blog'o thnet

To content | To menu | To search

AIX

Entries feed - Comments feed

Saturday 6 August 2005

Details About SAN Disks and MPxIO Capabilities on a VIOS

By Julien Gabel on Saturday 6 August 2005, 23:31

Obtaining these sorts of particular and specific informations (such as MultiPath I/O status) from a Virtual I/O Server can be very easily achieved using the following one (long) line shell script, helped by the lsdev(1), lscfg(1) and lspath commands:

# for disk in `lsdev | grep hdisk | egrep  -v "SCSI Disk Drive|Raid1" | awk '{print $1}'`
> do
> lscfg -v -l ${disk} | egrep "${disk}|Manufacturer|Machine Type|ROS Level and ID|Serial Number|Part Number"
> echo "`lspath -H -l ${disk} | grep ${disk} | awk '{print\"\tMultiPath I/O (MPIO) status: \"$1\" on parent \"$3}'`"
> echo ""
> done

  hdisk3           U787B.001.DNW3897-P1-C3-T1-W5006048448930A41-L9000000000000  EMC Symmetrix FCP MPIO RaidS
        Manufacturer................EMC     
        Machine Type and Model......SYMMETRIX       
        ROS Level and ID............5670
        Serial Number...............9312A020
        Part Number.................000000000000510001000287
        MultiPath I/O (MPIO) status: Enabled on parent fscsi0
        MultiPath I/O (MPIO) status: Enabled on parent fscsi1

  hdisk4           U787B.001.DNW3897-P1-C3-T1-W5006048448930A41-LA000000000000  EMC Symmetrix FCP MPIO RaidS
        Manufacturer................EMC     
        Machine Type and Model......SYMMETRIX       
        ROS Level and ID............5670
        Serial Number...............9312E020
        Part Number.................000000000000510001000287
        MultiPath I/O (MPIO) status: Enabled on parent fscsi0
        MultiPath I/O (MPIO) status: Enabled on parent fscsi1
[...]

Pattern SCSI Disk Drive is excluded since it represents local SCSI disks, as well as pattern Raid1 because it is a view corresponding to parity disks (which are logical disks only used by SAN administrators).

no comment

Thursday 4 August 2005

Installation of Micro Focus Server Express 64-bit Edition

By Julien Gabel on Thursday 4 August 2005, 23:31

Installation of the Server Express Development System product

sh ./setup.sh

Mount the installation media:

# mkdir /cdrom
# mount -o ro -v cdrfs /dev/cd0 /cdrom

Run the setup script:

# cd /cdrom
# sh ./setup.sh
/* 
 * a) Answer y to the license agreement
 * b) Select 5 "IBM RS6000    running AIX 5.1/5.2/5.3                   32/64-bit"
 * c) Answer y to confirm this choice
 * d) Select 1 "Server Express Development System - 32/64-bit - PRN=RXCAK/AAL:9i.T4.40.02"
 * e) Answer y to confirm this choice
 * f) Select /opt/microfocus/cobol as the default directory name for this product
 * g) Answer y to create it
 * h) Answer y to continue
 * i) Answer return to list the environmental settings
 * j) Answer y to confirm this choice
 * k) Answer y to "Do you want to make use of COBOL and Java working together?"
 * l) Select 6 "1.4.2 64-bit"
 * m) Answer y to install Micro Focus LMF
 * n) Answer y to keep the default directory name for License Manager (/opt/microfocus/mflmf)
 * o) Answer y to confirm this choice
 * p) Answer y to "Do you want only superuser to be able to access the License Admin System?"
 * q) Answer y to "Do you want license manager to be automatically started at boot time?"
 * r) Answer 64 to "Please enter either 32 or 64 to set the system default mode"
 * s) Answer n to "Do you want to install the Enterprise Server Development System - J2EE, Web Services, etc.?"
 * t) Answer y to "Would you like to install any LMF licenses now?"
 * u) Select I to install the License Manager
 * v) Enter the Serial Number part of the License Key...
 * w) Enter the License Number part of the License Key...
 */

Unmount the installation media:

# cd
# umount /cdrom
# rmdir /cdrom

Post-installation phase

Ensure that the environment is set correctly to point the newly installed product:

COBDIR=/opt/microfocus/cobol
PATH=${COBDIR}/bin:${PATH}
LIBPATH=/usr/lib:${COBDIR}/lib:${LIBPATH}
export COBDIR PATH LIBPATH

Licensing

Note that the Server Express come with 5 run-time builtin licensing facilities. If more licenses are required (or if a standalone Application Server is necessary), you can set them as follow:

Server Express

# cd /opt/microfocus/mflmf
# stty -a | egrep "col|row"
speed 38400 baud; 24 rows; 80 columns   /* A terminal of 80x25 or 80x24 is MANDATORY!  Be warned. */
# TERM=vt220 ./mflmadm

Application Server

# cd /opt/microfocus/cobol/aslmf
# ./apptrack

License Manager

Verify that it is automatically loaded at boot time:

# lsitab mF        
mF:2345:wait:sh /etc/mflmrcscript > /dev/null 2>&1

Note: It can be monitored using the lmfgetpv tool found under /opt/microfocus/mflmf.

Please refer to the Micro Focus website for more information on these products.

no comment

Tuesday 2 August 2005

Installation and Configuration of the "C for AIX Compiler" (server and Client)

By Julien Gabel on Tuesday 2 August 2005, 23:31

To be able to use the C for AIX Compiler, a server-side license and configuration must done as well as a client-side installation. Here are the steps to achieve this goal.

  1. madre is the hostname of the AIX server on which to install the C for AIX Compiler (license and tools)

First, check the necessary AIX filesets (and install them accordingly):

# lslpp -l | egrep "vac|bos.rte |bos.adt.libm" | sort -u
  bos.adt.libm              5.3.0.10  COMMITTED  Base Application Development
  bos.rte                   5.3.0.10  COMMITTED  Base Operating System Runtime
  vac.C                      6.0.0.0  COMMITTED  C for AIX Compiler
  vac.C.readme.ibm           6.0.0.0  COMMITTED  C for AIX iFOR/LS Information
  vac.lic                    6.0.0.0  COMMITTED  C for AIX Licence Files

For simplicity purpose, the same packages will be installed on each of the server and the client for the C for AIX Compiler.

Note #1: the bos.* filesets can be found in the lpp source lpp_source530.

Note #2: the vac.* filesets can be found in the lpp source C_for_AIX_60.

Configuration of the license server: Concurrent Network License Server

Based on information found in the file /usr/vac/README.password:

Check for the necessary License Use Runtime filesets:

# lslpp -l | egrep "ifor" | sort -u
  bos.rte.ifor_ls            5.3.0.0  COMMITTED  iFOR/LS Libraries
  ifor_ls.base.cli          5.3.0.10  COMMITTED  License Use Management Runtime

To configure LUM, perform the following steps (based on the content of /usr/vac/cforaix_c.lic):

# cd /usr/opt/ifor/ls/os/aix/bin
# ./i4config
/*
 * Answer the LUM configuration questions as appropriate (configure a Concurrent Network license server):
 * a) Select 4 "Central Registry (and/or Network and/or Nodelock) License Server" on the first panel
 * b) Answer y to "Do you want this system be a Network License Server too?"
 * c) Answer n to "Do you want this system be a Nodelock License Server too?"
 * d) Answer n to "Do you want to disable remote administration of this Network License"
 * e) Select 2 "Direct Binding only"
 * f) Answer n to "Do you want to change the Network License Server ip port number?"
 * g) Answer n to "Do you want to change the Central Registry License Server ip port number?"
 * h) Select 1 "Default" as the desired server(s) logging level
 * i) Enter blank to accept the default path for the default log file(s)
 * j) Answer y to the Network Server question "Do you want to modify the list of remote Nodelock and/or
 *    Network License Servers this system can connect to in direct binding mode (both for Administration purposes and for
 *    working as Network License Client)?"
 * k) Select 3 "Create a new list" to the direct binding list menu
 * l) Enter the hostname, without the domain, of the system you are configuring LUM when prompted for the "Server network
 *    name(s)", for example: madre
 * m) Answer n to "Do you want to change the default ip port number?"
 * n) Select 1 "preserve the current list" to the direct binding list menu
 * o) Answer y to "Do you want the License Server(s) automatically start on this system at boot time?"
 * p) Answer y to continue the configuration setup and write the updates to the i4ls.ini file
 * q) Answer y to "Do you want the License Server(s) start now?"
 */

The Concurrent Network license certificate is contained in the file /usr/vac/cforaix_c.lic. To enroll a license certificate:

# cd /usr/opt/ifor/ls/os/aix/bin
# ./i4blt -a \
          -v "'IBM Software Solutions Toronto' 5da54a553b4c.02.09.15.31.05.00.00.00 p9gb3ycs6ydpw" \
          -p "'C for AIX' '6.0.c' bcmefhz6zkdmdaaxe524si3kbgb2zwxsaqskixs222 " \
          -T 1 \
          -R "DSI/ASP/SUT"
i4blt Version 4.6.8 AIX -- LUM Basic License Tool
(c) Copyright 1995-2004, IBM Corporation, All Rights Reserved
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
(c) Copyright 1991-1997 Gradient Technologies Inc., All Rights Reserved
(c) Copyright 1991,1992,1993, Hewlett-Packard Company, All Rights Reserved

ADM-10099: Product successfully enrolled

After enrolling a concurrent-network certificate, the licenses must be distributed to one or more LUM license servers (only for Concurrent-Network Certificate Enrollment):

# ./i4blt -E \
          -n madre \
          -v "'IBM Software Solutions Toronto'" \
          -p "'C for AIX' '6.0.c'" \
          -A 1 \
          -w "madre"
i4blt Version 4.6.8 AIX -- LUM Basic License Tool
(c) Copyright 1995-2004, IBM Corporation, All Rights Reserved
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
(c) Copyright 1991-1997 Gradient Technologies Inc., All Rights Reserved
(c) Copyright 1991,1992,1993, Hewlett-Packard Company, All Rights Reserved

ADM-10723: The license was successfully distributed.

Client configuration to access to the License and Central Registry servers

To configure a LUM Network Client, perform the following steps:

# cd /usr/opt/ifor/ls/os/aix/bin
# ./i4config
/*
 * a) Answer y to "Do you want to terminate them NOW?"
 * b) Select 1 "Network License Client" on the first panel
 * c) Answer y to "Do you want this system be a Network License Server too?"
 * d) Select 2 "Direct Binding only"
 * e) Select 3 "Create a new list" to the direct binding list menu
 * f) Enter the "Server network name(s)", for example: madre
 * g) Enter the "Please specify the Central Registry License Server name", for example: madre
 * h) Answer n to "Do you want to change the default ip port number?" (to locate License Servers)
 * i) Answer n to "Do you want to change the default ip port number?" (to locate the Central Registry License)
 * j) Select 1 "preserve the current list" to the direct binding list menu
 * k) Answer y to continue the configuration setup and write the updates to the i4ls.ini file
 */

Verify the license configuration... say, on the client side for example:

# TERM=vt220 smitty
/*
 * Software License Management
 *  Show Available License Servers
i4tv Version 4.6.8 AIX -- LUM Test and Verification Tool
(c) Copyright 1995-2004, IBM Corporation, All Rights Reserved
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
(c) Copyright 1991-1997, Gradient Technologies Inc., All Rights Reserved
(c) Copyright 1991,1992,1993, Hewlett-Packard Company, All Rights Reserved

Completed license transaction on node  ce3a0c51 running LUM  4.6.8 AIX
Active License Servers:
    ip:madre.dev.example.com (IBM/AIX) running LUM 4.6.8 AIX
Active Central Registry License Server:
    ip:madre.dev.example (IBM/AIX) running LUM 4.6.8 AIX
 */

no comment

Monday 11 July 2005

Memo About Some Very Interesting CLI Tools

By Julien Gabel on Monday 11 July 2005, 23:31

Boot disk configuration

After verifying there are two disks in the boot list...

# bootlist -m normal -o
hdisk0
hdisk1

... verify and create a boot image on the second mirrored boot disk:

# bosboot -vd hdisk1 && bosboot -ad hdisk1

How to know on which disk the OS has booted (bootblock used and kernel loaded):

# bootinfo -b
hdisk0

How to know on which mode the OS has booted (kernel in 32-bit or 64-bit):

# bootinfo -K
64

If there is some problem booting on one disk, be sure that the corresponding raw device are the same device as ipldevice:

# bootinfo -b
hdisk0
#
# ls -ilF /dev/ipldevice /dev/rhdisk0
 8231 crw-------   2 root     system       17,  0 Apr 21 14:37 /dev/ipldevice
 8231 crw-------   2 root     system       17,  0 Apr 21 14:37 /dev/rhdisk0

VM information vs. ODM information

Assuming the following mounted file system:

# mount
  node       mounted        mounted over    vfs       date        options      
-------- ---------------  ---------------  ------ ------------ --------------- 
[...]
         /dev/fslv07      /files/tmpcdinst jfs2   Jun 27 10:14 rw,log=/dev/loglv01

Here are the corresponding information found in the ODM:

# odmget -q "name=fslv07 and attribute=type" CuAt 

CuAt:
        name = "fslv07"
        attribute = "type"
        value = "jfs2"
        type = "R"
        generic = "DU"
        rep = "s"
        nls_index = 639

This can be compared with the status returned by the lsvg command:

# lsvg -l colombvg
colombvg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
[...]
fslv07              jf2        280   280   2    open/syncd    /files/tmpcdinst

More on this particular subject in the story Export and Import a Volume Group... When Things Goes the Wrong Way.

Get the ODM volume group information for a given disk:

# lqueryvg -p hdisk0 -Avt
Max LVs:        256
PP Size:        27
Free PPs:       0
LV count:       12
PV count:       2
Total VGDAs:    3
Conc Allowed:   0
MAX PPs per PV  1016
MAX PVs:        32
Conc Autovaryo  0
Varied on Conc  0
Logical:        00ce3a0c00004c000000010364ba67bc.1   hd5 1  
                00ce3a0c00004c000000010364ba67bc.2   hd6 1  
                00ce3a0c00004c000000010364ba67bc.3   hd8 1  
                00ce3a0c00004c000000010364ba67bc.4   hd4 1  
                00ce3a0c00004c000000010364ba67bc.5   hd2 1  
                00ce3a0c00004c000000010364ba67bc.6   hd9var 1  
                00ce3a0c00004c000000010364ba67bc.7   hd3 1  
                00ce3a0c00004c000000010364ba67bc.8   hd1 1  
                00ce3a0c00004c000000010364ba67bc.9   hd10opt 1  
                00ce3a0c00004c000000010364ba67bc.10  loglv00 1  
                00ce3a0c00004c000000010364ba67bc.11  fslv00 1  
                00ce3a0c00004c000000010364ba67bc.12  fslv04 1  
Physical:       00ce3a0c64ba5da3                2   0  
                00ce3a0c8df2265d                1   0  
VGid:           00ce3a0c00004c000000010364ba67bc
Total PPs:      158
LTG size:       128
HOT SPARE:      0
AUTO SYNC:      0
VG PERMISSION:  0
SNAPSHOT VG:    0
IS_PRIMARY VG:  0
PSNFSTPP:       4352
VARYON MODE:    0
VG Type:        0
Max PPs:        32512

Operating system general status and information

Gather system configuration information:

# snap -r    /* Remove snap command output from the /tmp/ibmsupt directory. */
# snap -ac   /* Creates a compressed pax image (snap.pax.Z file) of all files
                in the /tmp/ibmsupt. */

This tool can be compared to the explorer (known as the SUNWexplo package) on Sun Solaris OE.

About starting services at boot time

List the content of the inittab file:

# lsitab -a   /* Use this command instead of `cat /etc/inittab`. */

Create a new file system

Create a new Enhanced Journaled File System in the the colombvg volume group with a size of 5 gigabytes in read-write mode, using the mount point /files/ddaeurd1/DATA and being automatically mounted at boot time:

# crfs -v jfs2 -g colombvg -a size=5G -m /files/ddaeurd1/DATA -p rw -A yes

no comment

Wednesday 6 July 2005

Export and Import a Volume Group... When Things Goes the Wrong Way

By Julien Gabel on Wednesday 6 July 2005, 23:31

  1. nordika is the hostname of the LPAR... which is a VIOC too
  2. nordikavg is the name of volume group which resides on the SAN disks impacted by the export/reimport

Assuming that we want to migrate, on a VIOC, one or more currently SAN disks attached on a local fibre channel adapter to the same one or more SAN disks but now presented as SCSI storage media, seen -- this time -- through a VIOS.

Here is the logical steps to follow... when all things doesn't work as expected (real life example)!

Get the list of the physical and logical volumes corresponding to the volume group:

# lsvg -p nordikavg
nordikavg:
PV_NAME           PV STATE          TOTAL PPs   FREE PPs    FREE DISTRIBUTION
hdisk2            active            269         0           00..00..00..00..00
hdisk3            active            269         0           00..00..00..00..00
hdisk4            active            269         0           00..00..00..00..00
hdisk5            active            269         115         07..00..00..54..54
hdisk6            active            269         269         54..54..53..54..54
#
# lsvg -l nordikavg       
nordikavg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
loglv01             jfs2log    1     1     1    open/syncd    N/A
fslv01              jfs2       480   480   2    open/syncd    /files/tables_oragl
fslv02              jfs2       80    80    2    open/syncd    /files/oracle
fslv03              jfs2       40    40    1    open/syncd    /files/tempo_oragl
fslv05              jfs2       40    40    1    open/syncd    /files/redologs_oragl
fslv06              jfs2       40    40    1    open/syncd    /files/system_oragl
fslv07              jfs2       280   280   2    open/syncd    /files/tmpcdinst

Unmount the already mounted file systems:

# umount /files/tables_oragl
# umount /files/oracle
# umount /files/tempo_oragl
# umount /files/redologs_oragl
# umount /files/system_oragl
# umount /files/tmpcdinst

Deactivate a volume group and export the definition of a volume group from a set of physical volumes:

# varyoffvg nordikavg
# exportvg nordikavg

Having verified that there is no physical volumes in the desired volume group using lspv, remove them from the devices list with the corresponding adapter:

# rmdev -l hdisk2 -Rd
# rmdev -l hdisk3 -Rd
# rmdev -l hdisk4 -Rd
# rmdev -l hdisk5 -Rd
# rmdev -l hdisk6 -Rd
#
# lsslot -c slot
# rmdev -l pci2 -Rd

We assume that the fibre channel adapter is now seen through a VIOS: it is not shown here how to dynamically move it from the LPAR to the VIOS and allocate the PVs to a particular VIOC, i.e. nordika in our case.

Make the new disks available to the OS and verify that the presented LUNs are the right ones:

# cfgmgr
# lscfg -l hdisk2
  hdisk2           U9113.550.65E3A0C-V5-C5-T1-L830000000000  Virtual SCSI Disk Drive
# lscfg -l hdisk3
  hdisk3           U9113.550.65E3A0C-V5-C5-T1-L840000000000  Virtual SCSI Disk Drive
# lscfg -l hdisk4
  hdisk4           U9113.550.65E3A0C-V5-C5-T1-L850000000000  Virtual SCSI Disk Drive
# lscfg -l hdisk5
  hdisk5           U9113.550.65E3A0C-V5-C5-T1-L860000000000  Virtual SCSI Disk Drive
# lscfg -l hdisk6
  hdisk6           U9113.550.65E3A0C-V5-C5-T1-L870000000000  Virtual SCSI Disk Drive

Generally, we just have to import the nordikavg volume group, activate it, mount the file systems on it and... enjoy. Since we encountered a problem during the import (the information between the VM and the ODM seems not synchronized accordingly), here are the steps we follow to recover the situation.

Reimport the volume group, redefine the set of PVs of the given VG in the device configuration database and activate it:

# importvg colombvg               /* Ooops... something goes wrong here! */
# redefinevg -d hdisk2 colombvg   /* One disk is sufficient to get the volume group information back. */
# varyonvg colombvg

Ok, the PVs are back in the configuration but not the type of the LVs, according to:

# lsvg -l nordikavg
nordikavg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
loglv01             ???        1     1     1    open/syncd    N/A
fslv01              ???        480   480   2    open/syncd    /files/tables_oragl
fslv02              ???        80    80    2    open/syncd    /files/oracle
fslv03              ???        40    40    1    open/syncd    /files/tempo_oragl
fslv05              ???        40    40    1    open/syncd    /files/redologs_oragl
fslv06              ???        40    40    1    open/syncd    /files/system_oragl
fslv07              ???        280   280   2    open/syncd    /files/tmpcdinst

Synchronize or rebuild the logical volume control block, the device configuration database and the volume group descriptor areas on the PVs:

# synclvodm -v -P nordikavg
synclvodm: Physical volume data updated.
synclvodm: Logical volume loglv01 updated.
synclvodm: Logical volume fslv01 updated.
synclvodm: Logical volume fslv02 updated.
synclvodm: Logical volume fslv03 updated.
synclvodm: Logical volume fslv05 updated.
synclvodm: Logical volume fslv06 updated.
synclvodm: Logical volume fslv07 updated.
#
# lsvg -l nordikavg
nordikavg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
loglv01             jfs2log    1     1     1    open/syncd    N/A
fslv01              jfs2       480   480   2    open/syncd    /files/tables_oragl
fslv02              jfs2       80    80    2    open/syncd    /files/oracle
fslv03              jfs2       40    40    1    open/syncd    /files/tempo_oragl
fslv05              jfs2       40    40    1    open/syncd    /files/redologs_oragl
fslv06              jfs2       40    40    1    open/syncd    /files/system_oragl
fslv07              jfs2       280   280   2    open/syncd    /files/tmpcdinst

Create complete boot image and device (in order to keep the type of LVs persistent across reboot):

# bosboot -a

bosboot: Boot image is 23377 512 byte blocks.

Mount the file systems and... enjoy :)

# mount /files/tables_oragl
# mount /files/oracle
# mount /files/tempo_oragl
# mount /files/redologs_oragl
# mount /files/system_oragl
# mount /files/tmpcdinst

no comment

Saturday 18 June 2005

Use the NIS and NFS Infrastructure on AIX 5L

By Julien Gabel on Saturday 18 June 2005, 11:39

Here are the steps to be able to use the current NIS and NFS infrastructure from an AIX server:

# cat /etc/resolv.conf  
domain          dev.example.com
nameserver      10.239.208.24
nameserver      10.251.140.96
search          dev.example.com int.example.com prod.example.com
#
# TERM=vt220 smitty
/*
 * Communications Applications and Services
 *  TCP/IP
 *   Further Configuration
 *    Name Resolution
 *     Hosts Table (/etc/hosts)
 *      Add a Host
 *       INTERNET ADDRESS (dotted decimal)               [10.254.234.22]
 *       HOST NAME                                       [neptune.dev.example.com]
 *       ALIAS(ES) (if any - separated by blank space)   [neptune]
 *       COMMENT (if any - for the host entry)           [NIS server for domain devex]
 *  NFS
 *   Network Information Service (NIS)
 *    Configure / Modify NIS
 *     Change NIS Domain Name of this Host
 *      Domain name of this host                        [devex]
 *     Configure this Host as a NIS Client
 *      NIS server - required if there are              [neptune]
 *   Network File System (NFS)
 *    Configure NFS on This System
 *     Start Automounter
 *      PARAMETERS to be used for the automount daemon  [-n]
 */

Launch the automountd at run-level #2:

# cat << EOF > /etc/rc.d/rc2.d/Sautomountd
#!/usr/bin/env ksh
#################################################################
# name: {K|S}automountd
# purpose: script that will start or stop the automountd service.
#################################################################

case "$1" in
start)
  /usr/sbin/automount -n
  ;;
stop)
  stopsrc -g autofs
  ;;
*)
  echo "Usage: $0 {start|stop}"
  exit 1
esac

exit 0
EOF
# ln /etc/rc.d/rc2.d/Sautomountd /etc/rc.d/rc2.d/Kautomountd
# chmod 754 /etc/rc.d/rc2.d/?automountd

In the same time, modify the automountd service to add some arguments that must be passed to the program. This is a necessary step to be able to automount the correct remote path using our customized autofs server. Here is how to do so:

# chssys -s automountd -a "-DOSNAME=`uname -s` -DCPU=`uname -p` -DNATISA=`bootinfo -K` -DOSREL=`uname -v`.`uname -r`"
# stopsrc -g autofs
# /usr/sbin/automount -n

Very important

To resolve information correctly, it was needed to explicitly specify the ordering of name resolution and hosts setting in /etc/netsvc.conf. This file corresponds to /etc/nsswitch.conf under Solaris, GNU/Linux or the BSDs for hosts name resolution. For example:

# cat << EOF >> /etc/netsvc.conf
hosts = local, nis, bind
EOF

no comment

Thursday 16 June 2005

How to Add a New "tsmsched" Service on AIX 5L

By Julien Gabel on Thursday 16 June 2005, 11:39

Create the tsmsched service:

# mkssys -p /usr/bin/dsmc \   /* Absolute path to the subsystem executable
                                 program. */
         -s tsmsched \        /* Name that uniquely identifies the subsystem. */
         -u 0 \               /* User id for the subsystem. */
         -a sched \           /* Arguments to be passed to the command. */
         -e /dev/console \    /* Where the subsystem standard error data is
                                 placed. */
         -i /dev/console \    /* Where the subsys. standard input is routed. */
         -o /dev/console \    /* Where the subsys. standard output is placed. */
         -R \                 /* Subsystem is restarted if the subsystem stops
                                 abnormally. */
         -Q \                 /* Multiple instances of the subsystem are not
                                 allowed to run at the same time. */
         -S \                 /* Subsystem uses the signals communication
                                 method. */
         -f 9 \               /* Signal sent to the subsystem when a forced
                                 stop of the subsystem is requested. */
         -n 15 \              /* Signal sent to the subsystem when a normal
                                 stop of the subsystem is requested. */
         -E 20 \              /* Execution priority of the subsystem. */
         -G tsm \             /* Subsystem belongs to the group specified. */
         -d \                 /* Inactive subsystems are displayed when the
                                 lssrc -a command request is made. */
         -w 20                /* Time, in seconds, allowed to elapse between a
                                 stop cancel (SIGTERM) signal and a subsequent
                                 SIGKILL signal. */

Check the service's configuration:

# lssrc -S -s tsmsched
#subsysname:synonym:cmdargs:path:uid:auditid:standin:standout:standerr:action:multi:contact:svrkey:svrmtype:\
 priority:signorm:sigforce:display:waittime:grpname:
tsmsched::sched:/usr/bin/dsmc:0:0:/dev/console:/dev/console:/dev/console:-R:-Q:-S:0:0:\
 20:15:9:-d:20:tsm:

Or directly querying the ODM internal database:

# odmget -q subsysname=tsmsched SRCsubsys

SRCsubsys:
        subsysname = "tsmsched"
        synonym = ""
        cmdargs = "sched"
        path = "/usr/bin/dsmc"
        uid = 0
        auditid = 0
        standin = "/dev/console"
        standout = "/dev/console"
        standerr = "/dev/console"
        action = 1
        multi = 0
        contact = 2
        svrkey = 0
        svrmtype = 0
        priority = 20
        signorm = 15
        sigforce = 9
        display = 1
        waittime = 20
        grpname = "tsm"

Start the new service:

# startsrc -s tsmsched

Launch the TSM scheduler at run-level #2:

# cat << EOF > /etc/rc.d/rc2.d/Stsmsched
#!/usr/bin/env ksh
###############################################################
# name: {K|S}tsmsched
# purpose: script that will start or stop the tsmsched service.
###############################################################

case "$1" in
start)
  startsrc -g tsm
  ;;
stop)
  stopsrc -g tsm
  ;;
*)
  echo "Usage: $0 {start|stop}"
  exit 1
esac

exit 0
EOF
# ln /etc/rc.d/rc2.d/Stsmsched /etc/rc.d/rc2.d/Ktsmsched
# chmod 744 /etc/rc.d/rc2.d/?tsmsched

no comment

Tuesday 14 June 2005

How to Add a New "sshd_adm" Service on AIX 5L

By Julien Gabel on Tuesday 14 June 2005, 11:39

Create the sshd_adm service:

# mkssys -p /usr/sbin/sshd \   /* Absolute path to the subsystem executable
                                  program. */
         -s sshd_adm \         /* Name that uniquely identifies the subsys. */
         -u 0 \                /* User id for the subsystem. */
         -a "-D -f /etc/ssh/sshd_config_adm" \   /* Arguments that must be
                                                    passed to the command. */
         -e /dev/console \     /* Where the subsystem standard error data is
                                  placed. */
         -i /dev/console \     /* Where the subsys. standard input is routed. */
         -o /dev/console \     /* Where the subsys. standard output is placed. */
         -R \                  /* Subsystem is restarted if the subsystem stops
                                  abnormally. */
         -Q \                  /* Multiple instances of the subsystem are not
                                  allowed to run at the same time. */
         -S \                  /* Subsystem uses the signals communication
                                  method. */
         -f 9 \                /* Signal sent to the subsystem when a forced
                                  stop of the subsystem is requested. */
         -n 15 \               /* Signal sent to the subsystem when a normal
                                  stop of the subsystem is requested. */
         -E 20 \               /* Execution priority of the subsystem. */
         -G ssh \              /* Subsystem belongs to the group specified. */
         -d \                  /* Inactive subsystems are displayed when the
                                  lssrc -a command request is made. */
         -w 20                 /* Time, in seconds, allowed to elapse between a
                                  stop cancel (SIGTERM) signal and a subsequent
                                  SIGKILL signal. */

Check the service's configuration:

# lssrc -S -s sshd_adm                   
#subsysname:synonym:cmdargs:path:uid:auditid:standin:standout:standerr:action:multi:contact:svrkey:svrmtype:\
 priority:signorm:sigforce:display:waittime:grpname:
sshd_adm::-D -f /etc/ssh/sshd_config_adm:/usr/sbin/sshd:0:0:/dev/console:/dev/console:/dev/console:-R:-Q:-S:0:0:\
20:15:9:-d:20:ssh:

Or directly querying the ODM internal database:

# odmget -q subsysname=sshd_adm SRCsubsys

SRCsubsys:
        subsysname = "sshd_adm"
        synonym = ""
        cmdargs = "-D -f /etc/ssh/sshd_config_adm"
        path = "/usr/sbin/sshd"
        uid = 0
        auditid = 0
        standin = "/dev/console"
        standout = "/dev/console"
        standerr = "/dev/console"
        action = 1
        multi = 0
        contact = 2
        svrkey = 0
        svrmtype = 0
        priority = 20
        signorm = 15
        sigforce = 9
        display = 1
        waittime = 20
        grpname = "ssh"

Create (copy) the sshd_adm configuration file:

# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_adm

Edit and modify the sshd and sshd_adm configuration files according to:

# diff -c /etc/ssh/sshd_config /etc/ssh/sshd_config_adm
*** /etc/ssh/sshd_config        Tue Jul  5 13:36:44 2005
--- /etc/ssh/sshd_config_adm    Tue Jul  5 13:36:44 2005
***************
*** 11,16 ****
--- 11,17 ----
  # default value.
  
  #Port 22
+ Port 77
  #Protocol 2,1
  #ListenAddress 0.0.0.0
  #ListenAddress ::
***************
*** 34,46 ****
  
  #LoginGraceTime 2m
  #PermitRootLogin yes
- PermitRootLogin no
  #StrictModes yes
  
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  #AuthorizedKeysFile   .ssh/authorized_keys
- AuthorizedKeysFile    /var/.ssh/%u/authorized_keys
  
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
--- 35,45 ----
***************
*** 77,82 ****
--- 76,82 ----
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
+ X11Forwarding yes
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PrintMotd yes

Start the new service and restart the old one:

# stopsrc -g ssh
# startsrc -g ssh

Here, the same sshd binary is used for the two services sshd and sshd_adm. There is no need to dissociate them (as on GNU/Linux or Solaris for ps(1) listings) since the lssrc command can do that more easily.

Because sshd and sshd_adm are in the same group of service, there is no need to add anything else to be able to start sshd_adm at run-level #2:

# ls -l /etc/rc.d/rc?.d/*ssh*
-r-xr-xr-x   1 root     system          307 Apr 29 17:46 /etc/rc.d/rc2.d/Ksshd
-r-xr-xr-x   1 root     system          308 Apr 29 17:46 /etc/rc.d/rc2.d/Ssshd

no comment

Friday 10 June 2005

How to Patch an AIX 5L System

By Julien Gabel on Friday 10 June 2005, 11:39

On a fresh AIX 5.3ML1 (the corresponding output of oslevel -r is 5300-01), a bug was encountered when trying to change the NIS password of a remote user with yppasswd(1): the command systematically dumped core.

Opening a soft call at the IBM support center leads to patch the system with the APAR IY66747 (memory fault in chpass_netgroup). The fix package contains 19 filesets for a total package size of 54,464,512 bytes. After downloading it from IBM Fix Central (which can be found at http://www-912.ibm.com/eserver/support/fixes/), all the .bff were stored in a temporary location /files/tmpcdinst/IY66747 which was NFS mounted in order to reduce needed space on each concerned host.

The System Management Interface Tool (SMIT) recognizes /usr/sys/inst.images as the default directory for fixes downloaded onto hard disk. This was not the case here!

Here are the steps to install the fix package:

# cd /files/tmpcdinst/IY66747
# inutoc
# TERM=vt220 smitty update_all
/*
 * INPUT device / directory for software               [.]
 *  SOFTWARE to update                                  _update_all
 *  PREVIEW only? (update operation will NOT occur)     no
 *  COMMIT software updates?                            no
 *  SAVE replaced files?                                yes
 *  AUTOMATICALLY install requisite software?           yes
 *  EXTEND file systems if space needed?                yes
 *  VERIFY install and check file sizes?                no
 *  DETAILED output?                                    no
 *  Process multiple volumes?                           yes
 *  ACCEPT new license agreements?                      yes
 *  PREVIEW new LICENSE agreements?                     no
 */

Verify that the fix package applied correctly:

# instfix -ik IY66747
    All filesets for IY66747 were found.

Then, here is the correct behavior of the freshly patched system:

# yppasswd jpeg
Old NIS password:
jpeg's New password:
Re-enter jpeg's new password:
NIS passwd changed on neptune

All seems ok!

Side note: Since smitty update_all need to issue the bosboot command at the end of the update, a reboot is mostly recommended!

no comment

page 2 of 2 -