Aix6+quick+ref+sheet

AIX QuickStart

Main Page -> QuickSheets -> AIX QuickStart

AIX QuickStart
Version 1.0.0
Date: 11/2/9

This document is written based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX.

Overview

Design Philosophy

• AIX is primarily a tool-managed Unix. While • Both System P hardware and AIX are heavily
some Unices have a file-managed interface, AIX geared towards virtualization. AIX is practically a
tends to use stanza files and ODM databases as para-virtualized environment in how well it is
data stores for configuration options. This makes integrated with the System P virtualization
many configuration options rather difficult or technologies. At the user level, all performance
simply impossible with just a text editor. The AIX and management commands have been modified
alternative is to leverage an expansive set of to account for differences that occur in a
specialized tools for all configuration options. virtualized environment. Despite and because of
• AIX is well integrated with System P hardware. these changes, a virtualized environment is
As typical with big-Unix implementations, AIX has virtually indistinguishable from a non-virtualized
a tight integration with the hardware it runs on. environment to the user.
The result of this integration is an OS that not • AIX has a stable interface. While the
only provides extensive diagnosis and reporting of management tools and style of those tools has not
hardware issues, but also is designed to exploit changed within AIX for over a decade, the
numerous hardware features. IBM extends this technologies supported by AIX has grown
integration even more by allowing AIX insight into considerably. This is a significant feature of AIX in
the virtualization layer with abilities like virtual that it introduces new technologies within a
processor folding. consistent, approachable, and well designed
• IBM tends to lead with hardware and follow with interface.
the OS. Major releases of the OS tend to coincide • The LVM integration with AIX is thorough and
with new hardware features and leverage those mature. From the install, management, and
advances in the hardware. While other Unices may maintenance every aspect of LVM design dovetails
take a software-centric approach to a solution, into other components of the OS, firmware, and
IBM tends to rely upon all layers of the system to hardware to create an unparalleled environment.
an end. One good example of this is the maturity It is for this reason that AIX systems are more
and depth of virtualization technologies that likely to be SAN booted and less likely to have 3rd
permeate the System P product line. party LVM products layered on top than other
• Commands in AIX generally follow a verb-noun Unices.
syntax. The verbs tend to be ls (list), mk (make), • A central focus of IBM design has been on RAS
rm (remove), and ch (change). The nouns vary by features. Particularly with Power 6 systems, IBM
the target area such as dev, fs, vg, and ps. Even has designed extensive error detection and
many of the odd-named variants follow a similar recovery into the products. AIX is just one
syntax such as crfs, reducevg, and installp. enabling component to this end. All systems from
CPU, memory, I/O busses, to system processes
are considered and accounted for in this design.

Acronyms & Definitions

http://www.tablespace.net/quicksheet/aix-quickstart.html (1 of 24)11/3/2009 8:35:23 AM

AIX QuickStart

CoD - Capacity on Demand. The ability to add MSPP - Multiple Shared Processor Pools. This is a
compute capacity in the form of CPU or memory capability introduced in Power 6 systems that
to a running system by simply activating it. The allows for more than one SPP.
resources must be pre-staged in the system prior NIM - Network Installation Management / Network
to use and are (typically) turned on with an Install Manager (IBM documentation refers to both
activation key. There are several different pricing expansions of the acronym.) NIM is a means to
models for CoD. perform remote initial BOS installs, and manage
DLPAR - Dynamic Logical Partition. This was used software on groups of AIX systems.
originally as a further clarification on the concept ODM - Object Data Manager. A database and
of an LPAR as one that can have resources supporting methods used for storing system
dynamically added or removed. The most popular configuration data in AIX. See the ODM section for
usage is as a verb; ie: to DLPAR (add) resources additional information.
to a partition. PP - Physical Partition. An LVM concept where a
HEA - Host Ethernet Adapter. The physical port of disk is divided into evenly sized sections. These PP
the IVE interface on some of the Power 6 systems. sections are the backing of LPs (Logical Partitions)
A HEA port can be added to a port group and that are used to build volumes in a volume group.
shared amongst LPARs or placed in promiscuous See the LVM section for additional information.
mode and used by a single LPAR. (See IVE) PV - Physical Volume. A PV is an LVM term for an
HMC - Hardware Management Console. An entire disk. One or more PVs are used to construct
"appliance" server that is used to manage Power a VG (Volume Group). See the LVM section for
4, 5, and 6 hardware. The primary purpose is to additional information.
enable / control the virtualization technologies as PVID - Physical Volume IDentifier. A unique ID
well as provide call-home functionality, remote that is used to track disk devices on a system.
console access, and gather operational data. This ID is used in conjunction with the ODM
IVE - Integrated Virtual Ethernet. The capability to database to define /dev directory entries. See the
provide virtualized Ethernet services to LPARs LVM section for additional information.
without the need of VIOS. This functionality was SMIT - System Management Interface Tool. An
introduced on several Power 6 systems. extensible X Window / curses interface to
IVM - Integrated Virtualization Manager. This is a administrative commands. See the SMIT section
management interface that installs on top of the for additional information.
VIOS software that provides much of the HMC SPOT - Shared Product Object Tree. This is an
functionality. It can be used instead of a HMC for installed copy of the /usr file system. It is used in
some systems. It is the only option for a NIM environment as a NFS mounted resource to
virtualization management on the blades as they enable remote booting and installation.
cannot have HMC connectivity. SPP - Shared Processor Pool. This is an
LHEA - Logical Host Ethernet Adapter. The virtual organizational grouping of CPU resources that
interface of a IVE in a client LPAR. These allows caps and guaranteed allocations to be set
communicate via a HEA to the outside / physical for an entire group of LPARs. Power 5 systems
world. (See IVE) have a single SPP, Power 6 systems can have
LPAR - Logical Partition. This is a collection of multiple.
system resources (CPU, Memory, I/O adapters) VG - Volume Group. A collection of one or more
that can host an operating system. To the PVs (Physical Volumes) that have been divided
operating system this collection of resources into PPs (Physical Partitions) that are used to
appears to be a complete physical system. Some construct LVs (Logical Volumes). See the LVM
or all of the resources on a LPAR may be shared section for additional information.
with other LPARs in the physical system. VGDA - Volume Group Descriptor Area. This is a
LV - Logical Volume. A collection of one or more region of each PV (Physical Volume) in a VG
LPs (Logical Partitions) in a VG (Volume Group) (Volume Group) that is reserved for metadata that
that provide storage for filesystems, journal logs, is used to describe and manage all resources in
paging space, etc... See the LVM section for the VG. See the LVM section for additional
additional information. information.
LVCB - Logical Volume Control Block. A LVM
structure, traditionally within the LV, that contains
metadata for the LV. See the LVM section for
additional information.
MES - Miscellaneous Equipment Specification. This
is a change order to a system, typically in the
form of an upgrade. A RPO MES is for Record
Purposes Only. Both specify to IBM changes that
are made to a system.


AIX QuickStart

Disks, LVM, & Filesystems

Concepts

• LVM (Logical Volume Manager) is the ever- • The ODM is central to managing off-disk LVM
present disk and volume management framework structures and physical device to hdisk mappings.
for AIX. The level of integration is visible not only When a VG is created or imported this information
in fileystem commands that understand the is added to the ODM as well as other system files
underlying LVM, but in other, higher level, such as /etc/filesystems.
commands like the install and backup utilities that • AIX LVM supports several versions of VGs that
can optionally grow filesytems when necessary. have been introduced over the lifetime of the
• Physical disks (hdisks) are placed under LVM product. The VG types are normal, big, and
control by adding them to a VG (volume group). scalable. Normal VGs were the original creation and
Within LVM, these disks are referred to as PVs are more limited than the big or scalable types. The
(Physical Volumes). easiest way to tell the type of an existing VG is to
• Each PV in a VG contains a unique ID called a look at the Max PV value for the VG (see example
PVID. The PVID of a disk is used to track all disks in the next section).
in a VG, but also provides a device name
VG Type mkvg Max Max Max Notes
independence that makes importing, exporting, option PV LV PP
and disk management much simpler. Because the
unique characteristics of the disk become the Legacy 32 256 3512 Can be
converted
identifier, the device name remains consistent but
to Big VG
does not need to as (properly) renaming /
reordering disks under LVM control is of little Big -B 128 512 130048 LVCB data
consequence. is stored in
the head of
• Once a hdisk is placed into a VG it is divided into
the data
PP (Physical Partitions). PPs are then used to area in the
create LVs (Logical Volumes). An additional layer LV
of abstraction is placed between an LV and a PP
Scalable -S 1024 4096 2097152 Default LV
called a LP (Logical Partition) that allows for more
and PP
than one PP to be used (i.e. mirrored) to back values are
each portion of a LV. lower and
can be
increased
to shown
maximums

• The default filesystem on AIX is JFS2. JFS2, and it
predecessor JFS, are both journaling filesystems
that utilize the fundamental Unix filesystem
structures such as i-nodes, directory structures,
and block allocations. (Technically, JFS2 allocates
blocks in groups called "extents".)
• JFS2 is not an implementation of UFS and
expands considerably over basic filesystem features
with such capabilities as snapshots, dynamic i-node
allocation, online growth, extended attributes, and
encryption. AIX provides a layer of abstraction over
A simplistic logical view of two PVs in a VG providing mirrored all supported filesystems that map filesystem
PPs for a LV. specific structures to standard Unix filesystem tools
so that filesystems like JFS2 appear as an
• Several on-disk structures are responsible for implementation of UFS.
holding all LVM information. The VGDA resides on • While most journaled Unix filesystem
each disk and holds structural information such as implementations use inline logs (within the
the member PVs. The VGSA also resides on each filesystem structure), AIX tends to use a special
disk and contains status information on all member type of LV that is created only to contain log data.


AIX QuickStart

devices. The LVCB varies by VG type but The jfs(2)log LV can provide logging capability for
traditionally has resided in the first part of an LV more than one filesystem LV. The log type must
(when it exists as a separate structure). In match the filesystem type. JFS2 can log to an inline
addition to the basic LVM commands that manage log, but these implementations tend to be the
these structures, there are a number of lower level exception to the rule.
LVM commands that accesses this metadata more • The default filesystems that are installed with AIX:
directly.
hd1 /home
• The first disk in a VG will have two copies of the
VGDA, and a two disk VG will have one disk with a hd2 /usr
single VGDA and the other with two copies. For hd3 /tmp
three disk and larger VGs, each disk has a single
hd4 / root
copy of the VGDA.
• The concept of quorum is achieved when > 50% hd5 BLV (Boot Logical
of the copies of the VGSA/VGDAs are online. If Volume)
quorum is lost then the VG can be taken offline. hd6 Paging space
• Quorum is problematic for two disk VGs because hd8 JFS2 log
the loss of the two VGDA disk means a loss of the
entire VG. In a mirrored configuration (a typical hd9var /var
case for two-disk VGs) it is inappropriate to offline hd10opt /opt
the VG for a single disk failure. For this reason, hd11admin /admin New in 6.1
quorum rules can be turned off in the case of a two
disk mirrored VG. livedump /var/adm/ras/ New in 6.1 TL3
livedump
/proc procfs pseudo
filesystem

Management

List all PVs in a system (along) with VG Find the file usage on the /var filesystem
membership du -smx /var
lspv List users & PIDs with open files in /data04 mount
List all LVs on PV hdisk6 fuser -xuc /data04
lspv -l hdisk6 List all mounted filesystems in a factor of
List all imported VGs Gigabytes
lsvg df -g ¡ (-m and -k are also available)
List all VGs that are imported and on-line Find what PV the LV called datalv01 is on
lsvg -o lslv -l datalv01
››› The difference between lsvg and lsvg - ››› The "COPIES" column relates the mirror
o are the imported VGs that are offline. distribution of the PPs for each LP. (PPs
List all LVs on VG vg01 should only be listed in the first part of the
lsvg -l vg01 COPIES section. See the next example.) The
List all PVs in VG vg02 "IN BAND" column tells how much of the used
lsvg -p vg02 PPs in this PV are used for this LV. The
List filesystems in a fstab-like format "DISTRIBUTION" column reports the number
lsfs of PPs in each region of the PV. (The
Get extended info about the /home filesystem distribution is largely irrelevant for most
lsfs -q /home modern SAN applications.)
Create the datavg VG on hdisk1 with 64 MB PPs Create a LV with 3 copies in a VG with a single PV
mkvg -y datavg -s 64 hdisk1 mklv -c 3 -s n -t jfs2 -y badlv badvg 4
Create a 1 Gig LV on (previous) datavg ››› Note: This is an anti-example to
mklv -t jfs2 -y datalv datavg 16 demonstrate how the COPIES column works.
Create a log device on datavg VG using 1 PP This LV violates strictness rules. The COPIES
mklv -t jfs2log -y datalog1 datavg 1 column from lslv -l badlv looks like:
Format the log device created in previous example 004:004:004
logform /dev/datalog1 Move a LV from hdisk4 to hdisk5
Place a filesystem on the previously created migratepv -l datalv01 hdisk4 hdisk5
datalv Move all LVs on hdisk1 to hdisk2
crfs -v jfs2 -d datalv -m /data01 -A y migratepv hdisk1 hdisk2


AIX QuickStart

››› A jfs2 log must exist in this VG and be ››› The migratepv command is an atomic
logform(ed). (This was done in the previous command in that it does not return until
steps.) -m specifies the mount point for the complete. Mirroring / breaking LVs is an
fs, and -A y is a option to automatically alternative to explicitly migrating them. See
mount (with mount -a). additional migratepv, mirrorvg, and
Create a scalable VG called vg01 with two disks mklvcopy examples in this section.
mkvg -S -y vg01 hdisk1 hdisk2 Put a PVID on hdisk1
Create a FS using the VG as a parameter chdev -l hdisk1 -a pv=yes
crfs -v jfs2 -g simplevg -m /data04 ››› PVIDs are automatically placed on a disk
-A y -a size=100M when added to a VG
››› The VG name here is "simplevg". A Remove a PVID from a disk
default LV naming convention of fslvXX will chdev -l hdisk1 -a pv=clear
be used. The LV, and in this case log-LV, will ››› This will remove the PVID but not
be automatically created. residual VGDA and other data on the disk. dd
Take the datavg VG offline can be used to scrub remaining data from the
varyoffvg datavg disk. The AIX install CD/DVD also provides a
Vary-on the datavg VG "scrub" feature to (repeatedly) write patterns
varyonvg datavg over data on disks.
››› By default the import operation will vary- Move (migrate) VG vg02 from hdisk1 to hdisk2
on the VG. An explicit vary-on will be required extendvg vg02 hdisk2
for concurrent volume groups that can be migratepv hdisk1 hdisk2
imported onto two (or more) systems at reducevg vg02 hdisk1
once, but only varied-on on one system at a ››› Mirroring and then unmirroring is
time. another method to achieve this. See the next
Remove the datavg VG from the system example
exportvg datavg Move (mirror) VG vg02 from hdisk1 to hdisk2
Import the VG on hdisk5 as datavg extendvg vg02 hdisk2
importvg -y datavg hdisk5 mirrorvg -c 2 vg02
››› The VG in this example spans multiple unmirrorvg vg02 hdisk1
disks, but it is only necessary to specify a reducevg vg02 hdisk1
single member disk to the command. The ››› In this example it is necessary to wait for
LVM system will locate the other member the mirrors to synchronize before breaking
disks from the metadata provided on the the mirror. The mirrorvg command in this
single disk provided. example will not complete until the mirror is
Import a VG on a disk by PVID as datavg established. The alternative is to mirror in the
importvg -y datavg 00cc34b205d347fc background, but then it is up to the
Grow the /var filesystem by 1 Gig administrator to insure that the mirror
chfs -a size=+1G /var process is complete.
››› In each of the chfs grow filesystem Create a striped jfs2 partition on vg01
examples, AIX will automatically grow the mklv -C 2 -S 16K -t jfs2 -y vg01_lv01
underlying LV to the appropriate size. vg01 400 hdisk1 hdisk2
Grow the /var filesystem to 1 Gig ››› This creates a stripe width of 2 with a
chfs -a size=1G /var (total) stripe size of 32K. This command will
List the maximum LPs for LV fslv00 result in an upper bound of 2 (same as the
lslv fslv00 | grep MAX stripe size) for the LV. If this LV is to be
Increase the maximum LPs for fslv00 LV extended to another two disks later, then the
chlv -x 2048 fslv00 upper bound must be changed to 4 or
specified during creation. The VG in this
Create a mirrored copy of fslv08
example was a scalable VG.
mklvcopy -k -s y fslv08 2
Determine VG type of VG myvg
››› syncvg -l fslv08 must be run if the -k
lsvg myvg | grep "MAX PVs"
(sync now) switch is not used for mklvcopy.
››› MAX PVs is 32 for normal, 128 for big,
Add hdisk3 and hdisk4 to the vg01 VG
and 1024 for scalable VGs.
extendvg vg01 hdisk3 hdisk4
Set the system to boot to the CDROM on next boot
Mirror rootvg (on hdisk0) to hdisk1 bootlist -m normal cd0 hdisk0 hdisk1
extendvg rootvg hdisk1 ››› The system will boot to one of the mirror
mirrorvg -S rootvg hdisk1 pairs (hdisk0 or hdisk1) if the boot from the
bosboot -ad hdisk0
CD ROM does not work. This can be returned
bosboot -ad hdisk1
to normal by repeating the command without
bootlist -m normal hdisk0 hdisk1


AIX QuickStart

››› The -S option to mirrorvg mirrors the cd0.
VG in the background. Running bosboot on List the boot device for the next boot
hdisk0 is not required - just thorough. bootlist -m normal -o

◊ Command reference: lspv, lsvg, lslv, mkvg,
mklv, reducevg, extendvg, mklvcopy, chvg,
logform, lvmo, exportvg, importvg, varyonvg,
varyoffvg, bosboot, bootlist, /etc/filesystems, crfs,
chfs, lsfs, rmfs, mount, fuser, df, du

NFS

• Many of the NFS commands accept the -I, -B, List all exported file systems
or -N switches. These three switches are used to showmount -e
control the persistence of the command. -B is now ←or¡
and future boots, -I is future boot (but not now), exportfs
and -N is now (but not next boot). The -B option Temporarily export the /varuna_nfs directory
tends to be the default. The following table relates exportfs -i -o rw,root=vishnu:varuna
how these options modify the NFS commands: /varuna_nfs
››› The root users on vishnu and varuna are
Flag Now After Boot given root access to this share. This export
-I √ was used to create a system WPAR called
varuna on a LPAR called vishnu that can be
-B √ √
found in the WPAR section below.
-N √ Export all entries in /etc/exports
exportfs -av
(Temporarily) unexport the /proj share
• The NFS daemons are started out of /etc/
exportfs -u /proj
inittab using the /etc/rc.nfs script. The mknfs
Permanently export the /proj share
and rmnfs commands toggle the inittab entries mknfsexp -d /proj -t rw
and control if the NFS system starts. ››› The -N, -I, and -B options are valid with
• The "share" commands are provided for this command. Here, the -B is implied. If the
compatibility with other Unices. The share
NFS services are not set to re-start on boot
commands are links to the exportfs command.
then this export will technically not be
"permanent" as the share, even though this
Enable NFS daemons now, and on next start entry is permanent, will not be enabled after
mknfs
next boot.
Disable NFS daemons now, and on next start List clients of this host with share points
rmnfs showmount -a
See if NFS will start on boot Add an entry to the /etc/filesystems file
lsitab rcnfs
mknfsmnt -f /projects -d /proj
››› This command simply lists the rcnfs -h mumbai -A -E
entry in /etc/inittab. If one exists (and is
››› Note that the -A and -E switches cannot
not commented out) then the rc.nfs script
be stacked (-AE). -A specifies to mount on
will be run from inittab (and start NFS).
boot and -E specifies the intr mount option.
Start NFS daemons now, but not at next boot
mknfs -N
◊ Command reference: showmount, chnfs, mknfs,
←or¡
startsrc -g nfs rmnfs, nfso, automount, chnfsexp, chnfsmnt,
List the status of the NFS services exportfs, lsnfsexp, lsnfsmnt, mknfsexp,
lssrc -g nfs mknfsmnt, rmnfsexp, rmnfsmnt, mount

Other


AIX QuickStart

• The procfs is the single (default) pseudo fs. Mount DVD media in the DVD drive
Interestingly, /proc is not used by commands like mount -v udfs -o ro /dev/cd0 /mnt
ps or topas but is used by commands like truss. Mount CD media in the CD/DVD drive
Additional information on /proc can be found in mount -rv cdrfs /dev/cd0 /mnt
the header file <sys/procfs.h> and the /proc ››› Both the cdrfs and udfs are different
InfoCenter page. types as defined in /etc/vfs, but both seem
• A list of supported filesystems can be found in to work for AIX DVD media.
the /etc/vfs file.
• The cdromd daemon is used to automount CD / ◊ Command reference: chps, lsps, rmps, swapoff,
DVD media. It is not enabled by default. cdromd swapon, mount, umount, cdromd, cdeject,
uses the /etc/cdromd.conf file to configure cdmount, cdcheck, cdumount, cdutil
default options for the cdX device such as the
default mount directory.
• Paging spaces are specified in the /etc/
swapspaces file. The chps, mkps, rmps, and lsps
commands are used to modify / view this file.
Find your CD/DVD ROM
lsdev -Cc cdrom
List all paging spaces
lsps -a
Grow the hd6 paging space by 4 LPs
chps -s 4 hd6
››› The current LP count and LP/PP size can
be found using lslv hd6.

Networking

Concepts

• Ethernet devices are entX devices while enX and • The /etc/resolv.conf uses a traditional
etX devices represent different frame types that format, but can be managed via the namerslv and
run on the underlying entX device. Typically the *namsv commands. The /etc/netsvc.conf file is
enX device is what is plumbed on most networks the AIX version of the nsswitch.conf file in that
and etX is not used. it determines the service lookup order for name
• Attributes of the entX device are physical layer services.
connection settings such as speed and duplex as • Hostname lookup order is determined using /
well as driver settings such as transmit and etc/irs.conf, then /etc/netsvc.conf and
receive queue sizes. Attributes of the enX device finally $NSORDER. (The order of precedence is
are configurable items such as IP address, subnet reverse - meaning, for example, a value set in
mask, and some TCP/IP tunables. $NSORDER will be used over the other two
• Like the enX device, the inet0 device is not a methods.) The irs.conf and $NSORDER methods
physical device. It is a representation / are typically not used.
management interface for the Internet • Network related tunables can be set globally,
(networking) subsystem. The hostname, routing per-interface, or per-socket connection. Most
info and TCP/IP configuration method are global tunables are managed with the no
attributes of this device. command. Interface specific tunables are set on
• Networking is typically started from /etc/rc. the entX or the enX devices using the chdev
net using the settings stored in the ODM (and not command. AIX now recognizes a ISNO (Interface
from rc.tcpip). When started in this manner Specific Network Option) flag that overrides many
several helper commands are responsible for of the global settings and uses the settings for
pulling the config from the ODM and configuring each interface over those set globally. This is an
devices. Alternatively, /etc/rc.net can be important concept as much application
configured to use ifconfig commands or /etc/ documentation still refers to the global settings
rc.net can be bypassed completely and /etc/rc. while the default is now to use the local settings.
ISNO can be determined from querying with the


AIX QuickStart

bsdnet can be used instead. The setting that no command or looking at ifconfig results.
determines which method (rc.net or rc.bsdnet) Examples of retrieving the defaults, ranges, and
is used is stored as an attribute to the inet0 current values as well as setting new values are
device. (The point here is not necessarily to shown in the next section.
recommend the use the alternative methods but • Settings for the HEA (Host Ethernet Adapter) are
to point to where the options are set and where not always set from the OS. Physical layer
additional details on the process can be found.) settings for this device are typically set from the
• AIX supports trunking (EtherChannel / 802.3ad), ASMI menus or from the HMC.
tagged VLANs (802.1q), Virtual IP addresses • Changes were made to the AIX 6.1 network
(VIPA), dead gateway detection (multiple default tunables. The no command will list many tunables
gateways), IP multippath routing, and network as "restricted". IBM recommends against changing
adapter backup. The network adapter backup a restricted tunable from the default.
does not require EtherChannel but is part of the
smitty EtherChannel setup section.

Management

• The assumption of this section is that rc.net / To view the (current) route table
ODM is used for IP configuration. If the netstat -r
configuration is not stored in the ODM and is To view the (persistent) route table from the ODM
configured via script then many of these lsattr -EHl inet0 -a route
"temporary" commands could be used to Add an entry for "rhodes" to the hosts file
persistently configure the IP settings. hostent -a 192.168.1.101
• The following examples also assume the use of -h "rhodes.favorite.com rhodes"
en0 over et0. ››› The hostent is a command for editing
the /etc/hosts file. Most edits on this file are
List all Adapters in the system done by hand. The hostent command is
lsdev -Cc adapter mentioned here first for its potential use as a
List all interfaces in the system scripting tool, but also as an example of the
lsdev -Cc if pervasive tool-managed nature of AIX.
Initial setup of an interface List all services represented by inetd
mktcpip lssrc -ls inetd
››› Note that mktcpip has an exceptional List all open, and in use TCP and UDP ports
amount of options. They are not listed here netstat -anf inet
because this command is a prime example of List all LISTENing TCP ports
when to use SMIT. See next item for more netstat -na | grep LISTEN
typical use. Flush the netcd DNS cache
Smitty interface to initial TCP/IP setup netcdctrl -t dns -e hosts -f
smitty mktcpip Get (long) statistics for the ent0 device
››› This command is usually run once for a entstat -d ent0
system (typically in the post-install setup if ←or¡
run from CD/DVD), additional changes can be netstat -v ent0
done directly via the chdev command or via ››› Remove the -d option from entstat for
the smitty configtcp menu screen. shorter results. The output of entstat varies
Permanently set the hostname by device type. Virtual, physical, and IVE
chdev -l inet0 -a hostname=bombay (LHEA) devices all produce different results.
Temporarily add a default route Use caution and test throughly when scripting
route add default 192.168.1.1 this command.
Temporarily add an address to an interface List all network tunables
ifconfig en0 192.168.1.2 no -a
netmask 255.255.255.0 List all tunable settings in long format
Temporarily add an alias to an interface no -L
ifconfig en0 192.168.1.3 ››› The "long" format is more readable as
netmask 255.255.255.0 alias well as displaying current, default, persistent,
To permanently add an IP address to en1 min and max values.
chdev -l en1 -a netaddr=192.168.1.1 Get a description of the use_isno tunable
-a netmask=0xffffff00 no -h use_isno
Permanently add an alias to an interface ››› These descriptions were expanded in AIX


AIX QuickStart

chdev -l en0 -a 6.1. Additionally many will be listed as
alias4=192.168.1.3,255.255.255.0 restricted where they were not in previous
Remove a permanently added alias from an versions.
interface Turn off Interface Specific Network Options
chdev -l en0 -a no -p -o use_isno=0
delalias4=192.168.1.3,255.255.255.0 • The following tcpdump examples are simplistic
Remove all TCP/IP configuration from a host and limited, an extended usage description for
rmtcpip tcpdump is beyond the scope of this document.
View the settings on inet0 The intent is to give a few easy examples that can
lsattr -El inet0 be expanded to the users needs. Additional help
››› This can be run for ent0 and en0 as well. with filter expressions and command line options
These settings are typically stored in the ODM is available on the tcpdump InfoCenter page. Also
object repository CuAt and are retrievable via note that while efforts have been made to account
odmget -q name=inet0 CuAt. for line wraps in the printed version, these
Determine if rc.bsdnet is used over rc.net commands remain un-wrapped for readability.
lsattr -El inet0 -a bootup_option Watch all telnet packets from aachen
Find actual (negotiated) speed, duplex, and link tcpdump -Nq 'host aachen and (port telnet)'
entstat -d ent0 ››› -N gives short host names.
››› The interface must be up (ifconfig en0 Watch connect requests
up) for stats to be valid. The netstat -v tcpdump -q 'tcp[tcpflags] & tcp-syn != 0'
ent0 command gives similar results. ››› -q gives abbreviated packet info.
Set (desired) speed is found through the entX Watch all connection requests to port 23
device tcpdump -q 'tcp[tcpflags] & tcp-syn != 0
lsattr -El ent0 -a media_speed and port telnet'
Set the ent0 link to Gig full duplex
chdev -l ent0 -a ◊ Command reference: mktcpip, rmtcpip, ifconfig,
media_speed=1000_Full_Duplex -P netcdctrl, no, tcpdump, chdev, lsattr, entstat,
››› Auto_Negotiation is another option netstat, route, host, hostname
(see the next example).
View all configurable options for speed and duplex
lsattr -Rl ent0 -a media_speed
Find the MTU of an interface
netstat -I en0

System Configuration & Management

Devices

• Physical device to /dev device representations Get device address of hdisk1
are mapped via ODM database entries. Actual getconf DISK_DEVNAME hdisk1
locations of devices can be retrieved using the ←or¡
lscfg or lsdev commands. The mapping provided bootinfo -o hdisk1
by the ODM provides a persistent binding for ››› This is the same information available
device names across boots of the system. from other commands, just not requiring
• The mapping of physical devices to the logical greping or awking to retrieve this specific
devices in /dev is an automated process data. bootinfo is not officially supported as
performed by the operating system. It is typically an administrative command.
not required to move or otherwise re-order these Get the size (in MB) of hdisk1
devices. In a highly dynamic environment where getconf DISK_SIZE /dev/hdisk1
devices are added and removed, it may be ←or¡
advantageous to clear previous instances of a bootinfo -s hdisk1
device from the ODM and /dev directory. ››› Note that a full path to the device is
• New devices are added to the system with the required for the getconf version.
cfgmgr command. Logical instances of of devices Find the possible parent devices of hdisk0
can be removed from the system via the rmdev lsparent -Cl hdisk0


AIX QuickStart

command. rmdev simply tells the system to forget ››› This lists all devices that support that
the device, so unless the physical device is device type, not the specific parent of this
actually removed it will simply be found and re- device. See the following lsdev examples for
created when the cfgmgr command is run again methods of finding parent devices.
(e.g. at next boot). List all child devices of scsi1
• Device support requires that the appropriate lsdev -Cp scsi1
packages (drivers) are installed for each device. List all disks belonging to scsi1
The default AIX install includes support for devices lsdev -Cc disk -p scsi1
not on the system. If a device is newer or a Test if hdisk2 is a child device of scsi2
minimal OS install was done then support may not lsdev -Cp scsi2 -l hdisk2
be included for new devices. In this case the ››› This command will list all devices that
cfgmgr command will flag an error that an meet the criteria of being hdisk2 and
unsupported device has been found. belonging to scsi2. Either it will list a device
• Device configuration options are stored in the or it will not.
pre-defined device databases of the ODM. Find the location of an Ethernet adapter
Information about actual devices are stored in the lscfg -l ent1
configured device databases of the ODM. These Find device specific info of an Ethernet adapter
configured options include instances and well as lscfg -vl ent1
configuration options to the devices / drivers. ››› One key piece of device specific info
• The lsdev command is used to list devices in would be the MAC address. This command
the predefined and configured device (ODM) works for HBAs and other addressed
databases. The lscfg command is used to display adapters. The *stat commands also tend to
VPD (Vital Product Data) information about each return addresses, often formatted in a more
device. To find all devices the system knows or readable manner. See the next example for
has configured at one time use the lsdev an HBA / with the grep command to isolate
command. To search for a device by a specific the address.
type, class, parent device or other complex Find the WWN of the fcs0 HBA adapter
criteria use the lsdev command. To find the serial lscfg -vl fcs0 | grep Network
number or device specific identifier of a device use Get statistics and extended information on HBA
the lscfg command. fcs0
fcstat fcs0
List all devices on a system ››› Similar *stat commands exist for
lsdev numerous types of devices such as entstat,
››› lsdev queries the predefined or ibstat, tokstat, fddistat, etc..
configured databases using the -P and -C List all MPIO paths for hdisk0
flags respectively. In this case the -C flag is lspath -l hdisk0
implied. Addition of the -H option includes Temporarily change console output to /cons.out
column header info. swcons /cons.out
List all disk devices on a system ››› Use swcons to change back.
lsdev -Cc disk Find the slot of a PCI Ethernet adapter
››› See next example for a list of potential lsslot -c pci -l ent0
classes as arguments to the -c option. ››› The lsslot command is used to find
List all customized device classes cards that are hot-swappable. Not all systems
lsdev -Cr class will support this command.
››› Customized device classes mean that
they exist (or have existed) on the system. ◊ Command reference: lsdev, lsparent, lscfg,
For a list of predefined devices (ones that AIX lsattr, chdev, rmdev, cfgmgr, lscons, swcons,
could support) change the -C option for -P.
fcstat, entstat, ibstat, getconf getconf, lsslot,
List locations of all hdisks in the system
drslot
lscfg -l 'hdisk*'
››› This can be accomplished via the lsdev
command. The point here is to show the use
of wildcards in a lscfg option.
Remove hdisk5
rmdev -dl hdisk5
››› The -d option removes the configured
device entry from the ODM. Unless the device
is physically removed, cfgmgr will bring it
back.


AIX QuickStart

SMIT (System Management Interface Tool)

• SMIT is a system management tool that assists • SMIT can be invoked from the command line
the administrator with AIX utilities by providing an using smit or smitty. smit will start either the
ASCII (curses) / X-Window GUI interface to those curses based version or the X Window version
tools. SMIT provides pick lists and menus for depending upon the presence of the X Window
command line options to AIX tools. The interface system. smitty will always start the curses (tty)
is designed to aid with recognition of more version.
obscure switches, provide additional security & • Additional information on customizing the SMIT
accounting, and perform some validation on the interface can be found on the "Extending SMIT For
input to those commands. Common Localized Tasks" page.
• The SMIT interface is not a monolithic binary,
but an extensible framework of screens that relies • Key sequences (for the curses version)
upon underlying OS commands to do the work.
Each SMIT screen is stored as a collection of ODM F3 (Esc-3) Exit current screen
objects in SMIT specific object classes. F4 (Esc-4) Generate a pop-up list that can be
• Stepping through the complex menu system can chosen from
be avoided by jumping directly to a screen when a F6 (Esc-6) List the command that will be run
fastpath is specified when SMIT is invoked. Fast
paths are single word (no spaces) phrases that F5 (Esc-5) Reset the field to the original / default
value
typically are the command that will be run in that
screen. The fast path for the current screen can F8 (Esc-8) Show the fast-path tag for this screen
be determined by using the F8 key while in that F10 (Esc-0) Exit SMIT
screen.
/phrase Search for phrase in a list
• Sample fastpaths:
n Used to find the next occourence of the
mktcpip Initial TCP/IP setup
search phrase
lvm Root of the LVM menus
Tab Used to alternatively select items from
mkuser Screen to add a user a "ring" (a short list).
pgsp Root of the paging space menus
_nfs Root of NFS menus • Symbols that denote field data requirements:
subserver inetd config * This is a required field
mpio Root screen for all MPIO operations # This field requires a numeric value
etherchannel Root of EtherChannel / 802.3ad memus / This field requires a path
chgenet Configure paramaters on the ent device X This field requires a hexadecimal number
(s) ? The data entered will not be displayed
vlan Root of menus to manage VLAN + Data can be retrieved from a list
configurations
mkvg Beginning screen to create a new VG

• SMIT will save a script of runnable commands in
~/smit.script and ~/smit.transaction as well
as a log of commands run in ~/smit.log. When
invoked with the -x switch, SMIT will not run any
of the commands but will write the commands it
would run to ~/smit.script and ~/smit.
transaction. (Note: With the -x switch SMIT will
still run the discovery commands to build lists and
find default/existing values but not the action
commands.)

SRC


AIX QuickStart

• The SRC (System Resource Controller) is a Start the cdromd service
process manager that is used to spawn, monitor, startsrc -s cdromd
and control services. Many of the standard Unix ››› There is not a persistent flag for the
daemons are managed via this interface on AIX. startsrc command. For this service to
• SRC does not have a persistent "service profile" automatically start on the next boot, a
and therefore does not comprehend persistence change must be made to one of the system
beyond the current boot. For this reason, it is initialization files. In this case, an entry must
necessary to find where the service is started and be made in /etc/initttab.
add or remove the startsrc (service start) Stop the cdromd service
command there. The most popular locations for stopsrc -s cdromd
this are rc.tcp and inittab. Send a refresh request to the syslogd service
• SRC controlled processes must be started and refresh -s syslogd
stopped via the SRC interface. If a SRC process ››› This would typically be communicated
dies or is killed the srcmstr daemon will re-spawn via a HUP signal. Not all SRC controlled
that process and log an error to the system error processes respond to a refresh request and
log. may require a HUP signal.
• The core process for SRC (srcmstr) is spawned
from /etc/initttab. Services that run under SRC ◊ Command reference: lssrc, startsrc, stopsrc,
control do not leave their process group (ie: have refresh, srcmstr
a PPID of 1), but instead, stay children of srcmstr.

List the status of the cdromd service
lssrc -s cdromd
List the status of inetd subservices
lssrc -l -s inetd
List the status of all members of the NFS group
lssrc -g nfs

Performance / Kernel / Tuning

• The primary statistics provider for most basic splat - [T] Simple Performance Lock Analysis
performance commands on AIX is the Perfstat Tool. Provides lock statistics. Must be
API / kernel extension (See /usr/include/ run on a system booted with lock trace
libperfstat.h.) This API supports most non- reporting enabled.
trace based performance related tools.
spray - Network load generation tool using a
• The trace-based tools (denoted by a "T" in the
remote sprayd daemon. Requires the
list below) utilize the trace facility. These tools
RPC daemon (rpc-sprayd) to be
generate significantly more detail than the
registered.
perfstat based tools. Unfortunately the level of
detail provided by these tools comes at the svmon - Displays general to detailed reports of
expense of performance. Caution should be used VM usage on the system as a whole or
when running these tools on a production system. for individual processes.
• AIX 6.1 introduced probevue, a lightweight tcpdump - Capture network packets. Packets can
dynamic trace facility that provides trace-like be filtered by type, port, interface,
insight but with a minimal performance impact. address, or other criteria. Packets can
The probevue command utilizes scripts written in be captured with detail or in summary.
the Vue language to define what events to capture See examples at the end of the
data on and how to report that data. Additional networking examples section.
information can be found on the ProbeVue page. topas - topas is a curses-based, interactive,
• With the introduction of Micro-partitions many multi-area, general performance
commands were modified both to account for reporting tool. topas is often the first
performance statistic gathering in the virtualized tool used in a performance tuning
environment as well as reporting virtual statistics. exercise. New topas users may find
When WPARs were introduced many commands useful info on the local introduction to
were extended to report per-WPAR or WPAR topas page.
specific statistics. The WPAR specific options are
typically enabled with the -@ switch. Commands in tprof - [T@] A trace based profiling tool.


AIX QuickStart

the following list that support this option are truss - Reports syscall, signals, and most
marked with the "@" symbol. aspects of system interaction by a
• The *o commands (vmo, schedo, no, nfso, raso, process.
ioo, and lvmo) are used to view and set system
uptime - Reports system uptime as well as 1, 5,
related tunables. Persistent tunables are saved in /
and 15 minute system load averages.
etc/tunables/nextboot. Some persistent
tunables are inserted in and set from the BLV vmstat - [@] Report statistics from the virtual
(therefore they require that bosboot run to set memory subsystem.
the value for next boot.
• The following is a list of general and lower-level • Note: The examples section is not meant to be
system commands for performance and comprehensive or even well representative of the
diagnostics: available options and performance monitoring
atmstat - Show statistics and device details for methods. The scope and design of this page does
ATM adapters not allow for a full treatment of the performance
tools. Each section requires a careful selection of
curt - [T@] CPU Utilization Reporting Tool. A the command examples and information that is of
trace based tool for monitoring CPU use. This section requires significantly more
activity. abbreviation to fit in a reasonable space. The goal
entstat - Show statistics and device details for has been to give a mix of some common examples
Ethernet adapters along with some that are slightly atypical.
fcstat - Show statistics and device details for • Most iterative commands here use two second
FC HBAs intervals. This is done only to make them
consistent when showing the iterative options.
fddistat - Show statistics and device details for
FDDI adapters
List processes in ptree-like output
fileplace - Show fragmentation and block / fs ps -T1
usage for a file. List all file opens for the ls process
filemon - [T@] Generate a report of advanced / truss -topen ls
detailed disk statistics that highlights List all file opens for a running PID
where I/O was generated and what truss -topen -p 274676
generated it. ››› 274676 is simply a PID that was active
on the system when I created the example.
gprof - Generate profiling statistics for a
List all open files for a running PID
binary.
procfiles -n 274676
iostat - [@] Supports I/O statistics on List all memory segments for a running PID
multiple device types, but used svmon -P 274676
primarily as a first line disk I/O Get a filename for an inode from previous results
statistic reporting tool. ncheck -i 1041 /dev/hd4
ipcrm - [@] Remove IPC (InterProcess ››› Once again, this example is of a local (to
Communication) semaphores, this system) inode value. In this case svmon
message queues, and shared memory returned the inode and filesystem of the file -
segments the actual filename was desired.
ipcs - [@] List IPC (InterProcess Enable advanced statistics gathering on VG datavg
Communication) semaphores, lvmstat -v datavg -e
message queues, and shared memory ››› Use -e to enable, -d to disable.
segments Monitor network throughput for ent0
while [ 1 ] ; do entstat -r ent0 | grep
iptrace - Network packet tracing daemon.
Bytes ; sleep 2 ; done
Results can be viewed with ipreport
››› First column is transmit and second is
istat - A command line stat() tool. It gives receive. This is a non-curses based example,
similar info to ls but in potentially see the next example for a topas based
more scriptable output. solution.
kdb - An interactive user-space command Monitor network throughput for all interfaces
for viewing kernel structures, memory topas -E
locations, tables, etc... from a running Paging - in use
system or a dump of the kernel. svmon -i 2
››› The -i 2 parameter tells to iterate every
two seconds.
Paging - activity


AIX QuickStart

lparstat - [@] Reports per-LPAR statistics - vmstat 2
primarily memory and CPU utilization. Show top-like CPU usage by process
Also reports virtualization-aware topas -P
statistics such as entitlement Show system wide CPU usage
consumption and hypervisor calls. The mpstat 2
WPAR flag on this command is -W not Get NFS server statistics
-@. while [ 1 ] ; do nfsstat -s ; sleep 2 ;
done
lvmstat - Reports I/O statistics on VG Generate CPU load
structures (as opposed to per-disk dd if=/dev/random of=/dev/null
statistics). Statistics gathering must List I/O stats organized by adapter
be enabled with the -e switch before iostat -a 2
use. Get extended I/O stats on just two disks
mpstat - [@] Reports performance statistics iostat -D hdisk0 hdisk1 2
such as interrupts, context switches, List I/O stats by file system
min/maj faults, system calls, and iostat -F 2
processor affinity. ››› Not supported on 5.3
netpmon - [T@] Reports detailed network, Show network statistics for interfaces
socket, and NFS related statistics over netstat 2
an interval.
netstat - [@] Show networking status for TCP/
UDP through physical layers.
pmcycles - A tool to measure actual CPU speed
(presumably for CPUs that may go
into power save).
pprof - [T@] Reports detailed statistics on
kernel threads.
probevue - Lightweight dynamic tracing tool that
utilizes the Vue language. Additional
ProbeVue resources are available
locally on the ProbeVue page.
ps - [@] List processes
pstat - Show the contents of several system
tables from a core file or active kernel.
rmss - Tool to simulate a reduced memory
footprint for an application. Running
the LPAR with reduced memory may
be a more popular alternative to this
command.

ODM


AIX QuickStart

• The ODM (Object Data Manager) is a database • Object classes are implemented as one or two
store for system information on AIX. The ODM is files depending upon the data types used in the
primarily used for system items such as device definition of the object class. The primary file has
instances and the configuration options for those the same name as the object class. An optional
devices but may also be used for applications such file ending in .vc is used for variable length and
as SMIT. multi-byte nchar data. The ODM data files are not
• The ODM is a collection of object classes (files) recognized by the file command so I have
that are primarily in /etc/objrepos but also included a sample MAGIC for both file types.
stored in /usr/lib/objrepos, /usr/share/lib/
objrepos and the BLV. The copy and/or location
0 long 0x000dcfac ODM data file
of the ODM to use is specified either by an
0 long 0x000caa1c ODM variable data
application or the ODMDIR / ODMPATH
file
environmental variables. For example, the SMIT
screens are stored in object classes in /usr/lib/ MAGIC entries for ODM files
objrepos but can be stored in an alternate ODM
source. • Many introductions to the ODM use typical
››› See the "Extending SMIT For Common database examples to show how data is stored
Localized Tasks" page for info on using an and retrieved. While this is useful for
alternate ODM source for SMIT. understanding the structure of an object class it is
• While applications can create object classes counter-productive in that it masks what is really
anywhere they wish, the system object classes stored in the ODM. Another method of learning
primarily exist in the three directories listed in the the ODM is to use the truss-query method. This
previous point. This is done to separate data means that you wrap a command in truss (truss
based upon the type of filesystem it is in. Data -topen) to capture the file opens, then query the
that is specific to a system is stored in /etc/ resulting object classes for the data they contain.
objrepos. Platform specific data that can be • The ODM command line tools work on two
shared across systems (such as a network boot) is different formats of input/output from the object
stored in /usr/lib/objrepos. Platform classes. The structure of the object classes are
independent data that can be share across defined in a syntax that is very similar to a C
systems is stored in /usr/share/lib/objrepos. struct. Actual object data is structured in a stanza
One example of this is the lpp object class that format.
exists in all three locations. The lslpp -l will
query each of these object classes and display class my_object_class {
each in its own group. short descriptor1;
• The primary benefits of the ODM is that it stores short descriptor2;
complex data, enforces data types on that data, vchar text[1024];
and provides a rich API / set of command line };
utilities to access it. The API supports locking that Example of odmcreate/odmshow struct. (Nonsensical table
insures a view consistency that is not guaranteed with two short int(eger)s and a string.)
with flat files.
• When mapping ODM to database concepts, an
ODM object class is the equivalent of a database CuAt:
table, and is implemented as one or more files. An name = "inet0"
ODM object would be a row in that table. An attribute = "hostname"
object descriptor would be the equivalent of a value = "mumbai"
database column definition. type = "R"
• The ODM supports relations in the form of the generic = "DU"
"link" data type. It does not allow for joins of the rep = "s"
data, nor does it enforce referential integrity nls_index = 24
during inserts. The ODM does not enforce a Example of odmadd/odmget stanza syntax. (Actual output
primary key, specifically the unique constraint of a from a system.)
key. For this reason, it is possible to have
duplicate objects in a object class.
• ODM command line tools:
Steps to shrink an ODM object class called "Bloat"
odmshow Bloat > Bloat.definition
odmget Bloat > Bloat.data
odmcreate Bloat.definition
odmadd Bloat.data


AIX QuickStart

odmget Query data from an ODM object class. ››› odmshow saves the table definition.
Specific queries are supported with the - odmget saves the table data. odmcreate re-
q option, but it is not possible to limit creates the table. odmadd restores the data.
results to specific "columns" without This is not a popular task on AIX. The
using another command like grep. If the example here is more to relate the purposes
query string is omitted, then all data will
of the commands and give some insight into
be returned. (This is an effecive way to
back up the data from the object class.)
how they can be used.
The data will be returned in the odmadd/ Determine the ODM files opened by lsattr
odmget stanza format. truss -topen lsattr -El inet0
Query CuAt for the inet0 config
odmadd Insert data into an ODM object class. The
data must be in the odmadd/odmget
odmget -o CuAt -q name=inet0
stanza format. Because null values are
not allowed, all "columns" must be filled • The SMIT customization page has more ODM
with appropriate data. command examples.
odmchange Change data in an ODM object class. A
query syntax allows the user to specify a ◊ Command reference: odmget, odmadd,
limited set of objects (rows). The data odmchange, odmcreate, odmdelete, odmdrop,
changed is specified in a odmadd/odmget
odmshow
stanza format. The stanza file does not
need to be complete as only the
descriptors (columns) present in the
stanza file will be changed in each
matched object.
odmcreate Creates an ODM object class based upon
an odmcreate/odmshow "struct" file. The
ODM file will be created in the default
directory. Existing object classes with the
same name will be overwritten without
warning.
odmdelete Will delete objects (rows) from an ODM
object class. The -q query syntax is
supported to limit the objects deleted. If
the query is omitted, all items will be
deleted. Selective delete operations can
lead to bloated object class files.
odmdrop Deletes an entire ODM object class. All
objects (rows) and the object class itself
will be deleted. All object class files are
deleted. Future queries to this object
class will fail.
odmshow Create a odmcreate/odmshow struct
output based upon the description of the
ODM object class. The results will define
each descriptor (column) in the object
class (table) as well as have other data
related to the current contents of the
object class in comment format. This
output can be used to re-create an
empty object class using the odmcreate
command.

Software Management


AIX QuickStart

• A fileset is the smallest manageable component List all software packages on /dev/cd0
in the LPP (Licensed Program Product) hierarchy. installp -l -d /dev/cd0
A package is a collection of related filesets. An LPP ››› It is not necessary to explicitly mount /
is a group of packages that tend to fall within one dev/cd0. The installp command will do it
product type, such as "bos" - the base operating automatically. None of the examples using /
system. dev/cd0 (including SMIT) in this section
• Filesets are divided by what part of the system require the explicit mounting of the CD/DVD
they install to. This is either "root", "usr", or ROM.
"share". These divisions are determined by install List the software in the default repository location
location as well as platform dependence / installp -ld /usr/sys/inst.images
independence. Use the lslpp -O flag with r, u, or List all RPM packages on the system
s options to list filesets from only one location. rpm -qa
(Additional discussion of this is found in the ODM List all files in the installed gcc RPM
section and the three separate lpp ODM data rpm -ql gcc-4.2.0-3
stores - one for each fileset install location.) List all filesets that are applied, and can be
• Most administrators perform installs via the committed or rejected
SMIT or NIM methods. SMIT is most popular for installp -s
simple one-off installs and smaller environments. List packages on media in /dev/cd0
Use of installp directly from the command line is gencopy -Ld /dev/cd0
significantly more complex than SMIT or NIM. Copy contents of CD to local directory
• The most popular SMIT fast paths are gencopy -d /dev/cd0 -t /proj/instsrc
install_latest and update_all. The install fast -UX all
path requires that a package repository be Copy contents of CD to default local directory
specified on the first screen then presents the gencopy -d /dev/cd0 -UX all
user with a screen of install options to include the Download AIX 5.3 TL10 updates to local repository
option to browse and select from the supplied suma -x -a Action=Download
repository. -a RqType=TL -a RqName=5300-10
• Bundles are simply formatted lists of packages ››› The updates will be placed in the default
to be installed as a unit. Bundle files are stored local repository in /usr/sys/inst.images.
locally in /usr/sys/inst.data/sys_bundles and / Install the mkinstallp tool
usr/sys/inst.data/user_bundles. Bundles can installp -acgXYd /usr/sys/inst.images
be installed using the smitty easy_install bos.adt.insttools
command. ››› The options are:
• Filesets can be installed in the applied or -a Apply
committed states. Applied filesets retain previous -c Commit
versions and can be rolled back to the previous -g Install prerequsites
version (rejected). The first version of a fileset -X Extend filesystems if necessary
installed on a system is always committed. -Y Agree to licenses
• SUMA (Service Update Management Assistant) is -d <dir> Specify a source
a method to automate the retrieval of system bos.adt.insttools pagkage to install
updates from the Internet.
Backup the rootvg
mksysb -eivX /mnt/bombay.mksysb
List all installed filesets separated by filesystem
››› The options are:
type
-e Exclude files listed in /etc/exclude.rootvg
lslpp -l
-i Create an /image.data file
List all installed filesets with combined filesystem
-v List files as they are backed up
info
lslpp -L -X Extend /tmp if necessary
››› Adding the -c option will make this /mnt/bombay.mksysb The file to create
output scriptable in that it will be colon
As this command will back up all mounted
delimited. See the next example.
filesystems in rootvg it is necessary to
List just the filesets on a system
lslpp -Lc | cut -d : -f 2 account for the potential size of this file. The
root user has a file size limit (fsize) and can
List all files in the bos.mp64 fileset
lslpp -f bos.mp64 be temporarily disabled with ulimit -f
unlimited
List all files in the root part of bos.rte.shell
lslpp -Or -f bos.rte.shell
◊ Command reference: installp, inutoc, lslpp,
List what known fileset provides ksh
which_fileset ksh emgr, gencopy, suma, mksysb


AIX QuickStart

List the installed fileset that provides /usr/bin/
ksh
lslpp -w /usr/bin/ksh
››› *ksh* would have worked, but more
results.

Users / Groups

• AIX users and groups have an administrative
attribute that determines who can make changes
to that user or group. Only the root user (or
equivalent RBAC role) can modify a user or group
that has the admin attribute set. Regular, non-
admin accounts, may be modified by members of
the security group. Non-admin groups can have
group administrators (that are not part of the
security group) that can modify the group
members.
• The following is a table that represents how the
admin attribute of a user/group effects who can
modify that item:
admin root security users on
attribute = user group the
group
adms list
user true Yes No N/A
false Yes Yes N/A
group true Yes No No
false Yes Yes Yes

• RBAC (Role Based ACcounting) is a natural
maturation from using simple SUID/SGID binaries
to a more granular method of granting privileges
to users to accomplish tasks. Legacy RBAC was
introduced in AIX 4.2.1, and was upgraded to
Enhanced RBAC in AIX 6.1. This document refers
to the Enhanced version of RBAC and only
mentions Legacy RBAC in contrast where
appropriate.
• Legacy RBAC was a simplified method to divide
root tasks into groups and give non-root users
ability to perform those tasks. This was done with
traditional SUID/SGID applications that then
checked to see if the user was assigned the
privilege before the task was attempted. As a
result, it required specialized binaries that were Relationship between RBAC files.
potentially open to exploit because the processes
they spawned still had effective root access. The
benefit was the more granular division of Create an admin group called wfavorit with GID
responsibilities that RBAC promises. 501
Unfortunately, Legacy RBAC was not sufficient to mkgroup -a id=501 wfavorit
change many administrator's minds on the use of List the attributes of the just-created group
root for all tasks administrative. wfavorit
• Enhanced RBAC does not rely upon SUID/SGID lsgroup wfavorit
applications but instead allows for granular Create an admin user called wfavorit with UID 501
permissions based upon the users role mkuser -a id=501 shell=/usr/bin/ksh


AIX QuickStart

membership and only the permissions required to home=/home/wfavorit pgrp=wfavorit
complete the task. The kernel only allows wfavorit
authorizations to non-root users for very specific Set the password for user wfavorit (run as
actions instead of relying on the application code privileged user)
to grant that access. pwdadm wfavorit ←or¡ passwd wfavorit
• A user is assigned a role that aligns with an Add wfavorit as member of the security group
administrative task such as the ability to restart chgrpmem -m + wfavorit security
(or shutdown) the system. The role is a grouping Make a group with wfavorit as the admin
method that defines all authorizations that are mkgroup adms=wfavorit favorite
required to accomplish that type of task. Make wfavorit an administrator of the proj group
Commands, files, and devices are added to priv* chgrpmem -a + wfavorit proj
files that define what authorizations are required List all users on the system
to perform that specific task or access that file / lsuser -a ALL
device. When a command is run, the required ››› The -a switch lists specific attributes, but
authorizations are checked against the in this case it is empty and only the user
authorizations assigned to roles for the user names are displayed. See other lsuser
running the command. If the user lacks sufficient examples in this section for other uses of the
access then permission is denied. -a switch.
• The following table lists the key configuration List all admin users on the system
files in the Enhanced RBAC system, the lsuser -a admin ALL | grep =true
commands used to access/modify those files and List attributes for user wfavorit in a stanza format
what the files are for. lsuser -f wfavorit
user.roles chuser Provides a mapping List login history for user wfavorit
mkuser between existing users last wfavorit
lsuser and existing roles - both List the fsize ulimit for user wfavorit
of which are defined lsuser -a fsize wfavorit
elsewhere. Change the file size ulimit to unlimited for wfavorit
roles chrole Defines roles as either a chuser fsize=-1 wfavorit
mkrole group of authorizations or List all groups and their IDs
lsrole of sub-roles. lsgroup -a id ALL
rmrole List all members of the favorite group
authorizations mkauth Defines user created chgrpmem favorite
chauth authorizations. System
lsauth authorizations are defined ◊ User / Group admin command reference:
rmauth elsewhere. mkuser, chuser, rmuser, lsuser, pwdadm,
privcmds setsecattr Lists all authorizations mkgroup, chgroup, rmgroup, lsgroup, chgrpmem,
lssecattr that are required for a usrck, grpck, pwdck
rmsecattr command to complete its
task. ◊ RBAC command reference: setkst, chrole,
mkrole, lsrole, rmrole, mkauth, chauth, lsauth,
privfiles setsecattr Lists all authorizations
lssecattr that are required to read rmauth, ckauth, setsecattr, lssecattr, rmsecattr
rmsecattr or write to a file. ◊ User command reference: users, w, who,
privdevs setsecattr Lists all authorizations whoami, whodo, id, chsh, passwd, setgroups,
lssecattr that are required to read ulimit, setsenv, last, finger
rmsecattr or write to a device.

• The user environmental variables are stored in /
etc/environment and /etc/security/environ.
The variables set in /etc/environment are given
to all users and processes while the settings in /
etc/security/environ are per-user.
• User limits are set for login processes from the /
etc/security/limits file. The chuser command
can be used to modify this file.
• The default options for the mkuser command are
stored in /usr/lib/security/mkuser.default.
• The /etc/security/passwd file is the shadow
password file.


AIX QuickStart

• The last command returns login information for
the system (from the /var/adm/wtmp file. The /
etc/security/lastlog file contains per-user
information on each users login attempts.

Other

Boot Process

• The normal numbers represent what you see as cfgcon configures console c31
the step begins. The red numbers are error codes
(cfgcon exit codes. c33 is assumed c32, c33, or c34
when that command / step fails. This is not a
here)
complete list of error codes. A more complete set
can be found in Diagnostic Information for System hang detection is started c33
Multiple Bus Systems. Graphical desktop is (optionally) started
savebase updates ODM copy on BLV 530
Power on syncd & errdemon started
Hardware initialization System LED is turned off
Retrieve bootlist from NVRAM rm -f /etc/nologin
Locate BLV and load into memory 20EE000B
Start several optional services
Kernel initializes and mounts RAM FS
log: "System initialization completed"
Phase 1 (rc.boot 1)
Phase 3 complete, init continues
RAM FS is resized processing inittab
Logging begins
• The previous boot process listing is for a normal
restbase copies ODM to RAM FS 548 disk boot. This will vary for network, tape, and CD
cfgmgr configures base devices in 510 boots. Read the contents of /sbin/rc.boot for
ODM specifics on each boot device method and type
bootinfo determines boot device 511,554 (normal or service).
• The boot order is stored in NVRAM. The settings
Phase 2 (rc.boot 2) are set and retrieved using the bootlist
ipl_varyon varies on rootvg 551,552,554,556 command.
fsck of / 517,555 • The BLV (Boot Logical Volume) is /dev/hd5. It is
created / updated with the bosboot command.
mount of / 517,557
• bosboot updates the boot record at the start of
fsck & mount of /usr 517,518
the disk, copies the SOFTROS from /usr/lib/
fsck & mount of /var 517,518 boot/aixmon.chrp, copies the bootexpand utility,
copycore, umount /var 517 copies the kernel from /unix, creates a copy of the
swapon /dev/hd6 517 RAM FS from the list of files in /usr/lib/boot/
chrp.disk.proto, and creates a base ODM.
RAM FS version of ODM copied to / 517
etc/objrepos
RAM FS version of /dev copied to disk 517
mount /var 517,518
Actual boot log written to (from RAM 517
FS version)
rc.boot 2 is finished 553
Kernel changes root from RAM FS to 553
disk
Phase 3 553
Kernel invokes init from rootvg 553 Layout of a bootable disk with hd5 shown.
init invokes rc.boot 3 553

• The kernel loaded from hd5 (the BLV) is the


AIX QuickStart

fsck & mount of /tmp 517,518 kernel the system will run under for the entirety of
syncvg -v rootvg & 517 the boot (until the system is shutdown or
restarted). For this reason it is important to re-run
Load streams modules 517 bosboot every time that the kernel is updated or
Configure secondary dump device 517 some boot-time kernel options are set.
cfgmgr -p2 (Normal) or cfgmgr - 517, 521-529 • This is an abbreviated list of boot codes. cfgmgr
p3 (Service) (alone) produces numerous display messages and
potential error codes, far more than is practical to
Continued ¡
display here.

◊ Command reference: bosboot, bootlist

Error Logging

• AIX has three error logging and reporting Write a message to the errlog
methods; alog, errlog, and syslog. The alog is an errlogger "This is not Solaris!"
extensible collection of logs, but primarily is used Display the entire contents of the errlog
for boot and console logging. errlog is used errpt
primarily for system and hardware messages. ››› Add -a or -A for varying levels of
syslog is the traditional logging method. verbosity.
• HMC managed systems will also have a log of Clear all entries from the errlog
serviceable events relating to all systems on that errclear 0
HMC. Clear all entries from the errlog up to 7 days ago
• Both errpt and alog keep binary circular logs. errclear 7
For this reason, neither requires the rotation List info on error ID FE2DEE00
process that is used for syslog logs. errpt -aDj FE2DEE00
• A curses based error log browser can be found ››› The ID is from the IDENTIFIER column in
locally on the errbr page. errpt output.
• The AIX syslog.conf uses *.debug for all, not Put a "tail" on the error log
*.* errpt -c
• The following alog examples use the boot log as List all errors that happened today
an example. These examples are transferable to errpt -s `date +%m%d0000%y`
any of the other existing logs as well as those List all errors on hdisk0
created in addition to the AIX supplied logs. errpt -N hdisk0
To list details about the error log
List all logs alog knows about /usr/lib/errdemon -l
alog -L To change the size of the error log to 2 MB
Dump the contents of the boot log to stdout /usr/lib/errdemon -s 2097152
alog -o -t boot syslog.conf line to send all messages to a log file
Send the current date to the boot log *.debug /var/log/messages
date | alog -t boot syslog.conf line to send all messages to error log
Increase the size of the boot log to twice the *.debug errlog
default.
alog -C -t boot -s 8192 ◊ Command reference: alog, errpt, errlogger,
››› Note: This changes the definition in the errdemon, errclear
ODM, the size will be applied the next time
that the log is re-created.
Clear the boot log
rm /var/adm/ras/bootlog
echo "boot log cleared on `date`"
| alog -t boot
Find the current alog file size setting for the boot
log
odmget -q attribute="boot_logsize"
SWservAt

WPAR


AIX QuickStart

• WPARs (Workload PARtitions) are an AIX 6.1 Create the rudra WPAR with default options
feature that can be used to capture a process tree mkwpar -n rudra
and lock it into its own environment. An AIX ››› This command will pull the IP
system can host multiple WPARs that each appear configuration for ruda from DNS. Naturally,
to be nearly identical to a regular system. All rudra must be defined in DNS for the global
processes in the WPAR are subject to the environment to find.
environment of that WPAR such as devices, Start the rudra WPAR
filesystems, configurations, and networking startwpar -v rudra
unique to that WPAR. Log into the console of rudra
• There are two types of WPARs, system and clogin rudra -l root
application. The key differences are that a system Create indra WAPR with useful options
WPAR begins at the init process while an mkwpar -A -n indra -r -s -v
application WPAR begins at the application process -A = Start automatically on system boot.
and the system WPAR has dedicated file systems -n name = Workload partition name.
while the application may not. System WPARs can -r = Copy global network name resolution
be "sparse" or "whole root" but it is the configuration into the workload partition.
application WPAR that is most different from the -s = Start after creation.
other container implementations. -v = Verbose mode.
• The hosting AIX system is called the "global Create a WPAR on a dedicated VG
environment". The key differences in the global mkwpar -n varuna -A -g varuna_vg
environment is that it runs the kernel, owns the -r -s -v
devices, and can host WPARs. Significant effort ››› If a VG or other filesystem options are
has been taken for the user environment of a not supplied then the filesystems for a
WPAR to be indistinguishable from the global system WPAR will be created from LVs on the
environment. That said, the administrator needs rootvg. This command uses a dedicated VG
to be aware of what environment she is in to called varuna_vg. The /usr and /opt
perform various tasks. filesystems will still be shared with the global
• Because of the limited and contextually relevant WPAR and therefore will still come from
administrative environment of a WPAR, some rootvg but will not take any additional space.
commands behave differently than others when If the -l option was used in the above
run in a WPAR or the global environment.
command then a new /usr and /opt would
Generally speaking, the more lower level the
have been created for this WPAR using the
command, the more appropriate it is to run in the
specified VG.
global environment. One example of
Create an additional fs on dedicated VG
administration tasks most appropriate for the
crfs -v jfs2 -g varuna_vg
global environment is device management
-m /wpars/varuna/data01 -u varuna
commands. While a (system) WPAR has devices,
-a size=100M
the devices in a WPAR are much different than
››› This command is run from the global
those in the global environment.
environment. The mount point is within the
• WPARs are started from /etc/inittab with the /
varuna root filesystem (/wpars/varuna) so
etc/rc.wpars script, using the configuration
that it can be seen by the varuna WPAR. The -
information in /etc/wpars/.
u varuna option specifies this fs as part of
• By default, the root filesystems of sytem WPARs
the varuna mount group so that it will be
are created in /wpars/WPAR_name/. The
mounted when varuna starts.
filesystems are browsable by (properly
Remove the varuna WPAR
permissioned) users of the global environment. rmwpar -s varuna
Users in a WPAR cannot see filesystems of other
››› -s stops it first, -p preserves the
WPARs.
filesystems. (In this case we delete the
• By default the /usr, /opt, and /proc
underlying filesystems.)
filesystems of a system WPAR are shared with the Create a WPAR with mount options
global environment via a read-only "namefs" vfs mkwpar -n varuna -r -s
type. (/proc is mounted read-write in each of the -M directory=/ vfs=nfs
non-global WPARs.) As a result, software and dev=/varuna_nfs host=shiva
updates cannot be applied to these read-only -M directory=/var vfs=directory
WPAR views of the filesystems from the WPAR. -M directory=/home vfs=directory
Filesystems that are local to the WPAR (such as / -M directory=/tmp vfs=directory
home, /, /tmp, and /var) can be modified from -M directory=/usr vfs=directory
within the WPAR. Examples in this section show


AIX QuickStart

the default read-only and alternate options for -M directory=/opt vfs=directory
these filesystems. ››› The mkwpar command in this example
• Some options for system WPAR filesystems uses a remote NFS share to host the
include: filesystems for this system WPAR. It also
– Using a dedicated VG or external NFS mount specifies that each of the regular mount
for WPAR filesystems. (Unless otherwise points will instead be directories and not
specified, system WPAR filesystems are created mounts. The resulting WPAR will have only
from rootvg.) two mount points, one for the / filesystem
– Using a single LV for all local filesystems. (The and one for the /proc filesystem. The NFS
default filesystem layout is similar to traditional mount in this example must be root
AIX installs in that it will be broken into multiple mountable by both the global environment
LVs / filesystems.) and the system WPAR. An example of the
– Creating a dedicated (local copy) of the /usr actual (but temporary) NFS share is given in
and /opt file systems. (In the default filesystem the NFS section above.
setup /home, /, /tmp, and /var are unique to the List all WPARs on the system
WPAR while /usr and /opt are views on the lswpar
actual file systems in the global environment.) ››› Default output will include Name, State,
– Creating additional filesystems dedicated to the Type, Hostname, and Directory. Valid types
WPAR. (This can take the form of a NFS mount or are S (System), A (Application) and C
a dedicated filesystem just for the WPAR.) (Checkpointable).
• A number of commands support a new -@ flag Determine if you are in global WPAR
for WPAR related output. The required parameters uname -W
and output of the -@ flag varies by command, and ››› This command will print 0 to stdout and
what environment the command is run in (WPAR return 0 if in a global environment, and give
or global). non-zero values if in a system WPAR. Another
• A system WPAR is started and stopped much method is to look for the wio0 device in
like a separate OS with the startwpar and lsdev output - wio0 only exists in a system
stopwpar commands. These act effectively as WPAR.
boot and shutdown operations. The shutdown will List WPARs with (basic) network configuration
be the most familiar, while the boot operation is lswpar -N
significantly different from booting a system. Change rudra WPAR to start on system boot
Instead of bootstrapping the system from a disk, chwpar -A rudra
the WPAR startup process involves bringing online List all processes in the indra WPAR from global
all the required filesystems, changing to that root ps -ef@ indra
filesystem / environment, and then picking up the List ports / connections for the global environment
boot process at init. (This is a simplistic treatment netstat -naf inet -@ Global
of the process designed to illustrate the difference ››› Run in global environmnet.
from a system boot of something like a LPAR in a Stop WPAR rudra from global
virtualized environment.) stopwpar -v rudra
• Application WPARs are not started like a system Start apache in an application WPAR
WPAR. It is more appropriate to describe them as wparexec -n varuna
being executed in a different context. Application /usr/sbin/apachectl start &
WPARs can see the global environment ››› In this example varuna is defined in
filesystems and devices, they inherit everything DNS. Because the -h flag is not used, the
not explicitly set by the wparexec command. The hostname will default to the WPAR name, and
large majority of examples and discussion in this will pull IP configuration from DNS for that
section refer to system WPARs. host. Subnet mask, name resolution, and all
• The Solaris implementation of containers offers other settings will be inherited from the
a command called zonename that tells what zone appropriate interface in the Global
the user is in. It works like the hostname environment.
command when run from a zone but returns the
word "global" when run from the global ◊ Command reference: mkwpar, chwpar, lswpar,
environment. AIX provides the uname -W to tell if rmwpar, startwpar, stopwpar, wparexec,
you are in a WPAR or not. I have included the rebootwpar, syncwpar, syncroot
logic (script) to create a wparname command that
tells if you are in a WPAR as well as the hostname
of the WPAR (like the zonename command).


AIX QuickStart

#!/bin/sh

if (( `uname -W > /dev/null 2>&1` ))
then
echo "global"
else
hostname
fi
Sample source of wparname command.

About this QuickStart

Created by: William Favorite (wfavorite@tablespace.net)
Updates at: http://www.tablespace.net/quicksheet/
Disclaimer: This document is a guide and it includes no express warranties to the suitability, relevance, or compatibility of its
contents with any specific system. Research any and all commands that you inflict upon your command line.
Distribution:Copies of this document are free to redistribute as long as credit to the author and tablespace.net is retained in the
printed and electronic versions.


Aix6+quick+ref+sheet

More Related Content

What's hot (19)

Viewers also liked (14)

Similar to Aix6+quick+ref+sheet (20)

Recently uploaded (20)

Aix6+quick+ref+sheet