Monday, December 31, 2007

Starting a WPAR & Logging WPAR

Starting a WPAR
This could not be simpler:

At the command line type "startwpar wp13"
At the WPAR Manager, select the WPAR in the defined state then Actions and start
Starting a WPAR takes only a few seconds

Logging into a WPAR
clogin WPAR_NAME

From the global area
WARNING any process started from a clogin will NOT survive a checkpoint and restart. This is regardless of any attempts to disconnect the processes created from the terminal session like UNIX daemon processes try to do.
Recommend - only ever use clogin to repair a broken network otherwise you risk forgetting and your important services halting on you first Relocate. Been there - it was mystifying, painful and wasted half a day.
See the example below:


Just as you would access a regular copy of AIX you ca
Personally, I use the excellent and freely available tool called PuTTY from my Windows XP based PC. Most of the screen captures here are taken from PuTTY.

Again just like a regular copy of AIX, VNC can be installed and used to gain graphical X Windows access to your machine.
I have not tried it personally, but I assume SSL and ssh will work fine too once set up.

WPAR views of the filesystems
# df - m

Filesystem MB blocks Free %Used %Iused Mounted O
ssc10:/nfs/wp03root 32768.00 32422.66 2% 24178 1% /
ssc10:/nfs/wp03home 32768.00 32422.66 2% 24178 1% /
/opt 96.00 2.05 98% 1863 71% /opt
/proc - - - - - -
ssc10:/nfs/wp03tmp 32768.00 32422.66 2% 24178 1% /tmp
/usr 1520.00 59.37 97% 32066 65% /usr
ssc10:/nfs/wp03var 32768.00 32422.66 2% 24178 1% /var

Here you can see the WPAR can only list the filesystems that it has - this is good for security. We can also see that the private filesystems (/, /home, /var and /tmp) are read/write but the file systems shared from the global AIX are read-only. This makes it very simple to make a tool or command available to all WPARs on the system - i.e. put the file in the global filesystem that is shared like /usr/local/bin and it becomes available to all WPARs.

WPAR view of the network
# ifconfig -a

en0: flags=5e080863,c0
inet netmask 0xffffff00 broadcast
tcp_sendspace 131072 tcp_recvspace 65536
lo0: flags=e08084b
inet netmask 0xff000000 broadcast
inet6 ::1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1

Here you can see the the WPAR is only aware of this network connection and so it can't get access to the global network or the network of other WPAR. This is good for security.

Compare global and WPAR view of disks and paging space
lsps -a command can be executed from root as well as WPAR to get information of paging space of global paging space & WPAR global paging space.

Here we see that the global AIX as real disks and paging space but the WPAR has neither.
This can confuse some tools - how can a system run with no disks??? Well the WPAR does have filesystems but no direct access to the disks - this means a WPAR systems administrator can't create logical volumes nor filesystems. this is a two edged sword

The disk management must be done at the global AIX level and then a new filesystem added to a WPAR = OK we can live with that as the global AIX is in charge of real resources.
This stops WPAR system administrators from messing up the machine configuration.

From Global view
we can run
#topas --- to see global performance .
#topas -@ WPAR_NAME

No comments: