AIX Quick Start

11/14/2010 AIX QuickStart
Main Page -> QuickSheets -> AIX QuickStart
AIX QuickStart
Version 1.0.0
Date: 3/29/10
This document is w ritten based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX.
Overview
Design Philosophy
• AIX is primarily a tool-managed Unix. While some Unices have a • Both System P hardw are and AIX are heavily geared towards
file-managed interface, AIX tends to use stanza files and ODM virtualization. AIX is practically a para-virtualized environment in
databases as data stores for configuration options. This makes how well it is integrated with the System P virtualization
many configuration options rather difficult or simply impossible technologies. At the user level, all performance and management
with just a text editor. The AIX alternative is to leverage an commands have been modified to account for differences that
expansive set of specialized tools for all configuration options. occur in a virtualized environment. Despite and because of these
• AIX is well integrated w ith System P hardware. As typical with changes, a virtualized environment is virtually indistinguishable
big-Unix implementations, AIX has a tight integration with the from a non-virtualized environment to the user.
hardw are it runs on. The result of this integration is an OS that • AIX has a stable interface. While the management tools and style
not only provides extensive diagnosis and reporting of hardw are of those tools has not changed within AIX for over a decade, the
issues, but also is designed to exploit numerous hardw are technologies supported by AIX has grow n considerably. This is a
features. IBM extends this integration even more by allowing AIX significant feature of AIX in that it introduces new technologies
insight into the virtualization layer w ith abilities like virtual within a consistent, approachable, and well designed interface.
processor folding. • The LVM integration w ith AIX is thorough and mature. From the
• IBM tends to lead w ith hardware and follow with the OS. Major install, management, and maintenance every aspect of LVM
releases of the OS tend to coincide with new hardw are features design dovetails into other components of the OS, firmw are, and
and leverage those advances in the hardw are. While other hardw are to create an unparalleled environment. It is for this
Unices may take a softw are-centric approach to a solution, IBM reason that AIX systems are more likely to be SAN booted and
tends to rely upon all layers of the system to an end. One good less likely to have 3rd party LVM products layered on top than
example of this is the maturity and depth of virtualization other Unices.
technologies that permeate the System P product line. • A central focus of IBM design has been on RAS features.
• Commands in AIX generally follow a verb-noun syntax. The verbs Particularly w ith Pow er 6 systems, IBM has designed extensive
tend to be ls (list), mk (make), rm (remove), and ch (change). The error detection and recovery into the products. AIX is just one
nouns vary by the target area such as dev, fs, vg, and ps. Even enabling component to this end. All systems from CPU, memory,
many of the odd-named variants follow a similar syntax such as I/O busses, to system processes are considered and accounted
crfs, reducevg, and installp. for in this design.
Acronyms & Definitions
www.tablespace.net/quicksheet/aix-quickstart.html 1/24
CoD - Capacity on Demand. The ability to add compute capacity in MSPP - Multiple Shared Processor Pools. This is a capability
the form of CPU or memory to a running system by simply introduced in Power 6 systems that allow s for more than one
activating it. The resources must be pre-staged in the system SPP.
prior to use and are (typically) turned on w ith an activation key. NIM - Netw ork Installation Management / Netw ork Install Manager
There are several different pricing models for CoD. (IBM documentation refers to both expansions of the acronym.)
DLPAR - Dynamic Logical Partition. This was used originally as a NIM is a means to perform remote initial BOS installs, and
further clarification on the concept of an LPAR as one that can manage software on groups of AIX systems.
have resources dynamically added or removed. The most popular ODM - Object Data Manager. A database and supporting methods
usage is as a verb; ie: to DLPAR (add) resources to a partition. used for storing system configuration data in AIX. See the ODM
HEA - Host Ethernet Adapter. The physical port of the IVE interface section for additional information.
on some of the Pow er 6 systems. A HEA port can be added to a PP - Physical Partition. An LVM concept where a disk is divided into
port group and shared amongst LPARs or placed in promiscuous evenly sized sections. These PP sections are the backing of LPs
mode and used by a single LPAR. (See IVE) (Logical Partitions) that are used to build volumes in a volume
HMC - Hardw are Management Console. An "appliance" server that group. See the LVM section for additional information.
is used to manage Power 4, 5, and 6 hardw are. The primary PV - Physical Volume. A PV is an LVM term for an entire disk. One or
purpose is to enable / control the virtualization technologies as more PVs are used to construct a VG (Volume Group). See the
well as provide call-home functionality, remote console access, LVM section for additional information.
and gather operational data. PVID - Physical Volume IDentifier. A unique ID that is used to track
IVE - Integrated Virtual Ethernet. The capability to provide disk devices on a system. This ID is used in conjunction w ith the
virtualized Ethernet services to LPARs without the need of VIOS. ODM database to define /dev directory entries. See the LVM
This functionality was introduced on several Pow er 6 systems. section for additional information.
IVM - Integrated Virtualization Manager. This is a management SMIT - System Management Interface Tool. An extensible X Window
interface that installs on top of the VIOS software that provides / curses interface to administrative commands. See the SMIT
much of the HMC functionality. It can be used instead of a HMC section for additional information.
for some systems. It is the only option for virtualization SPOT - Shared Product Object Tree. This is an installed copy of the
management on the blades as they cannot have HMC /usr file system. It is used in a NIM environment as a NFS
connectivity. mounted resource to enable remote booting and installation.
LHEA - Logical Host Ethernet Adapter. The virtual interface of a IVE SPP - Shared Processor Pool. This is an organizational grouping of
in a client LPAR. These communicate via a HEA to the outside / CPU resources that allows caps and guaranteed allocations to
physical w orld. (See IVE) be set for an entire group of LPARs. Power 5 systems have a
LPAR - Logical Partition. This is a collection of system resources single SPP, Pow er 6 systems can have multiple.
(CPU, Memory, I/O adapters) that can host an operating system. VG - Volume Group. A collection of one or more PVs (Physical
To the operating system this collection of resources appears to Volumes) that have been divided into PPs (Physical Partitions)
be a complete physical system. Some or all of the resources on a that are used to construct LVs (Logical Volumes). See the LVM
LPAR may be shared w ith other LPARs in the physical system. section for additional information.
LV - Logical Volume. A collection of one or more LPs (Logical VGDA - Volume Group Descriptor Area. This is a region of each PV
Partitions) in a VG (Volume Group) that provide storage for (Physical Volume) in a VG (Volume Group) that is reserved for
filesystems, journal logs, paging space, etc... See the LVM metadata that is used to describe and manage all resources in
section for additional information. the VG. See the LVM section for additional information.
LVCB - Logical Volume Control Block. A LVM structure, traditionally
within the LV, that contains metadata for the LV. See the LVM
section for additional information.
MES - Miscellaneous Equipment Specification. This is a change order
to a system, typically in the form of an upgrade. A RPO MES is for
Record Purposes Only. Both specify to IBM changes that are
made to a system.
Disks, LVM, & Filesystems

Concepts
• LVM (Logical Volume Manager) is the ever-present disk and • The ODM is central to managing off-disk LVM structures and
volume management framew ork for AIX. The level of integration physical device to hdisk mappings. When a VG is created or
is visible not only in fileystem commands that understand the imported this information is added to the ODM as w ell as other
underlying LVM, but in other, higher level, commands like the system files such as /etc/filesystems.
install and backup utilities that can optionally grow filesytems • AIX LVM supports several versions of VGs that have been
when necessary. introduced over the lifetime of the product. The VG types are
• Physical disks (hdisks) are placed under LVM control by adding normal, big, and scalable. Normal VGs w ere the original creation
them to a VG (volume group). Within LVM, these disks are and are more limited than the big or scalable types. The easiest
referred to as PVs (Physical Volumes). way to tell the type of an existing VG is to look at the Max PV
• Each PV in a VG contains a unique ID called a PVID. The PVID of a value for the VG (see example in the next section).
disk is used to track all disks in a VG, but also provides a device VG mkvg Max Max Max Notes
name independence that makes importing, exporting, and disk Type option PV LV PP
management much simpler. Because the unique characteristics of
Legacy 32 256 3512 C an be converted to Big VG
the disk become the identifier, the device name remains
consistent but does not need to as (properly) renaming / Big -B 128 512 130048 LVC B data is stored in the head
reordering disks under LVM control is of little consequence. of the data area in the LV
• Once a hdisk is placed into a VG it is divided into PP (Physical Scalable -S 1024 4096 2097152 Default LV and PP values are
Partitions). PPs are then used to create LVs (Logical Volumes). lower and can be increased to
An additional layer of abstraction is placed betw een an LV and a shown maximums
PP called a LP (Logical Partition) that allow s for more than one PP • The default filesystem on AIX is JFS2. JFS2, and it predecessor
to be used (i.e. mirrored) to back each portion of a LV. JFS, are both journaling filesystems that utilize the fundamental
Unix filesystem structures such as i-nodes, directory structures,
and block allocations. (Technically, JFS2 allocates blocks in
groups called "extents".)
• JFS2 is not an implementation of UFS and expands considerably
over basic filesystem features w ith such capabilities as
snapshots, dynamic i-node allocation, online grow th, extended
attributes, and encryption. AIX provides a layer of abstraction
over all supported filesystems that map filesystem specific
structures to standard Unix filesystem tools so that filesystems
like JFS2 appear as an implementation of UFS.
• While most journaled Unix filesystem implementations use inline
logs (w ithin the filesystem structure), AIX tends to use a special
type of LV that is created only to contain log data. The jfs(2)log
LV can provide logging capability for more than one filesystem
LV. The log type must match the filesystem type. JFS2 can log to
A simplistic logical view of two PVs in a VG providing mirrored PPs for a LV.
an inline log, but these implementations tend to be the
exception to the rule.
• Several on-disk structures are responsible for holding all LVM • The default filesystems that are installed with AIX:
information. The VGDA resides on each disk and holds structural
hd1 /home
information such as the member PVs. The VGSA also resides on
each disk and contains status information on all member devices. hd2 /usr
The LVCB varies by VG type but traditionally has resided in the hd3 /tmp
first part of an LV (w hen it exists as a separate structure). In hd4 / root
addition to the basic LVM commands that manage these
hd5 BLV (B tL i lV l )
hd5 BLV (Boot Logical Volume)
structures, there are a number of low er level LVM commands that
accesses this metadata more directly. hd6 Paging space
• The first disk in a VG w ill have tw o copies of the VGDA, and a tw o hd8 JFS2 log
disk VG w ill have one disk w ith a single VGDA and the other with
hd9var /var
tw o copies. For three disk and larger VGs, each disk has a single
copy of the VGDA. hd10opt /opt
• The concept of quorum is achieved when > 50% of the copies of hd11admin /admin New in 6.1
the VGSA/VGDAs are online. If quorum is lost then the VG can be livedump /var/adm/ras/livedump New in 6.1 TL3
taken offline.
/proc procfs pseudo filesystem
• Quorum is problematic for tw o disk VGs because the loss of the
tw o VGDA disk means a loss of the entire VG. In a mirrored
configuration (a typical case for tw o-disk VGs) it is inappropriate
to offline the VG for a single disk failure. For this reason, quorum
rules can be turned off in the case of a tw o disk mirrored VG.
Management
List all PVs in a system (along) with VG membership Find the file usage on the /var filesystem
lspv du -smx /var
List all LVs on PV hdisk6 List users & PIDs with open files in /data04 mount
lspv -l hdisk6 fuser -xuc /data04
List all imported VGs List all mounted filesystems in a factor of Gigabytes
lsvg df -g → (-m and -k are also available)
List all VGs that are imported and on-line Find what PV the LV called datalv01 is on
lsvg -o lslv -l datalv01
››› The difference betw een lsvg and lsvg -o are the imported ››› The "COPIES" column relates the mirror distribution of the
VGs that are offline. PPs for each LP. (PPs should only be listed in the first part of
List all LVs on VG vg01 the COPIES section. See the next example.) The "IN BAND"
lsvg -l vg01 column tells how much of the used PPs in this PV are used
List all PVs in VG vg02 for this LV. The "DISTRIBUTION" column reports the number
lsvg -p vg02 of PPs in each region of the PV. (The distribution is largely
List filesystems in a fstab-like format irrelevant for most modern SAN applications.)
lsfs Create a LV with 3 copies in a VG w ith a single PV
mklv -c 3 -s n -t jfs2 -y badlv badvg 4
Get extended info about the /home filesystem
lsfs -q /home ››› Note: This is an anti-example to demonstrate how the
Create the datavg VG on hdisk1 with 64 MB PPs COPIES column w orks. This LV violates strictness rules. The
mkvg -y datavg -s 64 hdisk1 COPIES column from lslv -l badlv looks like: 004:004:004
Move a LV from hdisk4 to hdisk5
Create a 1 Gig LV on (previous) datavg migratepv -l datalv01 hdisk4 hdisk5
mklv -t jfs2 -y datalv datavg 16
Move all LVs on hdisk1 to hdisk2
Create a log device on datavg VG using 1 PP migratepv hdisk1 hdisk2
mklv -t jfs2log -y datalog1 datavg 1
››› The migratepv command is an atomic command in that it
Format the log device created in previous example
logform /dev/datalog1 does not return until complete. Mirroring / breaking LVs is an
alternative to explicitly migrating them. See additional
Place a filesystem on the previously created datalv migratepv, mirrorvg, and mklvcopy examples in this section.
crfs -v jfs2 -d datalv -m /data01 -A y
Put a PVID on hdisk1
››› A jfs2 log must exist in this VG and be logform(ed). (This was chdev -l hdisk1 -a pv=yes
done in the previous steps.) -m specifies the mount point for
››› PVIDs are automatically placed on a disk w hen added to a
››› PVIDs are automatically placed on a disk w hen added to a
the fs, and -A y is a option to automatically mount (w ith
VG
mount -a).
Remove a PVID from a disk
Create a scalable VG called vg01 w ith tw o disks chdev -l hdisk1 -a pv=clear
mkvg -S -y vg01 hdisk1 hdisk2
››› This w ill remove the PVID but not residual VGDA and other
Create a FS using the VG as a parameter data on the disk. dd can be used to scrub remaining data
crfs -v jfs2 -g simplevg -m /data04 \
from the disk. The AIX install CD/DVD also provides a "scrub"
-A y -a size=100M
feature to (repeatedly) w rite patterns over data on disks.
››› The VG name here is "simplevg". A default LV naming Move (migrate) VG vg02 from hdisk1 to hdisk2
convention of fslvXX will be used. The LV, and in this case extendvg vg02 hdisk2
log-LV, will be automatically created. migratepv hdisk1 hdisk2
Take the datavg VG offline reducevg vg02 hdisk1
varyoffvg datavg
››› Mirroring and then unmirroring is another method to achieve
Vary-on the datavg VG this. See the next example
varyonvg datavg Move (mirror) VG vg02 from hdisk1 to hdisk2
››› By default the import operation will vary-on the VG. An extendvg vg02 hdisk2
explicit vary-on will be required for concurrent volume groups mirrorvg -c 2 vg02
that can be imported onto two (or more) systems at once, unmirrorvg vg02 hdisk1
but only varied-on on one system at a time. reducevg vg02 hdisk1
Remove the datavg VG from the system
››› In this example it is necessary to w ait for the mirrors to
exportvg datavg
synchronize before breaking the mirror. The mirrorvg
Import the VG on hdisk5 as datavg command in this example w ill not complete until the mirror is
importvg -y datavg hdisk5
established. The alternative is to mirror in the background,
››› The VG in this example spans multiple disks, but it is only but then it is up to the administrator to insure that the mirror
necessary to specify a single member disk to the command. process is complete.
The LVM system will locate the other member disks from the Create a striped jfs2 partition on vg01
metadata provided on the single disk provided. mklv -C 2 -S 16K -t jfs2 -y vg01_lv01 \
Import a VG on a disk by PVID as datavg vg01 400 hdisk1 hdisk2
importvg -y datavg 00cc34b205d347fc
››› This creates a stripe w idth of 2 w ith a (total) stripe size of
Grow the /var filesystem by 1 Gig 32K. This command w ill result in an upper bound of 2 (same
chfs -a size=+1G /var as the stripe size) for the LV. If this LV is to be extended to
››› In each of the chfs grow filesystem examples, AIX w ill another two disks later, then the upper bound must be
automatically grow the underlying LV to the appropriate size. changed to 4 or specified during creation. The VG in this
Grow the /var filesystem to 1 Gig example w as a scalable VG.
chfs -a size=1G /var Determine VG type of VG myvg
List the maximum LPs for LV fslv00 lsvg myvg | grep "MAX PVs"
lslv fslv00 | grep MAX ››› MAX PVs is 32 for normal, 128 for big, and 1024 for scalable
Increase the maximum LPs for fslv00 LV VGs.
chlv -x 2048 fslv00 Set the system to boot to the CDROM on next boot
Create a mirrored copy of fslv08 bootlist -m normal cd0 hdisk0 hdisk1
mklvcopy -k -s y fslv08 2 ››› The system will boot to one of the mirror pairs (hdisk0 or
››› syncvg -l fslv08 must be run if the -k (sync now ) sw itch is hdisk1) if the boot from the CD ROM does not w ork. This can
not used for mklvcopy . be returned to normal by repeating the command w ithout
cd0.
Add hdisk3 and hdisk4 to the vg01 VG
extendvg vg01 hdisk3 hdisk4 List the boot device for the next boot
bootlist -m normal -o
Mirror rootvg (on hdisk0 ) to hdisk1
extendvg rootvg hdisk1
mirrorvg -S rootvg hdisk1 ◊ Command reference: lspv, lsvg, lslv, mkvg, mklv, reducevg,
mirrorvg S rootvg hdisk1
bosboot -ad hdisk0 extendvg, mklvcopy, chvg, logform, lvmo, exportvg, importvg,
bosboot -ad hdisk1 varyonvg, varyoffvg, bosboot, bootlist, /etc/filesystems, crfs,
chfs, lsfs, rmfs, mount, fuser, df, du
bootlist -m normal hdisk0 hdisk1
››› The -S option to mirrorvg mirrors the VG in the background.
Running bosboot on hdisk0 is not required - just thorough.
NFS
• Many of the NFS commands accept the -I, -B, or -N switches. List all exported file systems
These three sw itches are used to control the persistence of the showmount -e
command. -B is now and future boots, -I is future boot (but not ←or→
now), and -N is now (but not next boot). The -B option tends to exportfs
be the default. The follow ing table relates how these options Temporarily export the /varuna_nfs directory
modify the NFS commands: exportfs -i -o rw,root=vishnu:varuna \
/varuna_nfs
Flag Now After Boot
››› The root users on vishnu and varuna are given root access
-I √
to this share. This export was used to create a system WPAR
-B √ √ called varuna on a LPAR called vishnu that can be found in
-N √
the WPAR section below .
Export all entries in /etc/exports
exportfs -av
• The NFS daemons are started out of /etc/inittab using the (Temporarily) unexport the /proj share
/etc/rc.nfs script. The mknfs and rmnfs commands toggle the exportfs -u /proj
inittab entries and control if the NFS system starts. Permanently export the /proj share
• The "share" commands are provided for compatibility with other mknfsexp -d /proj -t rw
Unices. The share commands are links to the exportfs command. ››› The -N, -I, and -B options are valid w ith this command.
Here, the -B is implied. If the NFS services are not set to re-
Enable NFS daemons now , and on next start start on boot then this export w ill technically not be
mknfs "permanent" as the share, even though this entry is
Disable NFS daemons now , and on next start permanent, will not be enabled after next boot.
rmnfs List clients of this host with share points
See if NFS w ill start on boot showmount -a
lsitab rcnfs Add an entry to the /etc/filesystems file
››› This command simply lists the rcnfs entry in /etc/inittab. If mknfsmnt -f /projects -d /proj \
one exists (and is not commented out) then the rc.nfs script -h mumbai -A -E
w ill be run from inittab (and start NFS). ››› Note that the -A and -E sw itches cannot be stacked (-AE). -A
Start NFS daemons now , but not at next boot specifies to mount on boot and -E specifies the intr mount
mknfs -N option.
←or→
startsrc -g nfs ◊ Command reference: showmount, chnfs, mknfs, rmnfs, nfso,
List the status of the NFS services automount, chnfsexp, chnfsmnt, exportfs, lsnfsexp, lsnfsmnt,
lssrc -g nfs mknfsexp, mknfsmnt, rmnfsexp, rmnfsmnt, mount
Other
• The procfs is the single (default) pseudo fs. Interestingly, /proc is Mount DVD media in the DVD drive
not used by commands like ps or topas but is used by commands mount -v udfs -o ro /dev/cd0 /mnt
like truss. Additional information on /proc can be found in the Mount CD media in the CD/DVD drive
header file <sys/procfs.h> and the /proc InfoCenter page. mount -rv cdrfs /dev/cd0 /mnt
• A list of supported filesystems can be found in the /etc/vfs file. ››› Both the cdrfs and udfs are different types as defined in
• The cdromd daemon is used to automount CD / DVD media. It is /etc/vfs, but both seem to w ork for AIX DVD media.
not enabled by default. cdromd uses the /etc/cdromd.conf file to
configure default options for the cdX device such as the default ◊ Command reference: chps, lsps, rmps, sw apoff, swapon, mount,
mount directory. umount, cdromd, cdeject, cdmount, cdcheck, cdumount, cdutil
• Paging spaces are specified in the /etc/swapspaces file. The chps,
mkps, rmps, and lsps commands are used to modify / view this
file.
Find your CD/DVD ROM
lsdev -Cc cdrom
List all paging spaces
lsps -a
Grow the hd6 paging space by 4 LPs
chps -s 4 hd6
››› The current LP count and LP/PP size can be found using lslv
hd6.
Networking
Concepts
• Ethernet devices are entX devices w hile enX and etX devices • The /etc/resolv.conf uses a traditional format, but can be
represent different frame types that run on the underlying entX managed via the namerslv and *namsv commands. The
device. Typically the enX device is what is plumbed on most /etc/netsvc.conf file is the AIX version of the nsswitch.conf file
networks and etX is not used. in that it determines the service lookup order for name services.
• Attributes of the entX device are physical layer connection • Hostname lookup order is determined using /etc/irs.conf, then
/etc/netsvc.conf and finally $NSORDER. (The order of precedence
settings such as speed and duplex as w ell as driver settings
such as transmit and receive queue sizes. Attributes of the enX is reverse - meaning, for example, a value set in $NSORDER w ill be
used over the other tw o methods.) The irs.conf and $NSORDER
device are configurable items such as IP address, subnet mask,
and some TCP/IP tunables. methods are typically not used.
• Like the enX device, the inet0 device is not a physical device. It is • Network related tunables can be set globally, per-interface, or
per-socket connection. Most global tunables are managed with
a representation / management interface for the Internet
the no command. Interface specific tunables are set on the entX
(netw orking) subsystem. The hostname, routing info and TCP/IP
configuration method are attributes of this device. or the enX devices using the chdev command. AIX now recognizes
• Networking is typically started from /etc/rc.net using the a ISNO (Interface Specific Netw ork Option) flag that overrides
settings stored in the ODM (and not from rc.tcpip). When many of the global settings and uses the settings for each
started in this manner several helper commands are responsible interface over those set globally. This is an important concept as
for pulling the config from the ODM and configuring devices. much application documentation still refers to the global settings
Alternatively, /etc/rc.net can be configured to use ifconfig while the default is now to use the local settings. ISNO can be
determined from querying with the no command or looking at
commands or /etc/rc.net can be bypassed completely and
ifconfig results. Examples of retrieving the defaults, ranges,
/etc/rc.bsdnet can be used instead. The setting that
determines w hich method (rc net or rc bsdnet) is used is stored and current values as w ell as setting new values are shown in
determines w hich method (rc.net or rc.bsdnet) is used is stored
the next section.
as an attribute to the inet0 device. (The point here is not
• Settings for the HEA (Host Ethernet Adapter) are not alw ays set
necessarily to recommend the use the alternative methods but
from the OS. Physical layer settings for this device are typically
to point to where the options are set and w here additional set from the ASMI menus or from the HMC.
details on the process can be found.) • Changes w ere made to the AIX 6.1 netw ork tunables. The no
• AIX supports trunking (EtherChannel / 802.3ad), tagged VLANs
command will list many tunables as "restricted". IBM
(802.1q), Virtual IP addresses (VIPA), dead gatew ay detection
recommends against changing a restricted tunable from the
(multiple default gatew ays), IP multippath routing, and network
default.
adapter backup. The network adapter backup does not require
EtherChannel but is part of the smitty EtherChannel setup
section.
Management
• The assumption of this section is that rc.net / ODM is used for IP To view the (current) route table
configuration. If the configuration is not stored in the ODM and is netstat -r
configured via script then many of these "temporary" commands To view the (persistent) route table from the ODM
could be used to persistently configure the IP settings. lsattr -EHl inet0 -a route
• The follow ing examples also assume the use of en0 over et0. Add an entry for "rhodes" to the hosts file
hostent -a 192.168.1.101 \
List all Adapters in the system -h "rhodes.favorite.com rhodes"
lsdev -Cc adapter ››› The hostent is a command for editing the /etc/hosts file.
List all interfaces in the system Most edits on this file are done by hand. The hostent
lsdev -Cc if
command is mentioned here first for its potential use as a
Initial setup of an interface scripting tool, but also as an example of the pervasive tool-
mktcpip managed nature of AIX.
››› Note that mktcpip has an exceptional amount of options. List all services represented by inetd
They are not listed here because this command is a prime lssrc -ls inetd
example of w hen to use SMIT. See next item for more typical List all open, and in use TCP and UDP ports
use. netstat -anf inet
Smitty interface to initial TCP/IP setup List all LISTENing TCP ports
smitty mktcpip netstat -na | grep LISTEN
››› This command is usually run once for a system (typically in Flush the netcd DNS cache
the post-install setup if run from CD/DVD), additional netcdctrl -t dns -e hosts -f
changes can be done directly via the chdev command or via
Get (long) statistics for the ent0 device
the smitty configtcp menu screen. entstat -d ent0
Permanently set the hostname ←or→
chdev -l inet0 -a hostname=bombay
netstat -v ent0
Temporarily add a default route
route add default 192.168.1.1 ››› Remove the -d option from entstat for shorter results. The
output of entstat varies by device type. Virtual, physical, and
Temporarily add an address to an interface
ifconfig en0 192.168.1.2 \ IVE (LHEA) devices all produce different results. Use caution
netmask 255.255.255.0 and test throughly w hen scripting this command.
List all netw ork tunables
Temporarily add an alias to an interface no -a
ifconfig en0 192.168.1.3 \
List all tunable settings in long format
netmask 255.255.255.0 alias no -L
To permanently add an IP address to en1 ››› The "long" format is more readable as w ell as displaying
chdev -l en1 -a netaddr=192.168.1.1 \
current, default, persistent, min and max values.
11/14/2010 AIX QuickStart current, default, persistent, min and max values.
-a netmask=0xffffff00 Get a description of the use_isno tunable
Permanently add an alias to an interface no -h use_isno
chdev -l en0 -a \
››› These descriptions were expanded in AIX 6.1. Additionally
alias4=192.168.1.3,255.255.255.0 many will be listed as restricted w here they w ere not in
Remove a permanently added alias from an interface previous versions.
chdev -l en0 -a \ Turn off Interface Specific Netw ork Options
delalias4=192.168.1.3,255.255.255.0 no -p -o use_isno=0
Remove all TCP/IP configuration from a host • The following tcpdump examples are simplistic and limited, an
rmtcpip extended usage description for tcpdump is beyond the scope of
View the settings on inet0 this document. The intent is to give a few easy examples that
lsattr -El inet0 can be expanded to the users needs. Additional help w ith filter
››› This can be run for ent0 and en0 as well. These settings are expressions and command line options is available on the
typically stored in the ODM object repository CuAt and are tcpdump InfoCenter page. Also note that w hile efforts have been
retrievable via odmget -q name=inet0 CuAt. made to account for line wraps in the printed version, these
Determine if rc.bsdnet is used over rc.net commands remain un-w rapped for readability.
lsattr -El inet0 -a bootup_option Watch all telnet packets from aachen
Find actual (negotiated) speed, duplex, and link tcpdump -Nq 'host aachen and (port telnet)'
entstat -d ent0 ››› -N gives short host names.
››› The interface must be up ( ifconfig en0 up) for stats to be Watch connect requests
tcpdump -q 'tcp[tcpflags] & tcp-syn != 0'
valid. The netstat -v ent0 command gives similar results.
Set (desired) speed is found through the entX device ››› -q gives abbreviated packet info.
lsattr -El ent0 -a media_speed Watch all connection requests to port 23
tcpdump -q 'tcp[tcpflags] & tcp-syn != 0 and port telnet'
Set the ent0 link to Gig full duplex
chdev -l ent0 -a \
media_speed=1000_Full_Duplex -P ◊ Command reference: mktcpip, rmtcpip, ifconfig, netcdctrl, no,
tcpdump, chdev, lsattr, entstat, netstat, route, host, hostname
››› Auto_Negotiation is another option (see the next example).
View all configurable options for speed and duplex
lsattr -Rl ent0 -a media_speed
Find the MTU of an interface
netstat -I en0
System Configuration & Management

Devices
• Physical device to /dev device representations are mapped via Get device address of hdisk1
ODM database entries. Actual locations of devices can be getconf DISK_DEVNAME hdisk1
retrieved using the lscfg or lsdev commands. The mapping ←or→
provided by the ODM provides a persistent binding for device bootinfo -o hdisk1
names across boots of the system. ››› This is the same information available from other commands,
• The mapping of physical devices to the logical devices in /dev is just not requiring greping or awking to retrieve this specific
an automated process performed by the operating system. It is data. bootinfo is not officially supported as an administrative
typically not required to move or otherwise re-order these command.
devices. In a highly dynamic environment where devices are Get the size (in MB) of hdisk1
added and removed, it may be advantageous to clear previous getconf DISK SIZE /dev/hdisk1
11/14/2010 AIX QuickStartg _
instances of a device from the ODM and /dev directory. ←or→
• New devices are added to the system w ith the cfgmgr command. bootinfo -s hdisk1
Logical instances of of devices can be removed from the system ››› Note that a full path to the device is required for the getconf
via the rmdev command. rmdev simply tells the system to forget version.
the device, so unless the physical device is actually removed it Find the possible parent devices of hdisk0
will simply be found and re-created w hen the cfgmgr command is lsparent -Cl hdisk0
run again (e.g. at next boot). ››› This lists all devices that support that device type, not the
• Device support requires that the appropriate packages (drivers) specific parent of this device. See the follow ing lsdev
are installed for each device. The default AIX install includes examples for methods of finding parent devices.
support for devices not on the system. If a device is newer or a List all child devices of scsi1
minimal OS install w as done then support may not be included lsdev -Cp scsi1
for new devices. In this case the cfgmgr command w ill flag an
List all disks belonging to scsi1
error that an unsupported device has been found. lsdev -Cc disk -p scsi1
• Device configuration options are stored in the pre-defined device
Test if hdisk2 is a child device of scsi2
databases of the ODM. Information about actual devices are
lsdev -Cp scsi2 -l hdisk2
stored in the configured device databases of the ODM. These
configured options include instances and w ell as configuration ››› This command w ill list all devices that meet the criteria of
options to the devices / drivers. being hdisk2 and belonging to scsi2. Either it w ill list a
• The lsdev command is used to list devices in the predefined and device or it w ill not.
configured device (ODM) databases. The lscfg command is used Find the location of an Ethernet adapter
lscfg -l ent1
to display VPD (Vital Product Data) information about each
device. To find all devices the system know s or has configured at Find device specific info of an Ethernet adapter
lscfg -vl ent1
one time use the lsdev command. To search for a device by a
specific type, class, parent device or other complex criteria use ››› One key piece of device specific info w ould be the MAC
the lsdev command. To find the serial number or device specific address. This command w orks for HBAs and other addressed
identifier of a device use the lscfg command. adapters. The *stat commands also tend to return
addresses, often formatted in a more readable manner. See
List all devices on a system the next example for an HBA / with the grep command to
lsdev isolate the address.
››› lsdev queries the predefined or configured databases using Find the WWN of the fcs0 HBA adapter
lscfg -vl fcs0 | grep Network
the -P and -C flags respectively. In this case the -C flag is
implied. Addition of the -H option includes column header Get statistics and extended information on HBA fcs0
fcstat fcs0
info.
List all disk devices on a system ››› Similar *stat commands exist for numerous types of devices
lsdev -Cc disk such as entstat, ibstat, tokstat, fddistat, etc..
››› See next example for a list of potential classes as arguments List all MPIO paths for hdisk0
to the -c option. lspath -l hdisk0
List all customized device classes Temporarily change console output to /cons.out
lsdev -Cr class swcons /cons.out
››› Customized device classes mean that they exist (or have ››› Use swcons to change back.
existed) on the system. For a list of predefined devices (ones Find the slot of a PCI Ethernet adapter
that AIX could support) change the -C option for -P. lsslot -c pci -l ent0
List locations of all hdisks in the system ››› The lsslot command is used to find cards that are hot-
lscfg -l 'hdisk*' sw appable. Not all systems will support this command.
››› This can be accomplished via the lsdev command. The point
here is to show the use of w ildcards in a lscfg option. ◊ Command reference: lsdev, lsparent, lscfg, lsattr, chdev, rmdev,
Remove hdisk5 cfgmgr, lscons, sw cons, fcstat, entstat, ibstat, getconf getconf,
l l t d l t
rmdev -dl hdisk5 lsslot, drslot
››› The -d option removes the configured device entry from the
ODM. Unless the device is physically removed, cfgmgr w ill
bring it back.
SMIT (System Management Interface Tool)
• SMIT is a system management tool that assists the administrator • SMIT can be invoked from the command line using smit or smitty.
with AIX utilities by providing an ASCII (curses) / X-Window GUI smit w ill start either the curses based version or the X Window
interface to those tools. SMIT provides pick lists and menus for version depending upon the presence of the X Window system.
command line options to AIX tools. The interface is designed to smitty will alw ays start the curses (tty) version.
aid w ith recognition of more obscure switches, provide additional • Additional information on customizing the SMIT interface can be
security & accounting, and perform some validation on the input found on the "Extending SMIT For Common Localized Tasks"
to those commands. page.
• The SMIT interface is not a monolithic binary, but an extensible
framew ork of screens that relies upon underlying OS commands • Key sequences (for the curses version)
to do the w ork. Each SMIT screen is stored as a collection of ODM
F3 (Esc-3) Exit current screen
objects in SMIT specific object classes.
• Stepping through the complex menu system can be avoided by F4 (Esc-4) Generate a pop-up list that can be chosen from
jumping directly to a screen w hen a fastpath is specified w hen F6 (Esc-6) List the command that will be run
SMIT is invoked. Fast paths are single word (no spaces) phrases F5 (Esc-5) Reset the field to the original / default value
that typically are the command that w ill be run in that screen.
The fast path for the current screen can be determined by using F8 (Esc-8) Show the fast-path tag for this screen
the F8 key while in that screen. F10 (Esc-0) Exit SMIT
• Sample fastpaths: /phrase Search for phrase in a list
mktcpip Initial TC P/IP setup n Used to find the next occourence of the search phrase
lvm Root of the LVM menus Tab Used to alternatively select items from a "ring" (a short
mkuser Screen to add a user list).
pgsp Root of the paging space menus
_nfs Root of NFS menus • Symbols that denote field data requirements:
subserver inetd config * This is a required field
mpio Root screen for all MPIO operations # This field requires a numeric value
etherchannel Root of EtherC hannel / 802.3ad memus / This field requires a path
chgenet C onfigure paramaters on the ent device(s) X This field requires a hexadecimal number
vlan Root of menus to manage VLAN configurations ? The data entered will not be displayed
mkvg Beginning screen to create a new VG + Data can be retrieved from a list
• SMIT w ill save a script of runnable commands in ~/smit.script

and ~/smit.transaction as w ell as a log of commands run in
~/smit.log. When invoked with the -x sw itch, SMIT will not run
any of the commands but will write the commands it w ould run to
~/smit.script and ~/smit.transaction. (Note: With the -x
sw itch SMIT w ill still run the discovery commands to build lists
and find default/existing values but not the action commands.)
SRC
• The SRC (System Resource Controller) is a process manager that Start the cdromd service
is used to spaw n, monitor, and control services. Many of the startsrc -s cdromd
standard Unix daemons are managed via this interface on AIX. ››› There is not a persistent flag for the startsrc command. For
• SRC does not have a persistent "service profile" and therefore this service to automatically start on the next boot, a change
does not comprehend persistence beyond the current boot. For must be made to one of the system initialization files. In this
this reason, it is necessary to find w here the service is started case, an entry must be made in /etc/initttab.
and add or remove the startsrc (service start) command there. Stop the cdromd service
The most popular locations for this are rc.tcp and inittab. stopsrc -s cdromd
• SRC controlled processes must be started and stopped via the Send a refresh request to the syslogd service
SRC interface. If a SRC process dies or is killed the srcmstr refresh -s syslogd
daemon w ill re-spaw n that process and log an error to the ››› This w ould typically be communicated via a HUP signal. Not
system error log. all SRC controlled processes respond to a refresh request
• The core process for SRC (srcmstr) is spaw ned from and may require a HUP signal.
/etc/initttab. Services that run under SRC control do not leave
their process group (ie: have a PPID of 1), but instead, stay ◊ Command reference: lssrc, startsrc, stopsrc, refresh, srcmstr
children of srcmstr.
List the status of the cdromd service

lssrc -s cdromd
List the status of inetd subservices
lssrc -l -s inetd
List the status of all members of the NFS group
lssrc -g nfs
Performance / Kernel / Tuning
• The primary statistics provider for most basic performance splat - [T] Simple Performance Lock Analysis Tool. Provides
commands on AIX is the Perfstat API / kernel extension (See lock statistics. Must be run on a system booted w ith
/usr/include/libperfstat.h.) This API supports most non-trace
lock trace reporting enabled.
based performance related tools.
spray - Netw ork load generation tool using a remote sprayd
• The trace-based tools (denoted by a "T" in the list below) utilize
daemon. Requires the RPC daemon (rpc-sprayd) to
the trace facility. These tools generate significantly more detail
be registered.
than the perfstat based tools. Unfortunately the level of detail
provided by these tools comes at the expense of performance. svmon - Displays general to detailed reports of VM usage on
Caution should be used w hen running these tools on a the system as a whole or for individual processes.
production system. tcpdump - Capture netw ork packets. Packets can be filtered by
• AIX 6.1 introduced probevue, a lightw eight dynamic trace facility type, port, interface, address, or other criteria.
that provides trace-like insight but w ith a minimal performance Packets can be captured w ith detail or in summary.
impact. The probevue command utilizes scripts w ritten in the Vue See examples at the end of the networking examples
language to define w hat events to capture data on and how to section.
report that data. Additional information can be found on the topas - topas is a curses-based, interactive, multi-area,
ProbeVue page. general performance reporting tool. topas is often
• With the introduction of Micro-partitions many commands w ere the first tool used in a performance tuning exercise.
modified both to account for performance statistic gathering in New topas users may find useful info on the local
the virtualized environment as w ell as reporting virtual statistics. introduction to topas page
introduction to topas page.
When WPARs w ere introduced many commands w ere extended
tprof - [T@] A trace based profiling tool.
to report per-WPAR or WPAR specific statistics. The WPAR specific
options are typically enabled with the -@ switch. Commands in truss - Reports syscall, signals, and most aspects of system
the follow ing list that support this option are marked w ith the interaction by a process.
"@" symbol. uptime - Reports system uptime as w ell as 1, 5, and 15 minute
• The *o commands (vmo, schedo, no, nfso, raso, ioo, and lvmo) are system load averages.
used to view and set system related tunables. Persistent vmstat - [@] Report statistics from the virtual memory
tunables are saved in /etc/tunables/nextboot. Some persistent subsystem.
tunables are inserted in and set from the BLV (therefore they
require that bosboot run to set the value for next boot.
• Note: The examples section is not meant to be comprehensive or
• The follow ing is a list of general and low er-level system
even well representative of the available options and
commands for performance and diagnostics:
performance monitoring methods. The scope and design of this
atmstat - Show statistics and device details for ATM adapters page does not allow for a full treatment of the performance
curt - [T@] CPU Utilization Reporting Tool. A trace based tools. Each section requires a careful selection of the command
tool for monitoring CPU activity. examples and information that is of use. This section requires
significantly more abbreviation to fit in a reasonable space. The
entstat - Show statistics and device details for Ethernet
goal has been to give a mix of some common examples along
adapters
with some that are slightly atypical.
fcstat - Show statistics and device details for FC HBAs • Most iterative commands here use tw o second intervals. This is
fddistat - Show statistics and device details for FDDI adapters done only to make them consistent when show ing the iterative
fileplace - Show fragmentation and block / fs usage for a file. options.
filemon - [T@] Generate a report of advanced / detailed disk List processes in ptree-like output
statistics that highlights w here I/O w as generated ps -T1
and w hat generated it.
List all file opens for the ls process
gprof - Generate profiling statistics for a binary. truss -topen ls
iostat - [@] Supports I/O statistics on multiple device types, List all file opens for a running PID
but used primarily as a first line disk I/O statistic truss -topen -p 274676
reporting tool. ››› 274676 is simply a PID that was active on the system w hen
ipcrm - [@] Remove IPC (InterProcess Communication) I created the example.
semaphores, message queues, and shared memory List all open files for a running PID
segments procfiles -n 274676
List all memory segments for a running PID
ipcs - [@] List IPC (InterProcess Communication) svmon -P 274676
semaphores, message queues, and shared memory
segments Get a filename for an inode from previous results
ncheck -i 1041 /dev/hd4
iptrace - Netw ork packet tracing daemon. Results can be
››› Once again, this example is of a local (to this system) inode
view ed w ith ipreport
value. In this case svmon returned the inode and filesystem
istat - A command line stat() tool. It gives similar info to ls of the file - the actual filename was desired.
but in potentially more scriptable output. Enable advanced statistics gathering on VG datavg
kdb - An interactive user-space command for view ing lvmstat -v datavg -e
kernel structures, memory locations, tables, etc... ››› Use -e to enable, -d to disable.
from a running system or a dump of the kernel. Monitor network throughput for ent0
lparstat - [@] Reports per-LPAR statistics - primarily memory while [ 1 ] ; do entstat -r ent0 | grep Bytes ; sleep 2 ;
and CPU utilization. Also reports virtualization-aw are done
statistics such as entitlement consumption and ››› First column is transmit and second is receive. This is a non-
hypervisor calls. The WPAR flag on this command is - curses based example, see the next example for a topas
W not -@. based solution.
lvmstat - Reports I/O statistics on VG structures (as opposed Monitor network throughput for all interfaces
topas -E
to per-disk statistics). Statistics gathering must be
enabled w ith the -e switch before use. Paging - in use
svmon -i 2
mpstat - [@] Reports performance statistics such as
››› The -i 2 parameter tells to iterate every tw o seconds.
interrupts, context sw itches, min/maj faults, system
Paging - activity
calls, and processor affinity. vmstat 2
netpmon - [T@] Reports detailed netw ork, socket, and NFS Show top-like CPU usage by process
related statistics over an interval. topas -P
netstat - [@] Show netw orking status for TCP/UDP through Show system w ide CPU usage
physical layers. mpstat 2
pmcycles - A tool to measure actual CPU speed (presumably for Get NFS server statistics
CPUs that may go into pow er save). while [ 1 ] ; do nfsstat -s ; sleep 2 ; done
pprof - [T@] Reports detailed statistics on kernel threads. Generate CPU load
dd if=/dev/random of=/dev/null
probevue - Lightw eight dynamic tracing tool that utilizes the
List I/O stats organized by adapter
Vue language. Additional ProbeVue resources are iostat -a 2
available locally on the ProbeVue page.
Get extended I/O stats on just tw o disks
ps - [@] List processes iostat -D hdisk0 hdisk1 2
pstat - Show the contents of several system tables from a List I/O stats by file system
core file or active kernel. iostat -F 2
rmss - Tool to simulate a reduced memory footprint for an ››› Not supported on 5.3
application. Running the LPAR w ith reduced memory Show network statistics for interfaces
may be a more popular alternative to this command. netstat 2
ODM
• The ODM (Object Data Manager) is a database store for system • Object classes are implemented as one or two files depending
information on AIX. The ODM is primarily used for system items upon the data types used in the definition of the object class.
such as device instances and the configuration options for those The primary file has the same name as the object class. An
devices but may also be used for applications such as SMIT. optional file ending in .vc is used for variable length and multi-
• The ODM is a collection of object classes (files) that are primarily byte nchar data. The ODM data files are not recognized by the
in /etc/objrepos but also stored in /usr/lib/objrepos, file command so I have included a sample MAGIC for both file
/usr/share/lib/objrepos and the BLV. The copy and/or location types.
of the ODM to use is specified either by an application or the
ODMDIR / ODMPATH environmental variables. For example, the SMIT
0 long 0x000dcfac ODM data file
screens are stored in object classes in /usr/lib/objrepos but 0 long 0x000caa1c ODM variable data file
can be stored in an alternate ODM source.
››› See the "Extending SMIT For Common Localized Tasks" page MAGIC entries for ODM files
for info on using an alternate ODM source for SMIT.
• While applications can create object classes anyw here they w ish, • Many introductions to the ODM use typical database examples to
the system object classes primarily exist in the three directories show how data is stored and retrieved. While this is useful for
listed in the previous point. This is done to separate data based understanding the structure of an object class it is counter-
upon the type of filesystem it is in. Data that is specific to a productive in that it masks w hat is really stored in the ODM.
system is stored in /etc/objrepos. Platform specific data that can Another method of learning the ODM is to use the truss-query
be shared across systems (such as a netw ork boot) is stored in method. This means that you wrap a command in truss (truss -
11/14/2010 AIX QuickStart y p (
/usr/lib/objrepos. Platform independent data that can be share topen) to capture the file opens, then query the resulting object
across systems is stored in /usr/share/lib/objrepos. One classes for the data they contain.
example of this is the lpp object class that exists in all three • The ODM command line tools w ork on two different formats of
locations. The lslpp -l will query each of these object classes input/output from the object classes. The structure of the object
and display each in its own group. classes are defined in a syntax that is very similar to a C struct.
• The primary benefits of the ODM is that it stores complex data, Actual object data is structured in a stanza format.
enforces data types on that data, and provides a rich API / set of
command line utilities to access it. The API supports locking that
class my_object_class {
insures a view consistency that is not guaranteed with flat files.
short descriptor1;
• When mapping ODM to database concepts, an ODM object class
is the equivalent of a database table, and is implemented as one short descriptor2;
or more files. An ODM object w ould be a row in that table. An vchar text[1024];
object descriptor would be the equivalent of a database column };
definition. Example of odmcreate/odmshow struct. (Nonsensical table with two short
• The ODM supports relations in the form of the "link" data type. It int(eger)s and a string.)
does not allow for joins of the data, nor does it enforce
referential integrity during inserts. The ODM does not enforce a
CuAt:
primary key, specifically the unique constraint of a key. For this
reason, it is possible to have duplicate objects in a object class. name = "inet0"
• ODM command line tools: attribute = "hostname"
value = "mumbai"
odmget Query data from an ODM object class. Specific queries are
supported with the -q option, but it is not possible to limit type = "R"
results to specific "columns" without using another generic = "DU"
command like grep. If the query string is omitted, then all rep = "s"
data will be returned. (This is an effecive way to back up nls_index = 24
the data from the object class.) The data will be returned
Example of odmadd/odmget stanza syntax. (Actual output from a system.)
in the odmadd/odmget stanza format.
odmadd Insert data into an ODM object class. The data must be in
the odmadd/odmget stanza format. Because null values
are not allowed, all "columns" must be filled with Steps to shrink an ODM object class called "Bloat"
appropriate data. odmshow Bloat > Bloat.definition
odmget Bloat > Bloat.data
odmchange C hange data in an ODM object class. A query syntax
allows the user to specify a limited set of objects (rows). odmcreate Bloat.definition
The data changed is specified in a odmadd/odmget stanza odmadd Bloat.data
format. The stanza file does not need to be complete as ››› odmshow saves the table definition. odmget saves the table
only the descriptors (columns) present in the stanza file data. odmcreate re-creates the table. odmadd restores the
will be changed in each matched object.
data. This is not a popular task on AIX. The example here is
odmcreate C reates an ODM object class based upon an more to relate the purposes of the commands and give some
odmcreate/odmshow "struct" file. The ODM file will be insight into how they can be used.
created in the default directory. Existing object classes Determine the ODM files opened by lsattr
with the same name will be overwritten without warning. truss -topen lsattr -El inet0
odmdelete Will delete objects (rows) from an ODM object class. The - Query CuAt for the inet0 config
q query syntax is supported to limit the objects deleted. If odmget -o CuAt -q name=inet0
the query is omitted, all items will be deleted. Selective
delete operations can lead to bloated object class files.
• The SMIT customization page has more ODM command examples.
odmdrop Deletes an entire ODM object class. All objects (rows) and
the object class itself will be deleted. All object class files ◊ Command reference: odmget, odmadd, odmchange, odmcreate,
are deleted. Future queries to this object class will fail. odmdelete, odmdrop, odmshow
odmshow C reate a odmcreate/odmshow struct output based upon
the description of the ODM object class. The results will
define each descriptor (column) in the object class (table)
as well as have other data related to the current contents
of the object class in comment format. This output can be
used to re-create an empty object class using the
odmcreate command.
Software Management
• A fileset is the smallest manageable component in the LPP List all softw are packages on /dev/cd0
(Licensed Program Product) hierarchy. A package is a collection of installp -l -d /dev/cd0
related filesets. An LPP is a group of packages that tend to fall ››› It is not necessary to explicitly mount /dev/cd0. The
within one product type, such as "bos" - the base operating installp command w ill do it automatically. None of the
system. examples using /dev/cd0 (including SMIT) in this section
• Filesets are divided by what part of the system they install to. require the explicit mounting of the CD/DVD ROM.
This is either "root", "usr", or "share". These divisions are List the software in the default repository location
determined by install location as well as platform dependence / installp -ld /usr/sys/inst.images
independence. Use the lslpp -O flag with r, u, or s options to list
List all RPM packages on the system
filesets from only one location. (Additional discussion of this is rpm -qa
found in the ODM section and the three separate lpp ODM data
List all files in the installed gcc RPM
stores - one for each fileset install location.) rpm -ql gcc-4.2.0-3
• Most administrators perform installs via the SMIT or NIM methods.
List all filesets that are applied, and can be committed or rejected
SMIT is most popular for simple one-off installs and smaller installp -s
environments. Use of installp directly from the command line is
List packages on media in /dev/cd0
significantly more complex than SMIT or NIM. gencopy -Ld /dev/cd0
• The most popular SMIT fast paths are install_latest and
update_all. The install fast path requires that a package Copy contents of CD to local directory
gencopy -d /dev/cd0 -t /proj/instsrc \
repository be specified on the first screen then presents the user -UX all
with a screen of install options to include the option to brow se
and select from the supplied repository. Copy contents of CD to default local directory
gencopy -d /dev/cd0 -UX all
• Bundles are simply formatted lists of packages to be installed as
a unit. Bundle files are stored locally in Download AIX 5.3 TL10 updates to local repository
suma -x -a Action=Download \
/usr/sys/inst.data/sys_bundles and
/usr/sys/inst.data/user_bundles. Bundles can be installed -a RqType=TL -a RqName=5300-10
using the smitty easy_install command. ››› The updates will be placed in the default local repository in
/usr/sys/inst.images.
• Filesets can be installed in the applied or committed states.
Applied filesets retain previous versions and can be rolled back Install the mkinstallp tool
to the previous version (rejected). The first version of a fileset installp -acgXYd /usr/sys/inst.images \
installed on a system is alw ays committed. bos.adt.insttools
• SUMA (Service Update Management Assistant) is a method to ››› The options are:
automate the retrieval of system updates from the Internet. -a Apply
-c Commit
List all installed filesets separated by filesystem type -g Install prerequsites
lslpp -l -X Extend filesystems if necessary
List all installed filesets w ith combined filesystem info -Y Agree to licenses
lslpp -L -d <dir> Specify a source
››› Adding the -c option will make this output scriptable in that it bos.adt.insttools pagkage to install
ll b l d l d h l
w ill be colon delimited. See the next example. Backup the rootvg
List just the filesets on a system mksysb -eivX /mnt/bombay.mksysb
lslpp -Lc | cut -d : -f 2
››› The options are:
List all files in the bos.mp64 fileset -e Exclude files listed in /etc/exclude.rootvg
lslpp -f bos.mp64 -i Create an /image.data file
List all files in the root part of bos.rte.shell -v List files as they are backed up
lslpp -Or -f bos.rte.shell -X Extend /tmp if necessary
List what known fileset provides ksh /mnt/bombay.mksysb The file to create
which_fileset ksh
List the installed fileset that provides /usr/bin/ksh As this command w ill back up all mounted filesystems in
lslpp -w /usr/bin/ksh rootvg it is necessary to account for the potential size of this
››› *ksh* w ould have worked, but more results. file. The root user has a file size limit (fsize) and can be
temporarily disabled with ulimit -f unlimited
◊ Command reference: installp, inutoc, lslpp, emgr, gencopy, suma,

mksysb
Users / Groups
• AIX users and groups have an administrative attribute that

determines w ho can make changes to that user or group Only
determines w ho can make changes to that user or group. Only
the root user (or equivalent RBAC role) can modify a user or
group that has the admin attribute set. Regular, non-admin
accounts, may be modified by members of the security group.
Non-admin groups can have group administrators (that are not
part of the security group) that can modify the group members.
• The following is a table that represents how the admin attribute
of a user/group effects w ho can modify that item:
admin attribute root security users on the group adms
= user group list
user true Yes No N/A
false Yes Yes N/A
group true Yes No No
false Yes Yes Yes
• RBAC (Role Based ACcounting) is a natural maturation from using

simple SUID/SGID binaries to a more granular method of granting
privileges to users to accomplish tasks. Legacy RBAC w as
introduced in AIX 4.2.1, and w as upgraded to Enhanced RBAC in
AIX 6.1. This document refers to the Enhanced version of RBAC
and only mentions Legacy RBAC in contrast where appropriate.
• Legacy RBAC w as a simplified method to divide root tasks into
groups and give non-root users ability to perform those tasks.
This w as done w ith traditional SUID/SGID applications that then
checked to see if the user w as assigned the privilege before the
task w as attempted. As a result, it required specialized binaries
that w ere potentially open to exploit because the processes they
spaw ned still had effective root access. The benefit was the
more granular division of responsibilities that RBAC promises.
Unfortunately, Legacy RBAC w as not sufficient to change many
administrator's minds on the use of root for all tasks
administrative.
• Enhanced RBAC does not rely upon SUID/SGID applications but
instead allows for granular permissions based upon the users
role membership and only the permissions required to complete
the task. The kernel only allow s authorizations to non-root users Relationship between RBAC files.
for very specific actions instead of relying on the application code
to grant that access.
• A user is assigned a role that aligns w ith an administrative task Create an admin group called wfavorit with GID 501
such as the ability to restart (or shutdow n) the system. The role mkgroup -a id=501 wfavorit
is a grouping method that defines all authorizations that are List the attributes of the just-created group w favorit
required to accomplish that type of task. Commands, files, and lsgroup wfavorit
devices are added to priv* files that define what authorizations Create an admin user called wfavorit with UID 501
are required to perform that specific task or access that file / mkuser -a id=501 shell=/usr/bin/ksh \
device. When a command is run, the required authorizations are home=/home/wfavorit pgrp=wfavorit \
checked against the authorizations assigned to roles for the user wfavorit
running the command. If the user lacks sufficient access then Set the passw ord for user wfavorit (run as privileged user)
permission is denied. pwdadm wfavorit ←or→ passwd wfavorit
• The follow ing table lists the key configuration files in the Add w favorit as member of the security group
Enhanced RBAC system, the commands used to access/modify chgrpmem -m + wfavorit security
those files and what the files are for. Make a group with wfavorit as the admin
user.roles chuser Provides a mapping between existing users mkgroup adms=wfavorit favorite
mkuser and existing roles - both of which are defined Make w favorit an administrator of the proj group
lsuser elsewhere. chgrpmem -a + wfavorit proj
roles chrole Defines roles as either a group of List all users on the system
mkrole authorizations or of sub-roles. lsuser -a ALL
lsrole ››› The -a switch lists specific attributes, but in this case it is
rmrole empty and only the user names are displayed. See other
authorizations mkauth Defines user created authorizations. System lsuser examples in this section for other uses of the -a
chauth authorizations are defined elsewhere. sw itch.
lsauth List all admin users on the system
rmauth lsuser -a admin ALL | grep =true
privcmds setsecattr Lists all authorizations that are required for a List attributes for user wfavorit in a stanza format
lssecattr command to complete its task. lsuser -f wfavorit
rmsecattr List login history for user wfavorit
privfiles setsecattr Lists all authorizations that are required to last wfavorit
lssecattr read or write to a file. List the fsize ulimit for user w favorit
rmsecattr lsuser -a fsize wfavorit
privdevs setsecattr Lists all authorizations that are required to Change the file size ulimit to unlimited for w favorit
lssecattr read or write to a device. chuser fsize=-1 wfavorit
rmsecattr List all groups and their IDs
lsgroup -a id ALL
• The user environmental variables are stored in /etc/environment List all members of the favorite group
and /etc/security/environ. The variables set in chgrpmem favorite
/etc/environment are given to all users and processes w hile the
settings in /etc/security/environ are per-user. ◊ User / Group admin command reference: mkuser, chuser, rmuser,
• User limits are set for login processes from the lsuser, pw dadm, mkgroup, chgroup, rmgroup, lsgroup,
/etc/security/limits file. The chuser command can be used to chgrpmem, usrck, grpck, pwdck
modify this file. ◊ RBAC command reference: setkst, chrole, mkrole, lsrole, rmrole,
• The default options for the mkuser command are stored in mkauth, chauth, lsauth, rmauth, ckauth, setsecattr, lssecattr,
/usr/lib/security/mkuser.default. rmsecattr
◊ User command reference: users, w , who, w hoami, w hodo, id,
• The /etc/security/passwd file is the shadow password file.
chsh, passwd, setgroups, ulimit, setsenv, last, finger
• The last command returns login information for the system (from
the /var/adm/wtmp file. The /etc/security/lastlog file contains
per-user information on each users login attempts.
Other
Boot Process
• The normal numbers represent what you see as the step begins. cfgcon configures console c31
The red numbers are error codes when that command / step
fails. This is not a complete list of error codes. A more complete (cfgcon exit codes. c33 is assumed here) c32, c33, or c34
set can be found in Diagnostic Information for Multiple Bus System hang detection is started c33
Systems. Graphical desktop is (optionally) started
savebase updates ODM copy on BLV 530
Power on
syncd & errdemon started
Hardware initialization
Retrieve bootlist from NVRAM System LED is turned off
Locate BLV and load into memory 20EE000B rm -f /etc/nologin

Kernel initializes and mounts RAM FS Start several optional services
Phase 1 (rc.boot 1) log: "System initialization completed"
RAM FS is resized Phase 3 complete, init continues processing inittab
Logging begins • The previous boot process listing is for a normal disk boot. This
restbase copies ODM to RAM FS will vary for netw ork, tape, and CD boots. Read the contents of
548 /sbin/rc.boot for specifics on each boot device method and type
cfgmgr configures base devices in ODM 510 (normal or service).
bootinfo determines boot device 511,554 • The boot order is stored in NVRAM. The settings are set and
retrieved using the bootlist command.
Phase 2 (rc.boot 2) • The BLV (Boot Logical Volume) is /dev/hd5. It is created / updated
ipl_varyon varies on rootvg 551,552,554,556 with the bosboot command.
fsck of / • bosboot updates the boot record at the start of the disk, copies
517,555
the SOFTROS from /usr/lib/boot/aixmon.chrp, copies the
mount of / 517,557 bootexpand utility, copies the kernel from /unix, creates a copy of
fsck & mount of /usr 517,518 the RAM FS from the list of files in
/usr/lib/boot/chrp.disk.proto, and creates a base ODM.
fsck & mount of /var 517,518
copycore, umount /var 517
swapon /dev/hd6 517
RAM FS version of ODM copied to /etc/objrepos 517
RAM FS version of /dev copied to disk 517
mount /var 517,518
Actual boot log written to (from RAM FS version) 517
rc.boot 2 is finished 553
Kernel changes root from RAM FS to disk 553
Phase 3 553 Layout of a bootable disk with hd5 shown.
Kernel invokes init from rootvg 553
init invokes rc.boot 3 • The kernel loaded from hd5 (the BLV) is the kernel the system will
553
run under for the entirety of the boot (until the system is
fsck & mount of /tmp 517,518 shutdow n or restarted). For this reason it is important to re-run
syncvg -v rootvg & 517 bosboot every time that the kernel is updated or some boot-time
kernel options are set.
Load streams modules 517
• This is an abbreviated list of boot codes. cfgmgr (alone) produces
C onfigure secondary dump device 517 numerous display messages and potential error codes, far more
cfgmgr -p2 (Normal) or cfgmgr -p3 (Service) 517, 521-529 than is practical to display here.
C ontinued →
◊ Command reference: bosboot, bootlist
Error Logging
• AIX has three error logging and reporting methods; alog, errlog, Write a message to the errlog
and syslog. The alog is an extensible collection of logs, but errlogger "This is not Solaris!"
primarily is used for boot and console logging. errlog is used Display the entire contents of the errlog
primarily for system and hardw are messages. syslog is the errpt
traditional logging method. ››› Add -a or -A for varying levels of verbosity.
• HMC managed systems w ill also have a log of serviceable events Clear all entries from the errlog
relating to all systems on that HMC. errclear 0
• Both errpt and alog keep binary circular logs. For this reason, Clear all entries from the errlog up to 7 days ago
neither requires the rotation process that is used for syslog logs. errclear 7
• A curses based error log brow ser can be found locally on the List info on error ID FE2DEE00
errbr page. errpt -aDj FE2DEE00
• The AIX syslog.conf uses *.debug for all, not *.* ››› The ID is from the IDENTIFIER column in errpt output.
• The follow ing alog examples use the boot log as an example. Put a "tail" on the error log
These examples are transferable to any of the other existing errpt -c
logs as well as those created in addition to the AIX supplied logs. List all errors that happened today
errpt -s `date +%m%d0000%y`
List all logs alog know s about
List all errors on hdisk0
alog -L errpt -N hdisk0
Dump the contents of the boot log to stdout To list details about the error log
alog -o -t boot /usr/lib/errdemon -l
Send the current date to the boot log To change the size of the error log to 2 MB
date | alog -t boot /usr/lib/errdemon -s 2097152
Increase the size of the boot log to tw ice the default. syslog.conf line to send all messages to a log file
alog -C -t boot -s 8192
*.debug /var/log/messages
››› Note: This changes the definition in the ODM, the size will be syslog.conf line to send all messages to error log
applied the next time that the log is re-created. *.debug errlog
Clear the boot log
rm /var/adm/ras/bootlog
echo "boot log cleared on `date`" \ ◊ Command reference: alog, errpt, errlogger, errdemon, errclear
| alog -t boot
Find the current alog file size setting for the boot log
odmget -q attribute="boot_logsize" \
SWservAt
WPAR
• WPARs (Workload PARtitions) are an AIX 6.1 feature that can be Create the rudra WPAR with default options
used to capture a process tree and lock it into its ow n mkwpar -n rudra
environment. An AIX system can host multiple WPARs that each ››› This command w ill pull the IP configuration for ruda from
appear to be nearly identical to a regular system. All processes in DNS. Naturally, rudra must be defined in DNS for the global
the WPAR are subject to the environment of that WPAR such as environment to find.
devices, filesystems, configurations, and networking unique to Start the rudra WPAR
that WPAR. startwpar -v rudra
• There are tw o types of WPARs, system and application. The key Log into the console of rudra
Log into the console of rudra
differences are that a system WPAR begins at the init process clogin rudra -l root
while an application WPAR begins at the application process and Create indra WAPR with useful options
the system WPAR has dedicated file systems while the mkwpar -A -n indra -r -s -v
application may not. System WPARs can be "sparse" or "w hole -A = Start automatically on system boot.
root" but it is the application WPAR that is most different from -n name = Workload partition name.
the other container implementations. -r = Copy global network name resolution configuration into the
• The hosting AIX system is called the "global environment". The
w orkload partition.
key differences in the global environment is that it runs the -s = Start after creation.
kernel, ow ns the devices, and can host WPARs. Significant effort -v = Verbose mode.
has been taken for the user environment of a WPAR to be
indistinguishable from the global environment. That said, the Create a WPAR on a dedicated VG
mkwpar -n varuna -A -g varuna_vg \
administrator needs to be aware of w hat environment she is in
-r -s -v
to perform various tasks.
• Because of the limited and contextually relevant administrative ››› If a VG or other filesystem options are not supplied then the
environment of a WPAR, some commands behave differently than filesystems for a system WPAR w ill be created from LVs on
others when run in a WPAR or the global environment. Generally the rootvg. This command uses a dedicated VG called
speaking, the more lower level the command, the more varuna_vg. The /usr and /opt filesystems w ill still be shared
appropriate it is to run in the global environment. One example w ith the global WPAR and therefore w ill still come from
of administration tasks most appropriate for the global rootvg but will not take any additional space. If the -l option
environment is device management commands. While a (system) w as used in the above command then a new /usr and /opt
WPAR has devices, the devices in a WPAR are much different w ould have been created for this WPAR using the specified
than those in the global environment. VG.
• WPARs are started from /etc/inittab with the /etc/rc.wpars Create an additional fs on dedicated VG
script, using the configuration information in /etc/wpars/. crfs -v jfs2 -g varuna_vg \
• By default, the root filesystems of sytem WPARs are created in -m /wpars/varuna/data01 -u varuna \
/wpars/WPAR_name/. The filesystems are browsable by (properly -a size=100M
permissioned) users of the global environment. Users in a WPAR ››› This command is run from the global environment. The mount
cannot see filesystems of other WPARs. point is within the varuna root filesystem (/wpars/varuna) so
• By default the /usr, /opt, and /proc filesystems of a system that it can be seen by the varuna WPAR. The -u varuna
WPAR are shared with the global environment via a read-only option specifies this fs as part of the varuna mount group so
"namefs" vfs type. (/proc is mounted read-w rite in each of the that it w ill be mounted w hen varuna starts.
non-global WPARs.) As a result, softw are and updates cannot be Remove the varuna WPAR
applied to these read-only WPAR views of the filesystems from rmwpar -s varuna
the WPAR. Filesystems that are local to the WPAR (such as /home, ››› -s stops it first, -p preserves the filesystems. (In this case
/, /tmp, and /var) can be modified from w ithin the WPAR. w e delete the underlying filesystems.)
Examples in this section show the default read-only and Create a WPAR w ith mount options
alternate options for these filesystems. mkwpar -n varuna -r -s \
• Some options for system WPAR filesystems include: -M directory=/ vfs=nfs \
– Using a dedicated VG or external NFS mount for WPAR dev=/varuna_nfs host=shiva \
filesystems. (Unless otherwise specified, system WPAR -M directory=/var vfs=directory \
filesystems are created from rootvg.) -M directory=/home vfs=directory \
– Using a single LV for all local filesystems. (The default filesystem -M directory=/tmp vfs=directory \
layout is similar to traditional AIX installs in that it w ill be broken -M directory=/usr vfs=directory \
into multiple LVs / filesystems.) -M directory=/opt vfs=directory
– Creating a dedicated (local copy) of the /usr and /opt file
››› The mkwpar command in this example uses a remote NFS
systems. (In the default filesystem setup /home, /, /tmp, and /var
share to host the filesystems for this system WPAR. It also
are unique to the WPAR w hile /usr and /opt are views on the
specifies that each of the regular mount points will instead
actual file systems in the global environment.) be directories and not mounts The resulting WPAR w ill have
be directories and not mounts. The resulting WPAR w ill have
– Creating additional filesystems dedicated to the WPAR. (This can only two mount points, one for the / filesystem and one for
take the form of a NFS mount or a dedicated filesystem just for
the /proc filesystem. The NFS mount in this example must be
the WPAR.)
root mountable by both the global environment and the
• A number of commands support a new -@ flag for WPAR related
system WPAR. An example of the actual (but temporary) NFS
output. The required parameters and output of the -@ flag varies
share is given in the NFS section above.
by command, and what environment the command is run in List all WPARs on the system
(WPAR or global). lswpar
• A system WPAR is started and stopped much like a separate OS
››› Default output will include Name, State, Type, Hostname,
with the startwpar and stopwpar commands. These act
and Directory. Valid types are S (System), A (Application) and
effectively as boot and shutdown operations. The shutdow n w ill C (Checkpointable).
be the most familiar, w hile the boot operation is significantly Determine if you are in global WPAR
different from booting a system. Instead of bootstrapping the uname -W
system from a disk, the WPAR startup process involves bringing
››› This command w ill print 0 to stdout and return 0 if in a global
online all the required filesystems, changing to that root
environment, and give non-zero values if in a system WPAR.
filesystem / environment, and then picking up the boot process
Another method is to look for the wio0 device in lsdev output
at init. (This is a simplistic treatment of the process designed to
- wio0 only exists in a system WPAR.
illustrate the difference from a system boot of something like a
LPAR in a virtualized environment.) List WPARs w ith (basic) network configuration
lswpar -N
• Application WPARs are not started like a system WPAR. It is more
appropriate to describe them as being executed in a different Change rudra WPAR to start on system boot
chwpar -A rudra
context. Application WPARs can see the global environment
filesystems and devices, they inherit everything not explicitly set List all processes in the indra WPAR from global
ps -ef@ indra
by the wparexec command. The large majority of examples and
discussion in this section refer to system WPARs. List ports / connections for the global environment
netstat -naf inet -@ Global
• The Solaris implementation of containers offers a command called
zonename that tells w hat zone the user is in. It w orks like the ››› Run in global environmnet.
hostname command w hen run from a zone but returns the w ord Stop WPAR rudra from global
stopwpar -v rudra
"global" when run from the global environment. AIX provides the
uname -W to tell if you are in a WPAR or not. I have included the Start apache in an application WPAR
wparexec -n varuna \
logic (script) to create a wparname command that tells if you are in
/usr/sbin/apachectl start &
a WPAR as w ell as the hostname of the WPAR (like the zonename
command). ››› In this example varuna is defined in DNS. Because the -h
flag is not used, the hostname w ill default to the WPAR
name, and will pull IP configuration from DNS for that host.
#!/bin/sh Subnet mask, name resolution, and all other settings w ill be
inherited from the appropriate interface in the Global
if (( `uname -W > /dev/null 2>&1` )) environment.
then
echo "global" ◊ Command reference: mkw par, chw par, lswpar, rmwpar,
else startw par, stopw par, w parexec, rebootwpar, syncw par, syncroot
hostname
fi
Sample source of wparname command.
About this QuickStart

Created by: William Favorite (wfavorite@tablespace.net)
Updates at: http://www.tablespace.net/quicksheet/
Disclaimer: This document is a guide and it includes no express warranties to the suitability, relevance, or compatibility of its contents with any specific system.
Research any and all commands that you inflict upon your command line.
Distribution:Copies of this document are free to redistribute as long as credit to the author and tablespace.net is retained in the printed and electronic versions.

AIX Quick Start

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

AIX Quick Start

Transféré par

Droits d'auteur :

Formats disponibles

11/14/2010 AIX QuickStart

Main Page -> QuickSheets -> AIX QuickStart

Acronyms & Definitions

Disks, LVM, & Filesystems

System Configuration & Management

SMIT (System Management Interface Tool)

• SMIT w ill save a script of runnable commands in ~/smit.script

List the status of the cdromd service

Performance / Kernel / Tuning

◊ Command reference: installp, inutoc, lslpp, emgr, gencopy, suma,

• AIX users and groups have an administrative attribute that

• RBAC (Role Based ACcounting) is a natural maturation from using

Locate BLV and load into memory 20EE000B rm -f /etc/nologin

About this QuickStart

Vous aimerez peut-être aussi