AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

Main Page -> QuickSheets -> AIX QuickStart

AIX QuickStart
Version 1.0.0 Date: 3/29/10
This document is written based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX.

Overview
Design Philosophy
AIX is primarily a tool-managed Unix. While some Unices have a le-managed interface, AIX tends to use stanza les and ODM databases as data stores for conguration options. This makes many conguration options rather dicult or simply impossible with just a text editor. The AIX alternative is to leverage an expansive set of specialized tools for all conguration options. AIX is well integrated with System P hardware. As typical with big-Unix implementations, AIX has a tight integration with the hardware it runs on. The result of this integration is an OS that not only provides extensive diagnosis and reporting of hardware issues, but also is designed to exploit numerous hardware features. IBM extends this integration even more by allowing AIX insight into the virtualization layer with abilities like virtual processor folding. IBM tends to lead with hardware and follow with the OS. Major releases of the OS tend to coincide with new hardware features and leverage those advances in the hardware. While other Unices may take a software-centric approach to a solution, IBM tends to rely upon all layers of the system to an end. One good example of this is the maturity and depth of virtualization technologies that permeate the System P product line. Commands in AIX generally follow a verb-noun syntax. The verbs tend to be ls (list), mk (make), rm (remove), and ch (change). The nouns vary by the target area such as dev, fs, vg, and ps. Even many of the odd-named variants follow a similar syntax such as crfs, reducevg, and installp. Both System P hardware and AIX are heavily geared towards virtualization. AIX is practically a para-virtualized environment in how well it is integrated with the System P virtualization technologies. At the user level, all performance and management commands have been modied to account for dierences that occur in a virtualized environment. Despite and because of these changes, a virtualized environment is virtually indistinguishable from a non-virtualized environment to the user. AIX has a stable interface. While the management tools and style of those tools has not changed within AIX for over a decade, the technologies supported by AIX has grown considerably. This is a signicant feature of AIX in that it introduces new technologies within a consistent, approachable, and well designed interface. The LVM integration with AIX is thorough and mature. From the install, management, and maintenance every aspect of LVM design dovetails into other components of the OS, rmware, and hardware to create an unparalleled environment. It is for this reason that AIX systems are more likely to be SAN booted and less likely to have 3rd party LVM products layered on top than other Unices. A central focus of IBM design has been on RAS features. Particularly with Power 6 systems, IBM has designed extensive error detection and recovery into the products. AIX is just one enabling component to this end. All systems from CPU, memory, I/O busses, to system processes are considered and accounted for in this design.

Acronyms & Denitions

CoD - Capacity on Demand. The ability to add compute capacity in the form of CPU or memory to a running system by simply activating it. The resources must be pre-staged in the system prior to use and are (typically) turned on with an activation MSPP - Multiple Shared Processor Pools. This is a capability introduced in Power 6 systems that allows for more than one SPP. NIM - Network Installation Management / Network Install Manager (IBM documentation refers to both

1 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

key. There are several dierent pricing models for CoD. DLPAR - Dynamic Logical Partition. This was used originally as a further clarication on the concept of an LPAR as one that can have resources dynamically added or removed. The most popular usage is as a verb; ie: to DLPAR (add) resources to a partition. HEA - Host Ethernet Adapter. The physical port of the IVE interface on some of the Power 6 systems. A HEA port can be added to a port group and shared amongst LPARs or placed in promiscuous mode and used by a single LPAR. (See IVE) HMC - Hardware Management Console. An "appliance" server that is used to manage Power 4, 5, and 6 hardware. The primary purpose is to enable / control the virtualization technologies as well as provide call-home functionality, remote console access, and gather operational data. IVE - Integrated Virtual Ethernet. The capability to provide virtualized Ethernet services to LPARs without the need of VIOS. This functionality was introduced on several Power 6 systems. IVM - Integrated Virtualization Manager. This is a management interface that installs on top of the VIOS software that provides much of the HMC functionality. It can be used instead of a HMC for some systems. It is the only option for virtualization management on the blades as they cannot have HMC connectivity. LHEA - Logical Host Ethernet Adapter. The virtual interface of a IVE in a client LPAR. These communicate via a HEA to the outside / physical world. (See IVE) LPAR - Logical Partition. This is a collection of system resources (CPU, Memory, I/O adapters) that can host an operating system. To the operating system this collection of resources appears to be a complete physical system. Some or all of the resources on a LPAR may be shared with other LPARs in the physical system. LV - Logical Volume. A collection of one or more LPs (Logical Partitions) in a VG (Volume Group) that provide storage for lesystems, journal logs, paging space, etc... See the LVM section for additional information. LVCB - Logical Volume Control Block. A LVM structure, traditionally within the LV, that contains metadata for the LV. See the LVM section for additional information. MES - Miscellaneous Equipment Specication. This is a change order to a system, typically in the form of an upgrade. A RPO MES is for Record Purposes Only. Both specify to IBM changes that are made to a system.

expansions of the acronym.) NIM is a means to perform remote initial BOS installs, and manage software on groups of AIX systems. ODM - Object Data Manager. A database and supporting methods used for storing system conguration data in AIX. See the ODM section for additional information. PP - Physical Partition. An LVM concept where a disk is divided into evenly sized sections. These PP sections are the backing of LPs (Logical Partitions) that are used to build volumes in a volume group. See the LVM section for additional information. PV - Physical Volume. A PV is an LVM term for an entire disk. One or more PVs are used to construct a VG (Volume Group). See the LVM section for additional information. PVID - Physical Volume IDentier. A unique ID that is used to track disk devices on a system. This ID is used in conjunction with the ODM database to dene /dev directory entries. See the LVM section for additional information. SMIT - System Management Interface Tool. An extensible X Window / curses interface to administrative commands. See the SMIT section for additional information. SPOT - Shared Product Object Tree. This is an installed copy of the /usr le system. It is used in a NIM environment as a NFS mounted resource to enable remote booting and installation. SPP - Shared Processor Pool. This is an organizational grouping of CPU resources that allows caps and guaranteed allocations to be set for an entire group of LPARs. Power 5 systems have a single SPP, Power 6 systems can have multiple. VG - Volume Group. A collection of one or more PVs (Physical Volumes) that have been divided into PPs (Physical Partitions) that are used to construct LVs (Logical Volumes). See the LVM section for additional information. VGDA - Volume Group Descriptor Area. This is a region of each PV (Physical Volume) in a VG (Volume Group) that is reserved for metadata that is used to describe and manage all resources in the VG. See the LVM section for additional information.

Disks, LVM, & Filesystems

2 of 22

01/28/2013 10:57 AM

AIX QuickStart Concepts

LVM (Logical Volume Manager) is the ever-present disk and volume management framework for AIX. The level of integration is visible not only in leystem commands that understand the underlying LVM, but in other, higher level, commands like the install and backup utilities that can optionally grow lesytems when necessary. Physical disks (hdisks) are placed under LVM control by adding them to a VG (volume group). Within LVM, these disks are referred to as PVs (Physical Volumes). Each PV in a VG contains a unique ID called a PVID. The PVID of a disk is used to track all disks in a VG, but also provides a device name independence that makes importing, exporting, and disk management much simpler. Because the unique characteristics of the disk become the identier, the device name remains consistent but does not need to as (properly) renaming / reordering disks under LVM control is of little consequence. Once a hdisk is placed into a VG it is divided into PP (Physical Partitions). PPs are then used to create LVs (Logical Volumes). An additional layer of abstraction is placed between an LV and a PP called a LP (Logical Partition) that allows for more than one PP to be used (i.e. mirrored) to back each portion of a LV.

http://www.tablespace.net/quicksheet/aix-quickstart.html

The ODM is central to managing o-disk LVM structures and physical device to hdisk mappings. When a VG is created or imported this information is added to the ODM as well as other system les such as /etc/f . AIX LVM supports several versions of VGs that have been introduced over the lifetime of the product. The VG types are normal, big, and scalable. Normal VGs were the original creation and are more limited than the big or scalable types. The easiest way to tell the type of an existing VG is to look at the Max PV value for the VG (see example in the next section).
VG Type mkvg Max Max Max option PV LV PP Legacy Big -B 32 128 256 512 3512 130048 Notes Can be converted to Big VG LVCB data is stored in the head of the data area in the LV

Scalable -S

1024 4096 2097152 Default LV and PP values are lower and can be increased to shown maximums

A simplistic logical view of two PVs in a VG providing mirrored PPs for a LV.

Several on-disk structures are responsible for holding all LVM information. The VGDA resides on each disk and holds structural information such as the member PVs. The VGSA also resides on each disk and contains status information on all member devices. The LVCB varies by VG type but traditionally has resided in the rst part of an LV (when it exists as a separate structure). In addition to the basic LVM commands that manage these structures, there are a number of lower level LVM commands that accesses this metadata more directly. The rst disk in a VG will have two copies of the VGDA, and a two disk VG will have one disk with a

The default lesystem on AIX is JFS2. JFS2, and it predecessor JFS, are both journaling lesystems that utilize the fundamental Unix lesystem structures such as i-nodes, directory structures, and block allocations. (Technically, JFS2 allocates blocks in groups called "extents".) JFS2 is not an implementation of UFS and expands considerably over basic lesystem features with such capabilities as snapshots, dynamic i-node allocation, online growth, extended attributes, and encryption. AIX provides a layer of abstraction over all supported lesystems that map lesystem specic structures to standard Unix lesystem tools so that lesystems like JFS2 appear as an implementation of UFS. While most journaled Unix lesystem implementations use inline logs (within the lesystem structure), AIX tends to use a special type of LV that is created only to contain log data. The jfs(2)log LV can provide logging capability for more than one lesystem LV. The log type must match the lesystem type. JFS2 can log to an inline log, but these implementations tend to be the exception to the rule. The default lesystems that are installed with AIX:
hd1 hd2 hd3 hd4 hd5 hd6 /home /usr /tmp / root BLV (Boot Logical Volume) Paging space

3 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

single VGDA and the other with two copies. For three disk and larger VGs, each disk has a single copy of the VGDA. The concept of quorum is achieved when > 50% of the copies of the VGSA/VGDAs are online. If quorum is lost then the VG can be taken oine. Quorum is problematic for two disk VGs because the loss of the two VGDA disk means a loss of the entire VG. In a mirrored conguration (a typical case for two-disk VGs) it is inappropriate to oine the VG for a single disk failure. For this reason, quorum rules can be turned o in the case of a two disk mirrored VG.

hd8 hd9var hd10opt livedump /var /opt

JFS2 log

hd11admin /admin /var/adm /ras/livedump /proc

New in 6.1 New in 6.1 TL3 procfs pseudo lesystem

Management

List all PVs in a system (along) with VG membership Find the le usage on the /var lesystem lspv du -sm List all LVs on PV hdisk6open les in /da List users & PIDs with mount lspv -l hdis fuser List all imported VGs List all mounted lesystems in a factor of Gigabytes lsvg df also available) (-m -g and -k are Find what PV the LV called data List all VGs that are imported and on-line is on lsvg -o lslv The dierence between lsvg and lsvg are The "COPIES" column relates the mirror -o the imported VGs that are oine. distribution of the PPs for each LP. (PPs should List all LVs on VG vg01 only be listed in the rst part of the COPIES section. See lsvg -l the next example.) The "IN BAND" vg01 column tells how much of the used PPs in this List all PVs in VG vg02 PV are used lsvg -p for this LV. The "DISTRIBUTION" vg02 column List lesystems in a fstab reports the number of PPs in each -like format region of the PV. (The distribution is largely lsfs irrelevant for most Get extended info about the /home modern SAN applications.) lesystem Create a LV with 3 lsfs -q copies in a VG with a single PV /hom Create the datavg VG on hdisk1 with 64 MB PPs mklv mkvg -y an anti-example to demonstrate Note: This is data how the COPIES column works. Create a 1 Gig LV on (previous) datavg This LV violates strictness rules. The COPIES column from ls mklv -t jfs2 -l bad Create a log device on datavg VG using 1 PP looks like: 004: mklv -t Move a LV from hdisk to hdis jfs2 migrat Format the log device created in previous example logform Move all LVs on hdisk to hdis /dev migrat Place a lesystem on the previously created datalv crfs -v jfs2 The migra command is an atomic command in that it does not return until A jfs2 log must exist in this VG and be complete. Mirroring / breaking LVs is an logform (ed). (This was done in the previous alternative to explicitly migrating them. See steps.) -m point for the fs, species the mount additional migra and -A is a option to automaticallyy mount , mirr , and mk (with mount examples in this section. ). -a Create a scalable VG called vg01 with two disks Put a PVID on hdisk chdev mkvg -S -y v Create a FS using the VG as a parameter PVIDs are automatically placed on a disk when added to a crfs -vVG jfs2 Remove a PVID from a disk -A y -a siz The VG name here is "simplevg". A default LV chdev naming convention of fslvXX not residual will be used. The This will remove the PVID but LV, and in this case log-LV, will be automatically VGDA and other data on the disk. dd can be created. used to scrub remaining data from the disk. Take the datavg install CD/DVD also provides a "scrub" The AIX VG oine

4 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

feature to (repeatedly) write patterns over data varyoffvg da on disks. Vary-on the datavg VG Move (migrate) VG vg02 varyonvg hdis from to hdi dat extend By default the import operation will vary-on the migrat VG. An explicit vary-on will be required for reduce concurrent volume groups that can be imported onto two (or more) systems at once, but only Mirroring and then unmirroring is another varied-on on one system at a time. method to achieve this. See the next example Remove the datavg vg02 Move (mirror) VG VG from the system from hdis to hdi extend exportvg dat mirror Import the VG on hdisk5 as datavg unmirr importvg -y reduce The VG in this example spans multiple disks, but it is only necessary to specify a single In this example it is necessary to wait for the member disk to the command. The LVM system mirrors to synchronize before breaking the will locate the other member disks from the mirror. The mirro command in this example metadata provided on the single disk provided. will not complete until the mirror is established. Import a VG on a disk by PVID as datavg background, The alternative is to mirror in the but then it is up to the importvg administrator to insure -y that the mirror process is complete. Grow the /var lesystem by 1 Gig Create a striped jfs2 chfs -a partition on vg0 size mklv In each of the chfs grow lesystem examples, vg01 AIX will automatically grow the underlying LV to the appropriate size. This creates a stripe width of 2 with a (total) Grow the /var stripe size of 32K. This command will result in lesystem to 1 Gig an upper bound of 2 (same as the stripe size) chfs -a size for the LV. If this LV is to be List the maximum LPs for LV fslv00 extended to another two disks later, then the upper bound lslv fslv00 must be changed to 4 or specied during Increase the maximum LPs for fslv00 LV creation. The chlv -x VG in this example was a scalable 2048 VG. Create a mirrored copy of fslv08 Determine VG type of VG myvg mklvcopy -k lsvg m syncvg must be run if the -k (sync -l f now) switch is not used for mklvcopy . MAX PVs is 32 for normal, 128 for big, and 1024 Add hdisk3 scalable VGs. for and hdisk4 to the vg01 VG Set the system to boot to the extendvg CDROM on next boot vg0 Mirror rootvg (on hdisk0 ) to hdisk1 bootli extendvg one of the mirror pairs roo The system will boot to mirrorvg -S (hdisk0 or hdisk ) if the boot from the CD bosboot -ad ROM does not work. This can be returned to bosboot -ad normal by repeating the command without cd . bootlist List the boot device for the next boot -m The -S mirrors the VG in option to mirrorvg bootli the background. Running bosboot on hdisk0 is not required - just thorough. Command reference: lspv, lsvg, lslv, mkvg, mklv, reducevg, extendvg, mklvcopy, chvg, logform, lvmo, exportvg, importvg, varyonvg, varyovg, bosboot, bootlist, /etc/lesystems, crfs, chfs, lsfs, rmfs, mount, fuser, df, du

NFS

List Many of the NFS commands accept the -I all exported le systems , -B , or -N switches. These three switches are used to control showmo the persistence of the command. -B or is now and future boots, -I not now), and -N is future boot (but export is now (but not next boot). The -B Temporarily export the /varuna_nfs directory option tends to be the default. The following table relates how export these options modify the NFS commands: /varu

5 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

The root users on vishnu and varuna are given root access to this share. This export was used -I to create a system WPAR called varuna on a -B LPAR called vishnu that can be found in the -N WPAR section below. Export all entries in /etc/exports export The NFS daemons are started out of /etc/ini (Temporarily) unexport the /proj share using the /etc/rc.nfs script. The mknfs and rmnfs export commands toggle the inittab entries and control if Permanently export the /proj share the NFS system starts. mknfse The "share" commands are provided for The -N are valid with this , -I , and -B options compatibility with other Unices. The share command. Here, the -B is implied. If the NFS commands are links to the exportfs command. services are not set to re-start on boot then this export will technically not be "permanent" as Enable NFS daemons now, and on next start the share, even though this entry is permanent, mknfs will not be enabled after next boot. Disable NFS daemons now, and on next start List clients of this host with share points rmnfs showmo See if NFS will start on boot Add an entry to the /etc/ le lsitab rcnfs mknfsm This command simply lists the rcnfs entry in -h mu /etc/initta . If one exists (and is not Note that the -A and -E switches cannot be commented out) then the rc.nfs script will be stacked (-AE ). -A species run from inittab to mount on boot (and start NFS). and -E mount option. species the intr Start NFS daemons now, but not at next boot
Flag Now After Boot

mknfs -N Command reference: showmount, chnfs, mknfs, or rmnfs, nfso, automount, chnfsexp, chnfsmnt, startsrc -g exportfs, lsnfsexp, lsnfsmnt, mknfsexp, mknfsmnt, List the status of the NFS services rmnfsexp, rmnfsmnt, mount lssrc -g nfs

Other

Mount DVD media in the DVD drive The procfs is the single (default) pseudo fs. Interestingly, /proc is not used by commands like mount ps or topas but is used by commands like truss . Mount CD media in the CD/DVD drive Additional information on /proc can be found in the mount header le <sys/procf and the /proc Both the cdrfs and udfs are dierent types as InfoCenter page. dened in /etc/ , but both seem to work for AIX DVD media. A list of supported lesystems can be found in the /etc/vfs le. The cdromd daemon is used to automount CD / DVD Command reference: chps, lsps, rmps, swapo, media. It is not enabled by default. cdromd uses the swapon, mount, umount, cdromd, cdeject, /etc/cdromd. le to congure default options cdmount, cdcheck, cdumount, cdutil for the cdX device such as the default mount directory. Paging spaces are specied in the /etc/swap le. The chps , mkps , rmps , and lsps commands are used to modify / view this le. Find your CD/DVD ROM lsdev -Cc cd List all paging spaces lsps -a Grow the hd6 paging space by 4 LPs chps -s 4 hd The current LP count and LP/PP size can be found using lslv . hd6

6 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

Networking
Concepts

The /etc/r Ethernet devices are entX devices while enX and uses a traditional format, but can be managed via the nam etX frame types that devices represent dierent and *n run on the underlying entX device. Typically the enX commands. The /etc/ le is the AIX version of the nsswi device is what is plumbed on most networks and le in that it determines the service lookup order for name etX is not used. services. Attributes of the entX device are physical layer Hostname lookup order is determined using connection settings such as speed and duplex as well as driver settings such as transmit and receive /etc/i , then /etc and nally queue sizes. Attributes of the enX . (The order of precedence is reverse device are $NSORD congurable items such as IP address, subnet meaning, for example, a value set in $NS will mask, and some TCP/IP tunables. be used over the other two methods.) The Like the enX is not a device, the inet0 device irs.co and $NSOR methods are typically not physical device. It is a representation / used. management interface for the Internet (networking) Network related tunables can be set globally, subsystem. The hostname, routing info and TCP/IP per-interface, or per-socket connection. Most global conguration method are attributes of this device. tunables are managed with the no command. Networking is typically started from /etc/rc. Interface specic tunables are set on the en or the enX using the settings stored in the ODM (and not from devices using the chde command. AIX now recognizes a ISNO (Interface Specic Network rc.tcpip ). When started in this manner several Option) ag that overrides many of the global helper commands are responsible for pulling the settings and uses the settings for each interface cong from the ODM and conguring devices. over those set globally. This is an important concept Alternatively, /etc/rc.ne can be congured to as much application documentation still refers to use ifconfig commands or /etc/rc.n can be the global settings while the default is now to use bypassed completely and /etc/rc.b can be the local settings. ISNO can be determined from used instead. The setting that determines which querying with method (rc.net the no or rc.bsdnet ) is used is stored as command or looking at an attribute to the inet0 device. (The point here is ifconf results. Examples of retrieving the not necessarily to recommend the use the defaults, ranges, and current values as well as alternative methods but to point to where the setting new values are shown in the next section. options are set and where additional details on the Settings for the HEA (Host Ethernet Adapter) are not process can be found.) always set from the OS. Physical layer settings for AIX supports trunking (EtherChannel / 802.3ad), this device are typically set from the ASMI menus or tagged VLANs (802.1q), Virtual IP addresses (VIPA), from the HMC. dead gateway detection (multiple default Changes were made to the AIX 6.1 network gateways), IP multippath routing, and network tunables. The no many tunables command will list adapter backup. The network adapter backup does as "restricted". IBM recommends against changing not require EtherChannel but is part of the smitty a restricted tunable from the default. EtherChannel setup section.

Management

The assumption of this section is that rc.net / ODM To view the (current) route table is used for IP conguration. If the conguration is netsta not stored in the ODM and is congured via script To view the (persistent) route table from the ODM then many of these "temporary" commands could lsattr be used to persistently congure the IP settings. Add an entry for "rhodes" to the hos le The following examples also assume the use of en0 hosten -h " over et0 . The hoste is a command for editing the /etc/h le. Most edits on this le are done List all Adapters in the system by hand. The hoste lsdev -Cc is mentioned command ad here rst for its potential use as a scripting List all interfaces in the system tool, but also as an example of the pervasive lsdev -Cc if tool-managed nature of AIX. Initial setup of an interface

7 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

mktcpip List all services represented by inet lssrc Note that mktcpip has an exceptional amount of options. They are not listed here because List all open, and in use TCP and UDP ports this command is a prime example of when to netsta use SMIT. See next item for more typical use. List all LISTENing TCP ports Smitty interface to initial TCP/IP setup netsta smitty netcd Flush the DNS cache mktcp This command is usually run once for a system netcdc (typically in the post-install setup if run from Get (long) statistics for the ent0 device CD/DVD), additional changes can be done entsta directly via the chdev command or via the or smitty menu screen. netsta conf Permanently set the hostname Remove the -d for shorter option from ent results. The output of ents chdev -l varies by device ine type. Virtual, physical, and IVE (LHEA) devices Temporarily add a default route all produce dierent results. Use caution and route add de test throughly when scripting this command. Temporarily add an address to an interface List all network tunables ifconfig en0 netmask 25 no -a Temporarily add an alias to an interface List all tunable settings in long format ifconfig no -L en0 netmask as well as 25 The "long" format is more readable displaying current, default, persistent, min and To permanently add an IP address to en1 max values. chdev -l en1 Get a description of the use_ -a netmask tunable Permanently add an alias to an interface no -h chdev These descriptions were expanded in AIX 6.1. -l en0 alias4=192 Additionally many will be listed as restricted where they were not in previous versions. Remove a permanently added alias from an interface Turn o-l Interface Specic Network Options chdev en0 delalias4= no -p Remove all TCP/IP conguration from a host The following tcpdu examples are simplistic and limited, an extended usage description for tc rmtcpip View the settings on inet0 is beyond the scope of this document. The intent is to give lsattr a few easy examples that can be expanded -El i to the This can be run for ent0 users needs. Additional help with lter and en0 as well. These expressions and command line options is available settings are typically stored in the ODM object on the tcpdump InfoCenter page. Also note that repository CuAt and are retrievable via odmget -q. name=ine while eorts have been made to account for line wraps in the printed version, these Determine if rc.bsdnet is used over rc.net commands remain lsattr un-wrapped for readability. -El i Watch all telnet packets from aachen Find actual (negotiated) speed, duplex, and link entstat tcpdum -d e The interface must be up (ifconfig ) -N gives short host names. for stats to be valid. The netstat Watch connect requests command gives similar results. tcpdum Set (desired) speed is found through the entX device -q gives abbreviated packet info. Watch all lsattr connection requests to port 23 -El e Set the ent0 link to Gig full duplex tcpdum and po chdev -l ent media_spee Auto_Negoti is another option (see the Command reference: mktcpip, rmtcpip, ifcong, next example). netcdctrl, no, tcpdump, chdev, lsattr, entstat, View all congurable options for speed and duplex netstat, route, host, hostname lsattr -Rl e Find the MTU of an interface netstat -I e

8 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

System Conguration & Management

Devices

Get device address of hdis Physical device to /dev device representations are mapped via ODM database entries. Actual locations getcon of devices can be retrieved using the lscfg or or lsdev commands. The mapping provided by the bootin ODM provides a persistent binding for device This is the same information available from names across boots of the system. other commands, just not requiring gre ing or The mapping of physical devices to the logical awk ing to retrieve this specic data. bo devices in /dev is an automated process performed is not ocially supported as an administrative by the operating system. It is typically not required command. to move or otherwise re-order these devices. In a Get the size (in MB) of hdis highly dynamic environment where devices are getcon added and removed, it may be advantageous to or clear previous instances of a device from the ODM bootin and /dev directory. Note that a full path to the device is required New devices are added to the system with the for the getco version. Find the cfgmgr possible parent devices of hdi command. Logical instances of of devices can be removed from the system via the rmdev lspare command. rmdev simply tells the system to forget This lists all devices that support that device the device, so unless the physical device is actually type, not the specic parent of this device. See removed it will simply be found and re-created the following lsdev examples for methods of when the cfgmgr devices. nding parent command is run again (e.g. at List all child devices of scsi next boot). Device support requires that the appropriate lsdev packages (drivers) are installed for each device. List all disks belonging to scsi The default AIX install includes support for devices lsdev not on the system. If a device is newer or a minimal Test if hdisk2 is a child device of scs OS install was done then support may not be lsdev included for new devices. In this case the cfgmgr This command will list all devices that meet the criteria of being hdis command will ag an error that an unsupported and belonging to device has been found. scsi2 . Either it will list a device or it will not. Device conguration options are stored in the Find the location of an Ethernet adapter pre-dened device databases of the ODM. lscfg Information about actual devices are stored in the Find device specic info of an Ethernet adapter congured device databases of the ODM. These lscfg congured options include instances and well as One key piece of device specic info would be conguration options to the devices / drivers. the MAC address. This command works for The lsdev HBAs and other addressed adapters. The *s command is used to list devices in the predened and congured device (ODM) databases. commands also tend to return addresses, often The lscfg formatted in a more readable manner. See the command is used to display VPD (Vital next example for an HBA / with the gre Product Data) information about each device. To nd all devices the system knows or has congured command to isolate the address. at one time use the lsdevthe fcs0 Find the WWN of command. To search for HBA adapter a device by a specic type, class, parent device or lscfg other complex criteria use the lsdevinformation on HBA fc command. To Get statistics and extended nd the serial number or device specic identier of fcstat a device use the lscfg *stat command. Similar commands exist for numerous types of devices such as ents , ibs , toksta , fddis , etc.. List all devices on a system List all MPIO paths for hdisk0 lsdev lsdev lspath queries the predened or congured databases using the -P and -C ags Temporarily change console output to /co respectively. In this case the -C swcons ag is implied. Addition of the -H option includes column Use swcon to change back. header info. Find the slot of a PCI Ethernet adapter

9 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

List all disk devices on a system lsslot lsdev The lsslo -Ccnd cards that command is used to di are hot-swappable. Not all systems will support See next example for a list of potential classes this command. as arguments to the -c option. List all customized device classes Command reference: lsdev, lsparent, lscfg, lsattr, lsdev -Cr cl Customized device classes mean that they chdev, rmdev, cfgmgr, lscons, swcons, fcstat, exist (or have existed) on the system. For a list entstat, ibstat, getconf getconf, lsslot, drslot of predened devices (ones that AIX could support) change the -C option for -P . List locations of all hdisks in the system lscfg -l 'hd This can be accomplished via the lsdev command. The point here is to show the use of wildcards in a lscfg option. Remove hdisk5 rmdev -dl hd The -d congured device option removes the entry from the ODM. Unless the device is physically removed, cfgmgr will bring it back.

SMIT (System Management Interface Tool)

SMIT is a system management tool that assists the administrator with AIX utilities by providing an ASCII (curses) / X-Window GUI interface to those tools. SMIT provides pick lists and menus for command line options to AIX tools. The interface is designed to aid with recognition of more obscure switches, provide additional security & accounting, and perform some validation on the input to those commands. The SMIT interface is not a monolithic binary, but an extensible framework of screens that relies upon underlying OS commands to do the work. Each SMIT screen is stored as a collection of ODM objects in SMIT specic object classes. Stepping through the complex menu system can be avoided by jumping directly to a screen when a fastpath is specied when SMIT is invoked. Fast paths are single word (no spaces) phrases that typically are the command that will be run in that screen. The fast path for the current screen can be determined by using the F8 key while in that screen. Sample fastpaths:
mktcpip lvm mkuser pgsp _nfs subserver mpio chgenet vlan Initial TCP/IP setup Root of the LVM menus Screen to add a user Root of the paging space menus Root of NFS menus inetd cong Root screen for all MPIO operations Congure paramaters on the ent device(s) Root of menus to manage VLAN congurations

SMIT can be invoked from the command line using smit curses or smitt . smit will start either the based version or the X Window version depending upon the presence of the X Window system. sm will always start the curses (tty) version. Additional information on customizing the SMIT interface can be found on the "Extending SMIT For Common Localized Tasks" page. Key sequences (for the curses version)
F3 (Esc-3) F4 (Esc-4) F6 (Esc-6) F5 (Esc-5) F8 (Esc-8) F10 (Esc-0) /phrase n Tab Exit current screen Generate a pop-up list that can be chosen from List the command that will be run Reset the eld to the original / default value Show the fast-path tag for this screen Exit SMIT Search for phrase in a list Used to nd the next occourence of the search phrase Used to alternatively select items from a "ring" (a short list).

Symbols that denote eld data requirements:

* This is a required eld # This eld requires a numeric value / This eld requires a path X This eld requires a hexadecimal number ? The data entered will not be displayed + Data can be retrieved from a list

etherchannel Root of EtherChannel / 802.3ad memus

10 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

mkvg

Beginning screen to create a new VG

SMIT will save a script of runnable commands in ~/smit.scrip and ~/smit.tra as well as a log of commands run in ~/smit.lo . When invoked with the -x run any of switch, SMIT will not the commands but will write the commands it would run to ~/smit.sc and ~/smit.trans . (Note: With the -x switch SMIT will still run the discovery commands to build lists and nd default/existing values but not the action commands.)

SRC

The SRC (System Resource Controller) is a process Start the cdromd service manager that is used to spawn, monitor, and starts control services. Many of the standard Unix There is not a persistent ag for the st daemons are managed via this interface on AIX. command. For this service to automatically SRC does not have a persistent "service prole" and start on the next boot, a change must be made therefore does not comprehend persistence beyond to one of the system initialization les. In this the current boot. For this reason, it is necessary to case, an entry must be made in nd where the service is started and add or remove /etc/i . the startsrc Stop the cdromd service (service start) command there. The most popular locations for this are rc.tcp and stopsr inittab . Send a refresh request to the syslogd service SRC controlled processes must be started and refres stopped via the SRC interface. If a SRC process dies This would typically be communicated via a or is killed the srcmstr HUP signal. Not all SRC controlled processes daemon will re-spawn that respond to a refresh request and may require a process and log an error to the system error log. HUP signal. The core process for SRC (srcmstr ) is spawned from /etc/inittta . Services that run under SRC Command reference: lssrc, startsrc, stopsrc, refresh, control do not leave their process group (ie: have a PPID of 1), but instead, stay children of srcmstr . srcmstr List the status of the cdromd service lssrc List the status of inetd subservices lssrc List the status of all members of the NFS group lssrc

-s -l -g

cdr -s

nfs

Performance / Kernel / Tuning

The primary statistics provider for most basic splat - [T] Simple Performance Lock Analysis performance commands on AIX is the Perfstat API / Tool. Provides lock statistics. Must be kernel extension (See /usr/inc run on a system booted with lock trace /libperfstat .) This API supports most non-trace reporting enabled. based performance related tools. spray - Network load generation tool using a The trace-based tools (denoted by a "T" in the list remote sprayd daemon. Requires the below) utilize the trace facility. These tools generate RPC daemon (rpc-sprayd) to be signicantly more detail than the perfstat based registered. tools. Unfortunately the level of detail provided by svmon - Displays general to detailed reports of these tools comes at the expense of performance. VM usage on the system as a whole or Caution should be used when running these tools for individual processes. on a production system. AIX 6.1 introduced probevue , a lightweight dynamic trace facility that provides trace-like insight but with

11 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

a minimal performance impact. The probevue tcpdump - Capture network packets. Packets can command utilizes scripts written in the Vue be ltered by type, port, interface, language to dene what events to capture data on address, or other criteria. Packets can and how to report that data. Additional information be captured with detail or in summary. can be found on the ProbeVue page. See examples at the end of the With the introduction of Micro-partitions many networking examples section. commands were modied both to account for topas - topas is a curses-based, interactive, performance statistic gathering in the virtualized multi-area, general performance environment as well as reporting virtual statistics. reporting tool. topas is often the rst When WPARs were introduced many commands tool used in a performance tuning were extended to report per-WPAR or WPAR specic exercise. New topas users may nd statistics. The WPAR specic options are typically useful info on the local introduction to enabled with the -@ switch. Commands in the topas page. following list that support this option are marked tprof - [T@] A trace based proling tool. with the "@" symbol. - Reports syscall, signals, and most The *o schedo commands (vmo , , no truss , nfso , raso , aspects of system interaction by a ioo , and lvmo ) are used to view and set system process. related tunables. Persistent tunables are saved in /etc/tunable . Some persistent uptime - Reports system uptime as well as 1, 5, tunables are inserted in and set from the BLV and 15 minute system load averages. (therefore they require that bosboot run to set the vmstat - [@] Report statistics from the virtual value for next boot. memory subsystem. The following is a list of general and lower-level system commands for performance and Note: The examples section is not meant to be diagnostics: comprehensive or even well representative of the atmstat - Show statistics and device details for available options and performance monitoring ATM adapters methods. The scope and design of this page does curt - [T@] CPU Utilization Reporting Tool. A not allow for a full treatment of the performance trace based tool for monitoring CPU tools. Each section requires a careful selection of activity. the command examples and information that is of use. This section requires signicantly more entstat - Show statistics and device details for abbreviation to t in a reasonable space. The goal Ethernet adapters has been to give a mix of some common examples fcstat - Show statistics and device details for along with some that are slightly atypical. FC HBAs Most iterative commands here use two second fddistat - Show statistics and device details for intervals. This is done only to make them consistent FDDI adapters when showing the iterative options. leplace - Show fragmentation and block / fs usage for a le. List processes in ptree-like output lemon - [T@] Generate a report of advanced / detailed disk statistics that highlights where I/O was generated and what generated it. - Generate proling statistics for a binary. - [@] Supports I/O statistics on multiple device types, but used primarily as a rst line disk I/O statistic reporting tool. - [@] Remove IPC (InterProcess Communication) semaphores, message queues, and shared memory segments - [@] List IPC (InterProcess Communication) semaphores, message queues, and shared memory segments - Network packet tracing daemon. Results can be viewed with ipreport

gprof iostat

ipcrm

ipcs

iptrace

ps -T1 List all le opens for the ls process truss List all le opens for a running PID truss 274676 is simply a PID that was active on the system when I created the example. List all open les for a running PID procfi List all memory segments for a running PID svmon Get a lename for an inode from previous results ncheck Once again, this example is of a local (to this system) inode value. In this case svm returned the inode and lesystem of the le the actual lename was desired. Enable advanced statistics gathering on VG da lvmsta

12 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

istat

- A command line stat() tool. It gives similar info to ls but in potentially more scriptable output. -

kdb

lparstat

lvmstat

mpstat

netpmon -

netstat

pmcycles -

pprof

Use -e to enable, -d to disable. Monitor network throughput for ent0 while Bytes An interactive user-space command for First column is transmit and second is receive. viewing kernel structures, memory This is a non-curses based example, see the locations, tables, etc... from a running next example for a topa based solution. system or a dump of the kernel. Monitor network throughput for all interfaces [@] Reports per-LPAR statistics topas primarily memory and CPU utilization. Paging - in use Also reports virtualization-aware svmon statistics such as entitlement The -ito iterate every two parameter tells 2 consumption and hypervisor calls. The seconds. WPAR ag on this command is -W - activity not Paging -@ . vmstat Reports I/O statistics on VG structures Show top -like CPU usage by process (as opposed to per-disk statistics). topas Statistics gathering must be enabled Show system wide CPU usage with the -e switch before use. mpstat Get NFS server statistics [@] Reports performance statistics while such as interrupts, context switches, done min/maj faults, system calls, and Generate CPU load processor anity. dd if= [T@] Reports detailed network, socket, List I/O stats organized by adapter and NFS related statistics over an iostat interval. Get extended I/O stats on just two disks [@] Show networking status for iostat TCP/UDP through physical layers. List I/O stats by le system A tool to measure actual CPU speed iostat (presumably for CPUs that may go into Not supported on 5.3 power save). Show network statistics for interfaces netsta [T@] Reports detailed statistics on kernel threads.

probevue - Lightweight dynamic tracing tool that utilizes the Vue language. Additional ProbeVue resources are available locally on the ProbeVue page. ps pstat rmss - [@] List processes - Show the contents of several system tables from a core le or active kernel. - Tool to simulate a reduced memory footprint for an application. Running the LPAR with reduced memory may be a more popular alternative to this command.

ODM

The ODM (Object Data Manager) is a database store Object classes are implemented as one or two les for system information on AIX. The ODM is primarily depending upon the data types used in the used for system items such as device instances and denition of the object class. The primary le has the conguration options for those devices but may the same name as the object class. An optional le also be used for applications such as SMIT. ending in .vc is used for variable length and The ODM is a collection of object classes (les) that multi-byte nchar data. The ODM data les are not are primarily in /etc/objre recognized by the file but also stored in command so I have included a sample MAGIC for both le types. /usr/lib/obj , /usr/share

13 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

and the BLV. The copy and/or location of the ODM to use is specied either by an application or the 0 lo ODMDIR / ODMPATH environmental variables. For 0 lo example, the SMIT screens are stored in object file classes in /usr/lib/ob but can be stored in MAGIC entries for ODM les an alternate ODM source. See the "Extending SMIT For Common Localized Many introductions to the ODM use typical database Tasks" page for info on using an alternate ODM examples to show how data is stored and retrieved. source for SMIT. While this is useful for understanding the structure While applications can create object classes of an object class it is counter-productive in that it anywhere they wish, the system object classes masks what is really stored in the ODM. Another primarily exist in the three directories listed in the method of learning the ODM is to use the previous point. This is done to separate data based truss-query method. This means that you wrap a upon the type of lesystem it is in. Data that is command in truss (trus ) to capture the specic to a system is stored in /etc/obj . le opens, then query the resulting object classes Platform specic data that can be shared across for the data they contain. systems (such as a network boot) is stored in The ODM command line tools work on two dierent /usr/lib/obj . Platform independent data formats of input/output from the object classes. The that can be share across systems is stored in structure of the object classes are dened in a /usr/share/l . One example of this is syntax that is very similar to a C struct. Actual the lpp object class that exists in all three locations. object data is structured in a stanza format. The lslpp will query each of these object -l classes and display each in its own group. class The primary benets of the ODM is that it stores sho complex data, enforces data types on that data, sho and provides a rich API / set of command line vch utilities to access it. The API supports locking that }; insures a view consistency that is not guaranteed Example of odmcreate/odmshow struct. (Nonsensical table with at les. with two short int(eger)s and a string.) When mapping ODM to database concepts, an ODM object class is the equivalent of a database table, CuAt: and is implemented as one or more les. An ODM n object would be a row in that table. An object a descriptor would be the equivalent of a database v column denition. t The ODM supports relations in the form of the "link" g data type. It does not allow for joins of the data, nor r does it enforce referential integrity during inserts. n The ODM does not enforce a primary key, Example of odmadd/odmget stanza syntax. (Actual output specically the unique constraint of a key. For this from a system.) reason, it is possible to have duplicate objects in a object class. ODM command line tools: Steps to shrink an ODM object class called "Bloat"
odmget Query data from an ODM object class. Specic queries are supported with the -q option, but it is not possible to limit results to specic "columns" without using another command like grep. If the query string is omitted, then all data will be returned. (This is an eecive way to back up the data from the object class.) The data will be returned in the odmadd/odmget stanza format. Insert data into an ODM object class. The data must be in the odmadd/odmget stanza format. Because null values are not allowed, all "columns" must be lled with appropriate data.

odmadd

odmchange Change data in an ODM object class. A query syntax allows the user to specify a limited set of objects (rows). The data changed is specied in a odmadd/odmget

odmsho odmget odmcre odmadd odmsho saves the table denition. odm saves the table data. odmc re-creates the table. odmad restores the data. This is not a popular task on AIX. The example here is more to relate the purposes of the commands and give some insight into how they can be used. Determine the ODM les opened by lsa truss Query CuAt for the inet0 cong odmget The SMIT customization page has more ODM

14 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

stanza format. The stanza le does not need to be complete as only the descriptors (columns) present in the stanza le will be changed in each matched object. odmcreate Creates an ODM object class based upon an odmcreate/odmshow "struct" le. The ODM le will be created in the default directory. Existing object classes with the same name will be overwritten without warning. odmdelete Will delete objects (rows) from an ODM object class. The -q query syntax is supported to limit the objects deleted. If the query is omitted, all items will be deleted. Selective delete operations can lead to bloated object class les. odmdrop Deletes an entire ODM object class. All objects (rows) and the object class itself will be deleted. All object class les are deleted. Future queries to this object class will fail. Create a odmcreate/odmshow struct output based upon the description of the ODM object class. The results will dene each descriptor (column) in the object class (table) as well as have other data related to the current contents of the object class in comment format. This output can be used to re-create an empty object class using the odmcreate command.

command examples. Command reference: odmget, odmadd, odmchange, odmcreate, odmdelete, odmdrop, odmshow

odmshow

Software Management

A leset is the smallest manageable component in List all software packages on /dev the LPP (Licensed Program Product) hierarchy. A instal package is a collection of related lesets. An LPP is It is not necessary to explicitly mount a group of packages that tend to fall within one /dev/c . The inst command will do it product type, such as "bos" - the base operating automatically. None of the examples using system. /dev/c (including SMIT) in this section Filesets are divided by what part of the system they require the explicit mounting of the CD/DVD install to. This is either "root", "usr", or "share". ROM. These divisions are determined by install location List the software in the default repository location as well as platform dependence / independence. instal Use the lslpp RPM packages on the system ag with r ,u , or s list options to List all -O lesets from only one location. (Additional rpm -q discussion of this is found in the ODM section and List all les in the installed gcc RPM the three separate lpp ODM data stores - one for rpm -q each leset install location.) List all lesets that are applied, and can be committed Most administrators perform installs via the SMIT or or rejected NIM methods. SMIT is most popular for simple instal one-o installs and smaller environments. Use of List packages on media in /dev gencop installp directly from the command line is signicantly more complex than SMIT or NIM. Copy contents of CD to local directory The most popular SMIT fast paths are gencop -UX a install_late and update_all . The install fast path requires that a package repository be specied Copy contents of CD to default local directory on the rst screen then presents the user with a gencop screen of install options to include the option to Download AIX 5.3 TL10 updates to local repository browse and select from the supplied repository. suma Bundles are simply formatted lists of packages to be -a Rq installed as a unit. Bundle les are stored locally in The updates will be placed in the default local repository in /usr/ /usr/sys/ins and /usr/sys . /inst.data/u Install the mkinst . Bundles can be tool installed using the smitty instal ea

15 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

command. Filesets can be installed in the applied or committed states. Applied lesets retain previous versions and can be rolled back to the previous version (rejected). The rst version of a leset installed on a system is always committed. SUMA (Service Update Management Assistant) is a method to automate the retrieval of system updates from the Internet.

List all installed lesets separated by lesystem type lslpp List all installed lesets with combined lesystem info lslpp Adding the -c output option will make this scriptable in that it will be colon delimited. See the next example. List just the lesets on a system lslpp -Lc As this command will back up all mounted | List all les in the bos.mp64 leset lesystems in rootv it is necessary to account for the potential size of this le. The root user lslpp -f bos has a le size limit (fsize) and can be List all les in the root part of bos.rte.s temporarily disabled with uli lslpp -Or -f List what known leset provides ksh unlimi which_filese List the installed leset that provides /usr/bin/ Command reference: installp, inutoc, lslpp, emgr, lslpp -w /us gencopy, suma, mksysb *ksh* would have worked, but more results.

bos.a The options are: -a Apply -c Commit -g Install prerequsites -X if necessary Extend lesystems -Y Agree to licenses -d Specify a source <di bos.ad pagkage to install Backup the rootvg mksysb The options are: -l -e in /etc/exclude.rootvg Exclude les listed -i -L Create an /image.data le -v backed up List les as they are -X Extend /tmp if necessary /mnt/b The le to create

Users / Groups

16 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

AIX users and groups have an administrative attribute that determines who can make changes to that user or group. Only the root user (or equivalent RBAC role) can modify a user or group that has the admin attribute set. Regular, non-admin accounts, may be modied by members of the security group. Non-admin groups can have group administrators (that are not part of the security group) that can modify the group members. The following is a table that represents how the admin attribute of a user/group eects who can modify that item:
admin attribute = user true false group true false root user Yes Yes Yes Yes security group No Yes No Yes users on the group adms list N/A N/A No Yes

RBAC (Role Based ACcounting) is a natural maturation from using simple SUID/SGID binaries to a more granular method of granting privileges to users to accomplish tasks. Legacy RBAC was introduced in AIX 4.2.1, and was upgraded to Enhanced RBAC in AIX 6.1. This document refers to the Enhanced version of RBAC and only mentions Legacy RBAC in contrast where appropriate. Legacy RBAC was a simplied method to divide root tasks into groups and give non-root users ability to perform those tasks. This was done with traditional SUID/SGID applications that then checked to see if the user was assigned the privilege before the task was attempted. As a result, it required specialized Relationship between RBAC les. binaries that were potentially open to exploit because the processes they spawned still had Create an admin group called wfavorit with GID 501 eective root access. The benet was the more mkgrou granular division of responsibilities that RBAC List the attributes of the just-created group wfavorit promises. Unfortunately, Legacy RBAC was not lsgrou sucient to change many administrator's minds on Create an admin user called wfavorit with UID 501 the use of root for all tasks administrative. mkuser Enhanced RBAC does not rely upon SUID/SGID home=/ applications but instead allows for granular wfavor permissions based upon the users role membership Set the password for user wfavorit (run as privileged and only the permissions required to complete the user) task. The kernel only allows authorizations to pwdadm or pass non-root users for very specic actions instead of Add wfavorit as member of the security group relying on the application code to grant that access. chgrpm A user is assigned a role that aligns with an Make a group with wfavorit as the admin administrative task such as the ability to restart (or mkgrou shutdown) the system. The role is a grouping Make wfavorit an administrator of the proj group method that denes all authorizations that are chgrpm required to accomplish that type of task. List all users on the system Commands, les, and devices are added to priv* lsuser les that dene what authorizations are required to The -a attributes, but in switch lists specic perform that specic task or access that le / this case it is empty and only the user names device. When a command is run, the required are displayed. See other lsus examples in authorizations are checked against the this section for other uses of the -a switch. authorizations assigned to roles for the user List all admin users on the system

17 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

running the command. If the user lacks sucient access then permission is denied. The following table lists the key conguration les in the Enhanced RBAC system, the commands used to access/modify those les and what the les are for.
user.roles chuser mkuser lsuser chrole mkrole lsrole rmrole Provides a mapping between existing users and existing roles - both of which are dened elsewhere. Denes roles as either a group of authorizations or of sub-roles. Denes user created authorizations. System authorizations are dened elsewhere.

roles

authorizations mkauth chauth lsauth rmauth privcmds

lsuser List attributes for user wfavorit in a stanza format lsuser List login history for user wfavorit last w List the fsize ulimit for user wfavorit lsuser Change the le size ulimit to unlimited for wfavorit chuser List all groups and their IDs lsgrou List all members of the favorite group chgrpm User / Group admin command reference: mkuser, chuser, rmuser, lsuser, pwdadm, mkgroup, chgroup, rmgroup, lsgroup, chgrpmem, usrck, grpck, pwdck RBAC command reference: setkst, chrole, mkrole, lsrole, rmrole, mkauth, chauth, lsauth, rmauth, ckauth, setsecattr, lssecattr, rmsecattr User command reference: users, w, who, whoami, whodo, id, chsh, passwd, setgroups, ulimit, setsenv, last, nger

setsecattr Lists all authorizations that are lssecattr required for a command to rmsecattr complete its task. setsecattr Lists all authorizations that are lssecattr required to read or write to a rmsecattr le. setsecattr Lists all authorizations that are lssecattr required to read or write to a rmsecattr device.

privles

privdevs

The user environmental variables are stored in /etc/environ and /etc/secu . The variables set in /etc/envir are given to all users and processes while the settings in /etc/securit are per-user. User limits are set for login processes from the /etc/securit le. The chuser command can be used to modify this le. The default options for the mkuser command are stored in /usr/lib/se . The /etc/securi le is the shadow password le. The last the command returns login information for system (from the /var/adm/w le. The /etc/securit le contains per-user information on each users login attempts.

Other
Boot Process
The normal numbers represent what you see as the step begins. The red numbers are error codes when that command / step fails. This is not a complete list of error codes. A more complete set can be found in Diagnostic Information for Multiple Bus Systems.
Power on Hardware initialization Retrieve bootlist from NVRAM Locate BLV and load into memory 20EE000B

cfgcon congures console c31

(cfgcon exit codes. c33 is assumed here) c32, c33, or c34 System hang detection is started Graphical desktop is (optionally) started c33

saveba updates ODM copy on BLV 530

System LED is turned o

syncd & errdem started rm -f

18 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

Kernel initializes and mounts RAM FS RAM FS is resized Logging begins

Start several optional services

Phase 1 (rc.boot completed" 1 ) log: "System initialization

Phase 3 complete, init continues processing initt

The previous boot process restbase listing is for a normal disk copies ODM to RAM FS 548 boot. This will vary for network, tape, and CD boots. cfgmgr congures base devices in ODM 510 Read the contents of /sbi for specics bootinfo determines boot device 511,554 on each boot device method and type (normal or service). Phase 2 (rc.boot ) 2 The boot order is stored in NVRAM. The settings are ipl_varyon varies on rootvg 551,552,554,556 set and retrieved using the boot command. fsck 517,555 of / The BLV (Boot Logical Volume) is /dev/hd5. It is mount of / 517,557 created / updated with the bosb command. fsck 517,518 & mount of /usr bosboo updates the boot record at the start of the disk, copies the SOFTROS from /u fsck & mount of /var 517,518 /boot/ , copies the boo utility, copycore, umount /var 517 copies the kernel from /uni , creates a copy of the swapon /dev/hd6 517 RAM FS from the list of les in /u RAM FS version of ODM copied to 517 /boot/ , and creates a base ODM.
/etc/objrepos mount /var Actual boot log written to (from RAM FS version) rc.boot 2 is nished Kernel changes root from RAM FS to disk Phase 3 RAM FS version of /dev copied to disk 517 517,518 517 553 553 553

Kernel invokes init from rootvg 553 Layout of a bootable disk init invokes rc.boot with hd5 shown. 553 3

fsck 517,518 & mount of /tmp The kernel loaded from hd5 (the BLV) is the kernel syncvg 517 -v ro the system will run under for the entirety of the Load streams modules 517 boot (until the system is shutdown or restarted). For Congure secondary dump device 517 this reason it is important to re-run bos every time that the kernel is updated or some boot-time cfgmgr (Normal) or cfgmgr 517, 521-529 -p2 -p3 kernel options are set. (Service) This is an abbreviated list of boot codes. cf Continued (alone) produces numerous display messages and potential error codes, far more than is practical to display here. Command reference: bosboot, bootlist

Error Logging

Write a message to the errlog AIX has three error logging and reporting methods; alog, errlog, and syslog. The alog is an extensible errlog collection of logs, but primarily is used for boot and Display the entire contents of the errlog console logging. errlog is used primarily for system errpt and hardware messages. syslog is the traditional Add -a or -A verbosity. for varying levels of logging method. Clear all entries from the errlog HMC managed systems will also have a log of errcle serviceable events relating to all systems on that Clear all entries from the errlog up to 7 days ago HMC. errcle Both errpt info on error ID FE2DEE00 and alog keep binary circular logs. For List this reason, neither requires the rotation process errpt that is used for syslog logs. The ID is from the IDENTIFIER column in er A curses based error log browser can be found output.

19 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

locally on the errbr page. Put a "tail" on the error log The AIX syslog.conf uses *.debug for all, not *.* errpt The following alog List all errors that happened today examples use the boot log as an example. These examples are transferable to any of errpt the other existing logs as well as those created in List all errors on hdisk0 addition to the AIX supplied logs. errpt To list details about the error log List all logs alog knows about /usr/l alog -L of the error log to 2 MB To change the size Dump the contents of the boot log to stdout /usr/l syslog alog -oto send all -t line messages to a log le b Send the current date to the boot log *.debu syslog date | line to send all messages to error log alog Increase the size of the boot log to twice the default. *.debu alog -C -t b Note: This changes the denition in the ODM, Command reference: alog, errpt, errlogger, the size will be applied the next time that the errdemon, errclear log is re-created. Clear the boot log rm /var/adm/ echo "boot l | alog -t b Find the current alog le size setting for the boot log odmget -q at SWservAt

WPAR

Create the rudra WPAR with default options WPARs (Workload PARtitions) are an AIX 6.1 feature that can be used to capture a process tree and lock mkwpar it into its own environment. An AIX system can host This command will pull the IP conguration for multiple WPARs that each appear to be nearly ruda from DNS. Naturally, rudra must be identical to a regular system. All processes in the dened in DNS for the global environment to WPAR are subject to the environment of that WPAR nd. such as devices, lesystems, congurations, and Start the rudra WPAR networking unique to that WPAR. startw There are two types of WPARs, system and Log into the console of rudra application. The key dierences are that a system clogin WPAR begins at the init WAPR with useful options process while an Create indra application WPAR begins at the application process mkwpar and the system WPAR has dedicated le systems -A = Start automatically on system boot. while the application may not. System WPARs can -npartition name. = Workload nam be "sparse" or "whole root" but it is the application -r = Copy global network name resolution WPAR that is most dierent from the other conguration into the workload partition. container implementations. -s = Start after creation. The hosting AIX system is called the "global -v = Verbose mode. environment". The key dierences in the global Create a WPAR on a dedicated VG environment is that it runs the kernel, owns the mkwpar devices, and can host WPARs. Signicant eort has -r -s been taken for the user environment of a WPAR to If a VG or other lesystem options are not be indistinguishable from the global environment. supplied then the lesystems for a system That said, the administrator needs to be aware of WPAR will be created from LVs on the ro . what environment she is in to perform various This command uses a dedicated VG called tasks. varuna . The /usr and /op lesystems will Because of the limited and contextually relevant still be shared with the global WPAR and administrative environment of a WPAR, some therefore will still come from roo but will commands behave dierently than others when run not take any additional space. If the -l option in a WPAR or the global environment. Generally was used in the above command then a new speaking, the more lower level the command, the /usr and /opt would have been created for

20 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

this WPAR using the specied VG. more appropriate it is to run in the global Create an additional fs on dedicated VG environment. One example of administration tasks most appropriate for the global environment is crfs device management commands. While a (system) -m /w WPAR has devices, the devices in a WPAR are much -a si dierent than those in the global environment. This command is run from the global WPARs are started from /etc/init environment. The mount point is within the with the varuna root lesystem (/wpa /etc/rc.wpar script, using the conguration ) so that information in /etc/wpars it can be seen by the varuna WPAR. The -u . By default, the root lesystems of sytem WPARs are varuna option species this fs as part of the created in /wpars/WPAR varuna mount group so that it will be mounted . The lesystems are when varuna starts. browsable by (properly permissioned) users of the Remove the varuna WPAR global environment. Users in a WPAR cannot see lesystems of other WPARs. rmwpar By default the /usr -s stops it rst, -p preserves the lesystems. (In , /opt , and /proc lesystems of a system WPAR are shared with the global this case we delete the underlying lesystems.) environment via a read-only "namefs" vfs type. Create a WPAR with mount options (/proc is mounted read-write in each of the mkwpar non-global WPARs.) As a result, software and updates cannot be applied to these read-only WPAR views of the lesystems from the WPAR. Filesystems that are local to the WPAR (such as /home , / , /tmp , and /var ) can be modied from within the WPAR. Examples in this section show the default read-only and alternate options for these lesystems. The mkwpa command in this example uses a Some options for system WPAR lesystems include: remote NFS share to host the lesystems for Using a dedicated VG or external NFS mount for this system WPAR. It also species that each of WPAR lesystems. (Unless otherwise specied, the regular mount points will instead be system WPAR lesystems are created from directories and not mounts. The resulting WPAR rootvg.) will have only two mount points, one for the / Using a single LV for all local lesystems. (The lesystem and one for the /pr lesystem. default lesystem layout is similar to traditional The NFS mount in this example must be root AIX installs in that it will be broken into multiple mountable by both the global environment and LVs / lesystems.) the system WPAR. An example of the actual Creating a dedicated (local copy) of the /usr (but temporary) NFS share is given in the NFS and section above. /opt le systems. (In the default lesystem setup List all /home , / , /tmp , and /varWPARs on the system are unique to the WPAR while /usrle and /opt are views on the actual lswpar systems in the global environment.) Default output will include Name, State, Type, Creating additional lesystems dedicated to the Hostname, and Directory. Valid types are S WPAR. (This can take the form of a NFS mount or a (System), A (Application) and C dedicated lesystem just for the WPAR.) (Checkpointable). A number of commands support a new -@ Determine if you are in global WPAR ag for WPAR related output. The required parameters and uname output of the -@ ag varies by command, and what This command will print 0 to stdout and return environment the command is run in (WPAR or 0 if in a global environment, and give non-zero global). values if in a system WPAR. Another method is A system WPAR is started and stopped much like a to look for the wio0 device in lsd output separate OS with the startwpar and stopwpar wio0 only exists in a system WPAR. List WPARs with (basic) network conguration commands. These act eectively as boot and shutdown operations. The shutdown will be the lswpar most familiar, while the boot operation is Change rudra WPAR to start on system boot signicantly dierent from booting a system. chwpar Instead of bootstrapping the system from a disk, List all processes in the indra WPAR from global the WPAR startup process involves bringing online ps -ef all the required lesystems, changing to that root List ports / connections for the global environment lesystem / environment, and then picking up the netsta boot process at init. (This is a simplistic treatment Run in global environmnet.

21 of 22

01/28/2013 10:57 AM

AIX QuickStart

http://www.tablespace.net/quicksheet/aix-quickstart.html

of the process designed to illustrate the dierence Stop WPAR rudra from global from a system boot of something like a LPAR in a stopwp virtualized environment.) Start apache in an application WPAR Application WPARs are not started like a system wparex WPAR. It is more appropriate to describe them as /usr/ being executed in a dierent context. Application In this example varuna is dened in DNS. WPARs can see the global environment lesystems Because the -h hostname ag is not used, the and devices, they inherit everything not explicitly will default to the WPAR name, and will pull IP set by the wparexec conguration from DNS for that host. Subnet command. The large majority mask, name resolution, and all other settings of examples and discussion in this section refer to will be inherited from the appropriate interface system WPARs. in the Global environment. The Solaris implementation of containers oers a command called zonename that tells what zone the Command reference: mkwpar, chwpar, lswpar, user is in. It works like the hostname command when run from a zone but returns the word "global" rmwpar, startwpar, stopwpar, wparexec, when run from the global environment. AIX provides rebootwpar, syncwpar, syncroot the uname to tell if you are in a WPAR or not. I -W have included the logic (script) to create a wparname command that tells if you are in a WPAR as well as the hostname of the WPAR (like the zonename command). #!/bin/sh

if (( `uname then echo "glo else hostname fi

Sample source of wparname command.

About this QuickStart

Created by: William Favorite (wfavorite@tablespace.net) Updates at: http://www.tablespace.net/quicksheet/ Disclaimer: This document is a guide and it includes no express warranties to the suitability, relevance, or compatibility of its contents with any specic system. Research any and all commands that you inict upon your command line. Distribution:Copies of this document are free to redistribute as long as credit to the author and tablespace.net is retained in the printed and electronic versions.

22 of 22

01/28/2013 10:57 AM