM license
_c _c = concurrent network
_n _n = simple nodelock

The First line of file is actually command for license enrollment.


Visual Age compiler license file installation requires the package bos.adt.libm For 5.1L, it is in CD 4/6. However, its install need to kick started from CD 1, by requesting the install of all all componets of bos.adt, which is not installed by default.


Applying ML
http://techsupport.services.ibm.com/server/mlfixes/43/
http://techsupport.services.ibm.com/server/mlfixes/43/11/00to11.html

get aix ML (Maintenance Level patch) and instructions on installing it.


inutoc ./usr/sys/inst.images/
installp -acgXd ./usr/sys/inst.images bos.rte.install
smit update_all #

cd /home_sc/sa/share/aix43.ml/433.noLevel_to_11
inutoc . # this creates the .toc file
installp -acgXd . bos.rte.install # install the basic os patch ?
smit update_all # add the other patches
oslevel -r # + reboot

If getting APAR fixes with a series of .bff files, use
(touch .toc, chmod 777 .toc)
inutoc .
and then smitty update_all on the dir to install all the patches.

java 1.4 download, they came in .tar.gz format.
strangely, it seems that I have to use tar xf from aix to correctly extract the archive.
it become a backup/restore file which "smitty installp" as "Install Software"
with path to the file as dir location will work.
May actually need to specify the full name of the installp image filename in the path.
tar off from solaris doesn't seems to work!!



Software Patches
aka Program Temporary Fix
instfix -i # show applied APAR fix
instfix -i | grep AIX_ML # fix done by ML patch
instfix -i -k IY78933 # see if a given IY APAR fix had been applied.
instfix -ivq | grep xlC.aix5.*rte | sort -u # list installed xlC runtime environment


/usr/lib/instl/sm_inst instfix_cmd -d '/lhome/root/vacpp7_rte8' -f 'IY78993' -c -N -X
# install the specific IY78933 from the RunTimeEnv v8 for "xlC v7"
# this can be done over NFS dir, provided .toc is created correctly
# and stored on this NFS source.
# The downloaded PTF file vacpp.70.aix.nov2005.ptf.tar.Z need to be extracted
# which produce a series of .bff files in backup/restore format.

/usr/lib/instl/sm_inst installp_cmd -a -Q -c -N -g -X -G \
-d '/nfshome/sa/share/aixX.smit/aix_vacpp_rte7_nov2005/extract' -f _all_latest
# install the whole RunTimeEnv v8 for "xlC v7"

/usr/lib/instl/sm_inst installp_cmd -a -c -N -g -X \
-d '/nfshome/sa/share/aixX.smit/aix_vacpp_rte7_nov2005/extract' -f _update_all
# apply relevant updates from RunTimeEnv v8 for "xlC v7"
# it will not display failure msg when optional debugger
# components are not installed.




Example: Installing and Patching IBM Visual Age c++

copy cdrom image
run smit

use dir of
cdrom/usr/sys/inst.images
eg /nethome/sa/software/VisualAge_5.0.2_cd/usr/sys/inst.images
/nethome/sa/software/VisualAge_5.0.2_cd/usr/sys/mvCD

NOTE: use inst.images first, then mvCD.

mvCD may have complain of wrong path, but it generally list more stuff and install more programs, even when some may fail.
mvCD may be listing all software in the whole CD set, not just a given CD.
mvCD would fail if content is network path and no CD media change is possible.
actually, aix5l book suggest use of inst.images dir (build .toc before install if obtaining as tar is normal procedure.)


use F7 or ESC,7 to toggle selection.
can use keyword "all" to select all subpackages.
but note that it will not currectly detect os level and then cause fialure notices.


Applying patches :

/nethome/sa/software/VisualAge_patch_to_5.0.2.7

it is like installing normal software, but the tar didn't have a .toc file.
thru smit, there was an entry to list software in media, run it so that it created a .toc file.
After that, install the patch as software (via smit update_all), which generate commands like:

geninstall -I "a -cgNqwX -J" -Z -d /nethome/sa/software/VisualAge_patch_March2003_runtimePTF -f File 2>&1

File:
xlC.adt.include 6.0.0.0
xlC.aix50.rte 6.0.0.0
xlC.aix50.rte 6.0.0.5
xlC.msg.en_US.rte 6.0.0.0
xlC.rte 6.0.0.0

geninstall -I "a -cgNqwX -J" -Z -d /nethome/sa/software/VisualAge_patch_March2003PTF -f File 2>&1


Adding international LOCALE
smitty lang (System Environments,Manage Language Environment),
go to "Add Additional Language Environments"
Then there are two possibilities:
- CULTURAL convention to install
This add support for desired lang (already supported language can be
found from "locale -a")
- LANGUAGE translation to install
This add system error message for many different software packages
installed on the machine. Not typically needed for dev/test of intl lang
support.


Instead of putting CD into machine CD-ROM drive, one can specify network shared CD-ROM
such as /net/tin-sun/cdrom, but it will NOT prompt to change CD,
and any language locale pack selected not avail on network path will simply not be queue for
install, so not even error message. If the CD has nothing about the related
language, it will display error. Most International language locale start
with CD #5.

----

Can use Remove Lang Env to see list of installed lang translation locale.
Sometime adding a language locale complain missing file set pre-req. do:
cd directy to the dir with the bos.loc.com file, and install it manually.
smitty installp on any of the CD doesn't show option to add this fileset!

cd /share/aix5.2/disk1/usr/sys/inst.images
installp -acgXd . bos.loc.com

lslpp -l | grep bos.loc.com
bos.loc.com.CN 5.2.0.30 COMMITTED Common Locale Support -
bos.loc.com.utf 5.2.0.50 COMMITTED Common Locale Support - UTF-8
[...]

May also need to put in CD #1 and use smitty installp, and add the necessary
bos.iconv set appropriate to the desired language.

---

other locale/intl related cmd:
chlang es_ES # change to use spanish from spain... update .profile, effective after re-login.
# but I don't see the effects...

chkbd
lsfont
lskbd


Ref: Understanding Locale from AIX online ref.

Loose ends
AIX dev env does not use LD_LIBRARY_PATH, but instead use LIBPATH

Places to get freeware for aix.
http://silcon.silcon.com/~baspence/AIXtip/freeware.htm
http://aixpdslib.seas.ucla.edu/ [recommended by esj]

monitor # top like tool for real time monitor
# t = top processes

# a = toggle view mode
# ? = help

portmon

Reference
rootvg.net AIX portal, lot of sutff!

IBM Online documentation at http://publib.boulder.ibm.com/infocenter/pseries/
Service Guide for RS/6000 F80 (Ch 4 and 5 have 4 digits LED error code for boot time hardware/firmware problem). http://publib16.boulder.ibm.com/pseries/en_US/infocenter/base/hardware_docs/pdf/380568.pdf
RS/6000 Diagnostic LEDs (BITS code, 3 digits used in older, small machines). BIST Error Code

AIX Toolbox for Linux
Download specific IBM fileset Specify OS version and "specific fixes", and it will bring a search page that allows retrieval of a specific version of a given fileset. eg bos.net.nfs.client 5.3.0.50.

1 comment:

Taragch said...

This is very helpful. Thanks for the good work.