aix quickstart

21/07/13 6:01 PM AIX QuickStart Page 1 of 21 Main Page -> QuickSheets -> AIX QuickStart AIX QuickStart Version 1.0.0 Date: 3/29/10 This document is written based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX. Overview Design Philosophy • AIX is primarily a tool-managed Unix. While some Unices have a file-managed interface, AIX tends to use stanza files and ODM databases as data stores for configuration options. This makes many configuration options rather difficult or simply impossible with just a text editor. The AIX alternative is to leverage an expansive set of specialized tools for all configuration options. • AIX is well integrated with System P hardware. As typical with big-Unix implementations, AIX has a tight integration with the hardware it runs on. The result of this integration is an OS that not only provides extensive diagnosis and reporting of hardware issues, but also is designed to exploit numerous hardware features. IBM extends this integration even more by allowing AIX insight into the virtualization layer with abilities like virtual processor folding. • IBM tends to lead with hardware and follow with the OS. Major releases of the OS tend to coincide with new hardware features and leverage those advances in the hardware. While other Unices may take a software-centric approach to a solution, IBM tends to rely upon all layers of the system to an end. One good example of this is the maturity and depth of virtualization technologies that permeate the System P product line. • Commands in AIX generally follow a verb-noun syntax. The verbs tend to be ls (list), mk (make), rm (remove), and ch (change). The nouns vary by the target area such as dev, fs, vg, and ps. Even many of the odd-named variants follow a similar syntax such as crfs, reducevg, and installp. • Both System P hardware and AIX are heavily geared towards virtualization. AIX is practically a para-virtualized environment in how well it is integrated with the System P virtualization technologies. At the user level, all performance and management commands have been modified to account for differences that occur in a virtualized environment. Despite and because of these changes, a virtualized environment is virtually indistinguishable from a non-virtualized environment to the user. • AIX has a stable interface. While the management tools and style of those tools has not changed within AIX for over a decade, the technologies supported by AIX has grown considerably. This is a significant feature of AIX in that it introduces new technologies within a consistent, approachable, and well designed interface. • The LVM integration with AIX is thorough and mature. From the install, management, and maintenance every aspect of LVM design dovetails into other components of the OS, firmware, and hardware to create an unparalleled environment. It is for this reason that AIX systems are more likely to be SAN booted and less likely to have 3rd party LVM products layered on top than other Unices. • A central focus of IBM design has been on RAS features. Particularly with Power 6 systems, IBM has designed extensive error detection and recovery into the products. AIX is just one enabling component to this end. All systems from CPU, memory, I/O busses, to system processes are considered and accounted for in this design. Acronyms & Definitions CoD - Capacity on Demand. The ability to add compute capacity in the form of CPU or memory to a running system by simply activating it. The resources must be pre-staged in the system prior to use and are (typically) turned on with an activation key. There are several different pricing models for CoD. DLPAR - Dynamic Logical Partition. This was used originally as a further clarification on the concept of MSPP - Multiple Shared Processor Pools. This is a capability introduced in Power 6 systems that allows for more than one SPP. NIM - Network Installation Management / Network Install Manager (IBM documentation refers to both expansions of the acronym.) NIM is a means to perform remote initial BOS installs, and manage software on groups of AIX systems. ODM - Object Data Manager. A database and

Upload: effierizal

Post on 19-Nov-2015




4 download




  • 21/07/13 6:01 PMAIX QuickStart

    Page 1 of 21

    Main Page -> QuickSheets -> AIX QuickStart

    AIX QuickStartVersion 1.0.0Date: 3/29/10

    This document is written based upon AIX 6.1, not all commands or concepts apply to previous versions of AIX.

    OverviewDesign Philosophy

    AIX is primarily a tool-managed Unix. While someUnices have a file-managed interface, AIX tends touse stanza files and ODM databases as data storesfor configuration options. This makes manyconfiguration options rather difficult or simplyimpossible with just a text editor. The AIXalternative is to leverage an expansive set ofspecialized tools for all configuration options.

    AIX is well integrated with System P hardware. Astypical with big-Unix implementations, AIX has atight integration with the hardware it runs on. Theresult of this integration is an OS that not onlyprovides extensive diagnosis and reporting ofhardware issues, but also is designed to exploitnumerous hardware features. IBM extends thisintegration even more by allowing AIX insight intothe virtualization layer with abilities like virtualprocessor folding.

    IBM tends to lead with hardware and follow with theOS. Major releases of the OS tend to coincide withnew hardware features and leverage thoseadvances in the hardware. While other Unices maytake a software-centric approach to a solution, IBMtends to rely upon all layers of the system to anend. One good example of this is the maturity anddepth of virtualization technologies that permeatethe System P product line.

    Commands in AIX generally follow a verb-nounsyntax. The verbs tend to be ls (list), mk (make),rm (remove), and ch (change). The nouns vary bythe target area such as dev, fs, vg, and ps. Evenmany of the odd-named variants follow a similarsyntax such as crfs, reducevg, and installp.

    Both System P hardware and AIX are heavilygeared towards virtualization. AIX is practically apara-virtualized environment in how well it isintegrated with the System P virtualizationtechnologies. At the user level, all performanceand management commands have been modifiedto account for differences that occur in avirtualized environment. Despite and because ofthese changes, a virtualized environment isvirtually indistinguishable from a non-virtualizedenvironment to the user.

    AIX has a stable interface. While the managementtools and style of those tools has not changedwithin AIX for over a decade, the technologiessupported by AIX has grown considerably. This is asignificant feature of AIX in that it introduces newtechnologies within a consistent, approachable,and well designed interface.

    The LVM integration with AIX is thorough andmature. From the install, management, andmaintenance every aspect of LVM design dovetailsinto other components of the OS, firmware, andhardware to create an unparalleled environment. Itis for this reason that AIX systems are more likelyto be SAN booted and less likely to have 3rd partyLVM products layered on top than other Unices.

    A central focus of IBM design has been on RASfeatures. Particularly with Power 6 systems, IBMhas designed extensive error detection andrecovery into the products. AIX is just one enablingcomponent to this end. All systems from CPU,memory, I/O busses, to system processes areconsidered and accounted for in this design.

    Acronyms & Definitions

    CoD - Capacity on Demand. The ability to addcompute capacity in the form of CPU or memory toa running system by simply activating it. Theresources must be pre-staged in the system priorto use and are (typically) turned on with anactivation key. There are several different pricingmodels for CoD.

    DLPAR - Dynamic Logical Partition. This was usedoriginally as a further clarification on the concept of

    MSPP - Multiple Shared Processor Pools. This is acapability introduced in Power 6 systems thatallows for more than one SPP.

    NIM - Network Installation Management / NetworkInstall Manager (IBM documentation refers to bothexpansions of the acronym.) NIM is a means toperform remote initial BOS installs, and managesoftware on groups of AIX systems.

    ODM - Object Data Manager. A database and

  • 21/07/13 6:01 PMAIX QuickStart

    Page 2 of 21

    an LPAR as one that can have resourcesdynamically added or removed. The most popularusage is as a verb; ie: to DLPAR (add) resources toa partition.

    HEA - Host Ethernet Adapter. The physical port of theIVE interface on some of the Power 6 systems. AHEA port can be added to a port group and sharedamongst LPARs or placed in promiscuous mode andused by a single LPAR. (See IVE)

    HMC - Hardware Management Console. An"appliance" server that is used to manage Power 4,5, and 6 hardware. The primary purpose is toenable / control the virtualization technologies aswell as provide call-home functionality, remoteconsole access, and gather operational data.

    IVE - Integrated Virtual Ethernet. The capability toprovide virtualized Ethernet services to LPARswithout the need of VIOS. This functionality wasintroduced on several Power 6 systems.

    IVM - Integrated Virtualization Manager. This is amanagement interface that installs on top of theVIOS software that provides much of the HMCfunctionality. It can be used instead of a HMC forsome systems. It is the only option forvirtualization management on the blades as theycannot have HMC connectivity.

    LHEA - Logical Host Ethernet Adapter. The virtualinterface of a IVE in a client LPAR. Thesecommunicate via a HEA to the outside / physicalworld. (See IVE)

    LPAR - Logical Partition. This is a collection of systemresources (CPU, Memory, I/O adapters) that canhost an operating system. To the operating systemthis collection of resources appears to be acomplete physical system. Some or all of theresources on a LPAR may be shared with otherLPARs in the physical system.

    LV - Logical Volume. A collection of one or more LPs(Logical Partitions) in a VG (Volume Group) thatprovide storage for filesystems, journal logs,paging space, etc... See the LVM section foradditional information.

    LVCB - Logical Volume Control Block. A LVMstructure, traditionally within the LV, that containsmetadata for the LV. See the LVM section foradditional information.

    MES - Miscellaneous Equipment Specification. This isa change order to a system, typically in the form ofan upgrade. A RPO MES is for Record PurposesOnly. Both specify to IBM changes that are madeto a system.

    supporting methods used for storing systemconfiguration data in AIX. See the ODM section foradditional information.

    PP - Physical Partition. An LVM concept where a diskis divided into evenly sized sections. These PPsections are the backing of LPs (Logical Partitions)that are used to build volumes in a volume group.See the LVM section for additional information.

    PV - Physical Volume. A PV is an LVM term for anentire disk. One or more PVs are used to constructa VG (Volume Group). See the LVM section foradditional information.

    PVID - Physical Volume IDentifier. A unique ID that isused to track disk devices on a system. This ID isused in conjunction with the ODM database todefine /dev directory entries. See the LVM sectionfor additional information.

    SMIT - System Management Interface Tool. Anextensible X Window / curses interface toadministrative commands. See the SMIT sectionfor additional information.

    SPOT - Shared Product Object Tree. This is aninstalled copy of the /usr file system. It is used in aNIM environment as a NFS mounted resource toenable remote booting and installation.

    SPP - Shared Processor Pool. This is an organizationalgrouping of CPU resources that allows caps andguaranteed allocations to be set for an entiregroup of LPARs. Power 5 systems have a singleSPP, Power 6 systems can have multiple.

    VG - Volume Group. A collection of one or more PVs(Physical Volumes) that have been divided into PPs(Physical Partitions) that are used to construct LVs(Logical Volumes). See the LVM section foradditional information.

    VGDA - Volume Group Descriptor Area. This is aregion of each PV (Physical Volume) in a VG(Volume Group) that is reserved for metadata thatis used to describe and manage all resources in theVG. See the LVM section for additional information.

    Disks, LVM, & FilesystemsConcepts

    LVM (Logical Volume Manager) is the ever-presentdisk and volume management framework for AIX.The level of integration is visible not only infileystem commands that understand theunderlying LVM, but in other, higher level,commands like the install and backup utilities that

    The ODM is central to managing off-disk LVMstructures and physical device to hdisk mappings.When a VG is created or imported this informationis added to the ODM as well as other system filessuch as /etc/filesystems.

    AIX LVM supports several versions of VGs that have

  • 21/07/13 6:01 PMAIX QuickStart

    Page 3 of 21

    can optionally grow filesytems when necessary. Physical disks (hdisks) are placed under LVM

    control by adding them to a VG (volume group).Within LVM, these disks are referred to as PVs(Physical Volumes).

    Each PV in a VG contains a unique ID called a PVID.The PVID of a disk is used to track all disks in aVG, but also provides a device name independencethat makes importing, exporting, and diskmanagement much simpler. Because the uniquecharacteristics of the disk become the identifier,the device name remains consistent but does notneed to as (properly) renaming / reordering disksunder LVM control is of little consequence.

    Once a hdisk is placed into a VG it is divided into PP(Physical Partitions). PPs are then used to createLVs (Logical Volumes). An additional layer ofabstraction is placed between an LV and a PP calleda LP (Logical Partition) that allows for more thanone PP to be used (i.e. mirrored) to back eachportion of a LV.

    A simplistic logical view of two PVs in a VG providingmirrored PPs for a LV.

    Several on-disk structures are responsible forholding all LVM information. The VGDA resides oneach disk and holds structural information such asthe member PVs. The VGSA also resides on eachdisk and contains status information on all memberdevices. The LVCB varies by VG type buttraditionally has resided in the first part of an LV(when it exists as a separate structure). In additionto the basic LVM commands that manage thesestructures, there are a number of lower level LVMcommands that accesses this metadata moredirectly.

    The first disk in a VG will have two copies of theVGDA, and a two disk VG will have one disk with asingle VGDA and the other with two copies. Forthree disk and larger VGs, each disk has a singlecopy of the VGDA.

    The concept of quorum is achieved when > 50% ofthe copies of the VGSA/VGDAs are online. Ifquorum is lost then the VG can be taken offline.

    Quorum is problematic for two disk VGs becausethe loss of the two VGDA disk means a loss of theentire VG. In a mirrored configuration (a typicalcase for two-disk VGs) it is inappropriate to offlinethe VG for a single disk failure. For this reason,quorum rules can be turned off in the case of a two

    been introduced over the lifetime of the product.The VG types are normal, big, and scalable.Normal VGs were the original creation and aremore limited than the big or scalable types. Theeasiest way to tell the type of an existing VG is tolook at the Max PV value for the VG (see examplein the next section).VGType






    Legacy 32 256 3512 Can beconverted to BigVG

    Big -B 128 512 130048 LVCB data isstored in thehead of the dataarea in the LV

    Scalable -S 1024 4096 2097152 Default LV andPP values arelower and can beincreased toshownmaximums

    The default filesystem on AIX is JFS2. JFS2, and itpredecessor JFS, are both journaling filesystemsthat utilize the fundamental Unix filesystemstructures such as i-nodes, directory structures,and block allocations. (Technically, JFS2 allocatesblocks in groups called "extents".)

    JFS2 is not an implementation of UFS and expandsconsiderably over basic filesystem features withsuch capabilities as snapshots, dynamic i-nodeallocation, online growth, extended attributes, andencryption. AIX provides a layer of abstractionover all supported filesystems that map filesystemspecific structures to standard Unix filesystemtools so that filesystems like JFS2 appear as animplementation of UFS.

    While most journaled Unix filesystemimplementations use inline logs (within thefilesystem structure), AIX tends to use a specialtype of LV that is created only to contain log data.The jfs(2)log LV can provide logging capability formore than one filesystem LV. The log type mustmatch the filesystem type. JFS2 can log to aninline log, but these implementations tend to bethe exception to the rule.

    The default filesystems that are installed with AIX:hd1 /homehd2 /usrhd3 /tmphd4 / roothd5 BLV (Boot Logical

    Volume)hd6 Paging spacehd8 JFS2 loghd9var /varhd10opt /opthd11admin /admin New in 6.1livedump /var/adm/ras/livedump New in 6.1 TL3

    /proc procfs pseudofilesystem

  • 21/07/13 6:01 PMAIX QuickStart

    Page 4 of 21

    disk mirrored VG.


    List all PVs in a system (along) with VG membershiplspv

    List all LVs on PV hdisk6lspv -l hdisk6

    List all imported VGslsvg

    List all VGs that are imported and on-linelsvg -o The difference between lsvg and lsvg -o are

    the imported VGs that are offline.List all LVs on VG vg01lsvg -l vg01

    List all PVs in VG vg02lsvg -p vg02

    List filesystems in a fstab-like formatlsfs

    Get extended info about the /home filesystemlsfs -q /home

    Create the datavg VG on hdisk1 with 64 MB PPsmkvg -y datavg -s 64 hdisk1

    Create a 1 Gig LV on (previous) datavgmklv -t jfs2 -y datalv datavg 16

    Create a log device on datavg VG using 1 PPmklv -t jfs2log -y datalog1 datavg 1

    Format the log device created in previous examplelogform /dev/datalog1

    Place a filesystem on the previously created datalvcrfs -v jfs2 -d datalv -m /data01 -A y A jfs2 log must exist in this VG and be

    logform(ed). (This was done in the previoussteps.) -m specifies the mount point for the fs,and -A y is a option to automatically mount(with mount -a).

    Create a scalable VG called vg01 with two disksmkvg -S -y vg01 hdisk1 hdisk2

    Create a FS using the VG as a parametercrfs -v jfs2 -g simplevg -m /data04 \ -A y -a size=100M The VG name here is "simplevg". A default LV

    naming convention of fslvXX will be used. TheLV, and in this case log-LV, will beautomatically created.

    Take the datavg VG offlinevaryoffvg datavg

    Vary-on the datavg VGvaryonvg datavg By default the import operation will vary-on

    the VG. An explicit vary-on will be required forconcurrent volume groups that can beimported onto two (or more) systems at once,but only varied-on on one system at a time.

    Remove the datavg VG from the systemexportvg datavg

    Import the VG on hdisk5 as datavgimportvg -y datavg hdisk5 The VG in this example spans multiple disks,

    but it is only necessary to specify a singlemember disk to the command. The LVMsystem will locate the other member disks

    Find the file usage on the /var filesystemdu -smx /var

    List users & PIDs with open files in /data04 mountfuser -xuc /data04

    List all mounted filesystems in a factor of Gigabytesdf -g (-m and -k are also available)

    Find what PV the LV called datalv01 is onlslv -l datalv01 The "COPIES" column relates the mirror

    distribution of the PPs for each LP. (PPs shouldonly be listed in the first part of the COPIESsection. See the next example.) The "INBAND" column tells how much of the used PPsin this PV are used for this LV. The"DISTRIBUTION" column reports the numberof PPs in each region of the PV. (Thedistribution is largely irrelevant for mostmodern SAN applications.)

    Create a LV with 3 copies in a VG with a single PVmklv -c 3 -s n -t jfs2 -y badlv badvg 4 Note: This is an anti-example to demonstrate

    how the COPIES column works. This LVviolates strictness rules. The COPIES columnfrom lslv -l badlv looks like: 004:004:004

    Move a LV from hdisk4 to hdisk5migratepv -l datalv01 hdisk4 hdisk5

    Move all LVs on hdisk1 to hdisk2migratepv hdisk1 hdisk2 The migratepv command is an atomic

    command in that it does not return untilcomplete. Mirroring / breaking LVs is analternative to explicitly migrating them. Seeadditional migratepv, mirrorvg, andmklvcopy examples in this section.

    Put a PVID on hdisk1chdev -l hdisk1 -a pv=yes PVIDs are automatically placed on a disk

    when added to a VGRemove a PVID from a diskchdev -l hdisk1 -a pv=clear This will remove the PVID but not residual

    VGDA and other data on the disk. dd can beused to scrub remaining data from the disk.The AIX install CD/DVD also provides a "scrub"feature to (repeatedly) write patterns overdata on disks.

    Move (migrate) VG vg02 from hdisk1 to hdisk2extendvg vg02 hdisk2migratepv hdisk1 hdisk2reducevg vg02 hdisk1 Mirroring and then unmirroring is another

    method to achieve this. See the next exampleMove (mirror) VG vg02 from hdisk1 to hdisk2extendvg vg02 hdisk2mirrorvg -c 2 vg02unmirrorvg vg02 hdisk1reducevg vg02 hdisk1 In this example it is necessary to wait for the

    mirrors to synchronize before breaking the

  • 21/07/13 6:01 PMAIX QuickStart

    Page 5 of 21

    from the metadata provided on the single diskprovided.

    Import a VG on a disk by PVID as datavgimportvg -y datavg 00cc34b205d347fc

    Grow the /var filesystem by 1 Gigchfs -a size=+1G /var In each of the chfs grow filesystem examples,

    AIX will automatically grow the underlying LVto the appropriate size.

    Grow the /var filesystem to 1 Gigchfs -a size=1G /var

    List the maximum LPs for LV fslv00lslv fslv00 | grep MAX

    Increase the maximum LPs for fslv00 LVchlv -x 2048 fslv00

    Create a mirrored copy of fslv08mklvcopy -k -s y fslv08 2 syncvg -l fslv08 must be run if the -k (sync

    now) switch is not used for mklvcopy.Add hdisk3 and hdisk4 to the vg01 VGextendvg vg01 hdisk3 hdisk4

    Mirror rootvg (on hdisk0) to hdisk1extendvg rootvg hdisk1mirrorvg -S rootvg hdisk1bosboot -ad hdisk0bosboot -ad hdisk1bootlist -m normal hdisk0 hdisk1 The -S option to mirrorvg mirrors the VG in

    the background. Running bosboot on hdisk0is not required - just thorough.

    mirror. The mirrorvg command in thisexample will not complete until the mirror isestablished. The alternative is to mirror in thebackground, but then it is up to theadministrator to insure that the mirror processis complete.

    Create a striped jfs2 partition on vg01mklv -C 2 -S 16K -t jfs2 -y vg01_lv01 \ vg01 400 hdisk1 hdisk2 This creates a stripe width of 2 with a (total)

    stripe size of 32K. This command will result inan upper bound of 2 (same as the stripe size)for the LV. If this LV is to be extended toanother two disks later, then the upper boundmust be changed to 4 or specified duringcreation. The VG in this example was ascalable VG.

    Determine VG type of VG myvglsvg myvg | grep "MAX PVs" MAX PVs is 32 for normal, 128 for big, and

    1024 for scalable VGs.Set the system to boot to the CDROM on next bootbootlist -m normal cd0 hdisk0 hdisk1 The system will boot to one of the mirror pairs

    (hdisk0 or hdisk1) if the boot from the CDROM does not work. This can be returned tonormal by repeating the command withoutcd0.

    List the boot device for the next bootbootlist -m normal -o

    Command reference: lspv, lsvg, lslv, mkvg, mklv,

    reducevg, extendvg, mklvcopy, chvg, logform,lvmo, exportvg, importvg, varyonvg, varyoffvg,bosboot, bootlist, /etc/filesystems, crfs, chfs, lsfs,rmfs, mount, fuser, df, du


    Many of the NFS commands accept the -I, -B, or -N switches. These three switches are used tocontrol the persistence of the command. -B is nowand future boots, -I is future boot (but not now),and -N is now (but not next boot). The -B optiontends to be the default. The following table relateshow these options modify the NFS commands:Flag Now After Boot-I



    The NFS daemons are started out of /etc/inittab

    using the /etc/rc.nfs script. The mknfs andrmnfs commands toggle the inittab entries andcontrol if the NFS system starts.

    The "share" commands are provided forcompatibility with other Unices. The sharecommands are links to the exportfs command.

    Enable NFS daemons now, and on next startmknfs

    Disable NFS daemons now, and on next start

    List all exported file systemsshowmount -eorexportfs

    Temporarily export the /varuna_nfs directoryexportfs -i -o rw,root=vishnu:varuna \ /varuna_nfs The root users on vishnu and varuna are

    given root access to this share. This exportwas used to create a system WPAR calledvaruna on a LPAR called vishnu that can befound in the WPAR section below.

    Export all entries in /etc/exportsexportfs -av

    (Temporarily) unexport the /proj shareexportfs -u /proj

    Permanently export the /proj sharemknfsexp -d /proj -t rw The -N, -I, and -B options are valid with this

    command. Here, the -B is implied. If the NFSservices are not set to re-start on boot thenthis export will technically not be "permanent"as the share, even though this entry ispermanent, will not be enabled after next

  • 21/07/13 6:01 PMAIX QuickStart

    Page 6 of 21

    rmnfsSee if NFS will start on bootlsitab rcnfs This command simply lists the rcnfs entry in

    /etc/inittab. If one exists (and is notcommented out) then the rc.nfs script will berun from inittab (and start NFS).

    Start NFS daemons now, but not at next bootmknfs -Norstartsrc -g nfs

    List the status of the NFS serviceslssrc -g nfs

    boot.List clients of this host with share pointsshowmount -a

    Add an entry to the /etc/filesystems filemknfsmnt -f /projects -d /proj \ -h mumbai -A -E Note that the -A and -E switches cannot be

    stacked (-AE). -A specifies to mount on bootand -E specifies the intr mount option.

    Command reference: showmount, chnfs, mknfs,

    rmnfs, nfso, automount, chnfsexp, chnfsmnt,exportfs, lsnfsexp, lsnfsmnt, mknfsexp, mknfsmnt,rmnfsexp, rmnfsmnt, mount


    The procfs is the single (default) pseudo fs.Interestingly, /proc is not used by commands likeps or topas but is used by commands like truss.Additional information on /proc can be found inthe header file and the /procInfoCenter page.

    A list of supported filesystems can be found in the/etc/vfs file.

    The cdromd daemon is used to automount CD /DVD media. It is not enabled by default. cdromduses the /etc/cdromd.conf file to configuredefault options for the cdX device such as thedefault mount directory.

    Paging spaces are specified in the/etc/swapspaces file. The chps, mkps, rmps, andlsps commands are used to modify / view this file.

    Find your CD/DVD ROMlsdev -Cc cdrom

    List all paging spaceslsps -a

    Grow the hd6 paging space by 4 LPschps -s 4 hd6 The current LP count and LP/PP size can be

    found using lslv hd6.

    Mount DVD media in the DVD drivemount -v udfs -o ro /dev/cd0 /mnt

    Mount CD media in the CD/DVD drivemount -rv cdrfs /dev/cd0 /mnt Both the cdrfs and udfs are different types

    as defined in /etc/vfs, but both seem to workfor AIX DVD media.

    Command reference: chps, lsps, rmps, swapoff,

    swapon, mount, umount, cdromd, cdeject,cdmount, cdcheck, cdumount, cdutil


    Ethernet devices are entX devices while enX andetX devices represent different frame types thatrun on the underlying entX device. Typically theenX device is what is plumbed on most networksand etX is not used.

    Attributes of the entX device are physical layerconnection settings such as speed and duplex aswell as driver settings such as transmit and receivequeue sizes. Attributes of the enX device areconfigurable items such as IP address, subnetmask, and some TCP/IP tunables.

    Like the enX device, the inet0 device is not aphysical device. It is a representation /management interface for the Internet(networking) subsystem. The hostname, routinginfo and TCP/IP configuration method are

    The /etc/resolv.conf uses a traditional format,but can be managed via the namerslv and *namsvcommands. The /etc/netsvc.conf file is the AIXversion of the nsswitch.conf file in that itdetermines the service lookup order for nameservices.

    Hostname lookup order is determined using/etc/irs.conf, then /etc/netsvc.conf andfinally $NSORDER. (The order of precedence isreverse - meaning, for example, a value set in$NSORDER will be used over the other twomethods.) The irs.conf and $NSORDER methodsare typically not used.

    Network related tunables can be set globally, per-interface, or per-socket connection. Most globaltunables are managed with the no command.

  • 21/07/13 6:01 PMAIX QuickStart

    Page 7 of 21

    attributes of this device. Networking is typically started from /etc/

    using the settings stored in the ODM (and not fromrc.tcpip). When started in this manner severalhelper commands are responsible for pulling theconfig from the ODM and configuring devices.Alternatively, /etc/ can be configured touse ifconfig commands or /etc/ can bebypassed completely and /etc/rc.bsdnet can beused instead. The setting that determines whichmethod ( or rc.bsdnet) is used is stored asan attribute to the inet0 device. (The point here isnot necessarily to recommend the use thealternative methods but to point to where theoptions are set and where additional details on theprocess can be found.)

    AIX supports trunking (EtherChannel / 802.3ad),tagged VLANs (802.1q), Virtual IP addresses(VIPA), dead gateway detection (multiple defaultgateways), IP multippath routing, and networkadapter backup. The network adapter backup doesnot require EtherChannel but is part of the smittyEtherChannel setup section.

    Interface specific tunables are set on the entX orthe enX devices using the chdev command. AIXnow recognizes a ISNO (Interface Specific NetworkOption) flag that overrides many of the globalsettings and uses the settings for each interfaceover those set globally. This is an importantconcept as much application documentation stillrefers to the global settings while the default isnow to use the local settings. ISNO can bedetermined from querying with the no command orlooking at ifconfig results. Examples of retrievingthe defaults, ranges, and current values as well assetting new values are shown in the next section.

    Settings for the HEA (Host Ethernet Adapter) arenot always set from the OS. Physical layer settingsfor this device are typically set from the ASMImenus or from the HMC.

    Changes were made to the AIX 6.1 networktunables. The no command will list many tunablesas "restricted". IBM recommends against changinga restricted tunable from the default.


    The assumption of this section is that /ODM is used for IP configuration. If theconfiguration is not stored in the ODM and isconfigured via script then many of these"temporary" commands could be used topersistently configure the IP settings.

    The following examples also assume the use of en0over et0.

    List all Adapters in the systemlsdev -Cc adapter

    List all interfaces in the systemlsdev -Cc if

    Initial setup of an interfacemktcpip Note that mktcpip has an exceptional amount

    of options. They are not listed here becausethis command is a prime example of when touse SMIT. See next item for more typical use.

    Smitty interface to initial TCP/IP setupsmitty mktcpip This command is usually run once for a

    system (typically in the post-install setup if runfrom CD/DVD), additional changes can be donedirectly via the chdev command or via thesmitty configtcp menu screen.

    Permanently set the hostnamechdev -l inet0 -a hostname=bombay

    Temporarily add a default routeroute add default

    Temporarily add an address to an interfaceifconfig en0 \ netmask

    Temporarily add an alias to an interfaceifconfig en0 \ netmask alias

    To permanently add an IP address to en1

    To view the (current) route tablenetstat -r

    To view the (persistent) route table from the ODMlsattr -EHl inet0 -a route

    Add an entry for "rhodes" to the hosts filehostent -a \ -h " rhodes" The hostent is a command for editing the

    /etc/hosts file. Most edits on this file aredone by hand. The hostent command ismentioned here first for its potential use as ascripting tool, but also as an example of thepervasive tool-managed nature of AIX.

    List all services represented by inetdlssrc -ls inetd

    List all open, and in use TCP and UDP portsnetstat -anf inet

    List all LISTENing TCP portsnetstat -na | grep LISTEN

    Flush the netcd DNS cachenetcdctrl -t dns -e hosts -f

    Get (long) statistics for the ent0 deviceentstat -d ent0ornetstat -v ent0 Remove the -d option from entstat for

    shorter results. The output of entstat variesby device type. Virtual, physical, and IVE(LHEA) devices all produce different results.Use caution and test throughly when scriptingthis command.

    List all network tunablesno -a

    List all tunable settings in long formatno -L The "long" format is more readable as well as

    displaying current, default, persistent, min and

  • 21/07/13 6:01 PMAIX QuickStart

    Page 8 of 21

    chdev -l en1 -a netaddr= \ -a netmask=0xffffff00

    Permanently add an alias to an interfacechdev -l en0 -a \ alias4=,

    Remove a permanently added alias from an interfacechdev -l en0 -a \ delalias4=,

    Remove all TCP/IP configuration from a hostrmtcpip

    View the settings on inet0lsattr -El inet0 This can be run for ent0 and en0 as well.

    These settings are typically stored in the ODMobject repository CuAt and are retrievable viaodmget -q name=inet0 CuAt.

    Determine if rc.bsdnet is used over rc.netlsattr -El inet0 -a bootup_option

    Find actual (negotiated) speed, duplex, and linkentstat -d ent0 The interface must be up (ifconfig en0 up)

    for stats to be valid. The netstat -v ent0command gives similar results.

    Set (desired) speed is found through the entX devicelsattr -El ent0 -a media_speed

    Set the ent0 link to Gig full duplexchdev -l ent0 -a \ media_speed=1000_Full_Duplex -P Auto_Negotiation is another option (see the

    next example).View all configurable options for speed and duplexlsattr -Rl ent0 -a media_speed

    Find the MTU of an interfacenetstat -I en0

    max values.Get a description of the use_isno tunableno -h use_isno These descriptions were expanded in AIX 6.1.

    Additionally many will be listed as restrictedwhere they were not in previous versions.

    Turn off Interface Specific Network Optionsno -p -o use_isno=0

    The following tcpdump examples are simplistic andlimited, an extended usage description for tcpdumpis beyond the scope of this document. The intent isto give a few easy examples that can be expandedto the users needs. Additional help with filterexpressions and command line options is availableon the tcpdump InfoCenter page. Also note thatwhile efforts have been made to account for linewraps in the printed version, these commandsremain un-wrapped for readability.

    Watch all telnet packets from aachentcpdump -Nq 'host aachen and (port telnet)' -N gives short host names.

    Watch connect requeststcpdump -q 'tcp[tcpflags] & tcp-syn != 0' -q gives abbreviated packet info.

    Watch all connection requests to port 23tcpdump -q 'tcp[tcpflags] & tcp-syn != 0and port telnet'

    Command reference: mktcpip, rmtcpip, ifconfig,

    netcdctrl, no, tcpdump, chdev, lsattr, entstat,netstat, route, host, hostname

    System Configuration & ManagementDevices

    Physical device to /dev device representations aremapped via ODM database entries. Actual locationsof devices can be retrieved using the lscfg orlsdev commands. The mapping provided by theODM provides a persistent binding for devicenames across boots of the system.

    The mapping of physical devices to the logicaldevices in /dev is an automated process performedby the operating system. It is typically not requiredto move or otherwise re-order these devices. In ahighly dynamic environment where devices areadded and removed, it may be advantageous toclear previous instances of a device from the ODMand /dev directory.

    New devices are added to the system with thecfgmgr command. Logical instances of of devicescan be removed from the system via the rmdevcommand. rmdev simply tells the system to forgetthe device, so unless the physical device is actuallyremoved it will simply be found and re-createdwhen the cfgmgr command is run again (e.g. atnext boot).

    Device support requires that the appropriate

    Get device address of hdisk1getconf DISK_DEVNAME hdisk1orbootinfo -o hdisk1 This is the same information available from

    other commands, just not requiring greping orawking to retrieve this specific data. bootinfois not officially supported as an administrativecommand.

    Get the size (in MB) of hdisk1getconf DISK_SIZE /dev/hdisk1orbootinfo -s hdisk1 Note that a full path to the device is required

    for the getconf version.Find the possible parent devices of hdisk0lsparent -Cl hdisk0 This lists all devices that support that device

    type, not the specific parent of this device. Seethe following lsdev examples for methods offinding parent devices.

    List all child devices of scsi1lsdev -Cp scsi1

  • 21/07/13 6:01 PMAIX QuickStart

    Page 9 of 21

    packages (drivers) are installed for each device.The default AIX install includes support for devicesnot on the system. If a device is newer or aminimal OS install was done then support may notbe included for new devices. In this case thecfgmgr command will flag an error that anunsupported device has been found.

    Device configuration options are stored in the pre-defined device databases of the ODM. Informationabout actual devices are stored in the configureddevice databases of the ODM. These configuredoptions include instances and well as configurationoptions to the devices / drivers.

    The lsdev command is used to list devices in thepredefined and configured device (ODM)databases. The lscfg command is used to displayVPD (Vital Product Data) information about eachdevice. To find all devices the system knows or hasconfigured at one time use the lsdev command. Tosearch for a device by a specific type, class, parentdevice or other complex criteria use the lsdevcommand. To find the serial number or devicespecific identifier of a device use the lscfgcommand.

    List all devices on a systemlsdev lsdev queries the predefined or configured

    databases using the -P and -C flagsrespectively. In this case the -C flag is implied.Addition of the -H option includes columnheader info.

    List all disk devices on a systemlsdev -Cc disk See next example for a list of potential classes

    as arguments to the -c option.List all customized device classeslsdev -Cr class Customized device classes mean that they

    exist (or have existed) on the system. For alist of predefined devices (ones that AIX couldsupport) change the -C option for -P.

    List locations of all hdisks in the systemlscfg -l 'hdisk*' This can be accomplished via the lsdev

    command. The point here is to show the use ofwildcards in a lscfg option.

    Remove hdisk5rmdev -dl hdisk5 The -d option removes the configured device

    entry from the ODM. Unless the device isphysically removed, cfgmgr will bring it back.

    List all disks belonging to scsi1lsdev -Cc disk -p scsi1

    Test if hdisk2 is a child device of scsi2lsdev -Cp scsi2 -l hdisk2 This command will list all devices that meet

    the criteria of being hdisk2 and belonging toscsi2. Either it will list a device or it will not.

    Find the location of an Ethernet adapterlscfg -l ent1

    Find device specific info of an Ethernet adapterlscfg -vl ent1 One key piece of device specific info would be

    the MAC address. This command works forHBAs and other addressed adapters. The*stat commands also tend to returnaddresses, often formatted in a more readablemanner. See the next example for an HBA /with the grep command to isolate the address.

    Find the WWN of the fcs0 HBA adapterlscfg -vl fcs0 | grep Network

    Get statistics and extended information on HBA fcs0fcstat fcs0 Similar *stat commands exist for numerous

    types of devices such as entstat, ibstat,tokstat, fddistat, etc..

    List all MPIO paths for hdisk0lspath -l hdisk0

    Temporarily change console output to /cons.outswcons /cons.out Use swcons to change back.

    Find the slot of a PCI Ethernet adapterlsslot -c pci -l ent0 The lsslot command is used to find cards

    that are hot-swappable. Not all systems willsupport this command.

    Command reference: lsdev, lsparent, lscfg, lsattr,

    chdev, rmdev, cfgmgr, lscons, swcons, fcstat,entstat, ibstat, getconf getconf, lsslot, drslot

    SMIT (System Management Interface Tool)

    SMIT is a system management tool that assists theadministrator with AIX utilities by providing anASCII (curses) / X-Window GUI interface to thosetools. SMIT provides pick lists and menus forcommand line options to AIX tools. The interface isdesigned to aid with recognition of more obscureswitches, provide additional security & accounting,and perform some validation on the input to those

    SMIT can be invoked from the command line usingsmit or smitty. smit will start either the cursesbased version or the X Window version dependingupon the presence of the X Window system.smitty will always start the curses (tty) version.

    Additional information on customizing the SMITinterface can be found on the "Extending SMIT ForCommon Localized Tasks" page.

  • 21/07/13 6:01 PMAIX QuickStart

    Page 10 of 21

    commands. The SMIT interface is not a monolithic binary, but

    an extensible framework of screens that reliesupon underlying OS commands to do the work.Each SMIT screen is stored as a collection of ODMobjects in SMIT specific object classes.

    Stepping through the complex menu system can beavoided by jumping directly to a screen when afastpath is specified when SMIT is invoked. Fastpaths are single word (no spaces) phrases thattypically are the command that will be run in thatscreen. The fast path for the current screen can bedetermined by using the F8 key while in thatscreen.

    Sample fastpaths:mktcpip Initial TCP/IP setuplvm Root of the LVM menusmkuser Screen to add a userpgsp Root of the paging space menus_nfs Root of NFS menussubserver inetd configmpio Root screen for all MPIO operationsetherchannel Root of EtherChannel / 802.3ad memuschgenet Configure paramaters on the ent

    device(s)vlan Root of menus to manage VLAN

    configurationsmkvg Beginning screen to create a new VG

    SMIT will save a script of runnable commands in~/smit.script and ~/smit.transaction as wellas a log of commands run in ~/smit.log. Wheninvoked with the -x switch, SMIT will not run anyof the commands but will write the commands itwould run to ~/smit.script and~/smit.transaction. (Note: With the -x switchSMIT will still run the discovery commands to buildlists and find default/existing values but not theaction commands.)

    Key sequences (for the curses version)

    F3 (Esc-3) Exit current screenF4 (Esc-4) Generate a pop-up list that can be

    chosen fromF6 (Esc-6) List the command that will be runF5 (Esc-5) Reset the field to the original / default

    valueF8 (Esc-8) Show the fast-path tag for this screenF10 (Esc-0) Exit SMIT/phrase Search for phrase in a listn Used to find the next occourence of the

    search phraseTab Used to alternatively select items from a

    "ring" (a short list).

    Symbols that denote field data requirements:

    * This is a required field# This field requires a numeric value/ This field requires a pathX This field requires a hexadecimal number? The data entered will not be displayed+ Data can be retrieved from a list


    The SRC (System Resource Controller) is a processmanager that is used to spawn, monitor, andcontrol services. Many of the standard Unixdaemons are managed via this interface on AIX.

    SRC does not have a persistent "service profile" andtherefore does not comprehend persistence beyondthe current boot. For this reason, it is necessary tofind where the service is started and add orremove the startsrc (service start) commandthere. The most popular locations for this arerc.tcp and inittab.

    SRC controlled processes must be started andstopped via the SRC interface. If a SRC processdies or is killed the srcmstr daemon will re-spawnthat process and log an error to the system errorlog.

    The core process for SRC (srcmstr) is spawnedfrom /etc/initttab. Services that run under SRCcontrol do not leave their process group (ie: have a

    Start the cdromd servicestartsrc -s cdromd There is not a persistent flag for the startsrc

    command. For this service to automaticallystart on the next boot, a change must bemade to one of the system initialization files.In this case, an entry must be made in/etc/initttab.

    Stop the cdromd servicestopsrc -s cdromd

    Send a refresh request to the syslogd servicerefresh -s syslogd This would typically be communicated via a

    HUP signal. Not all SRC controlled processesrespond to a refresh request and may requirea HUP signal.

    Command reference: lssrc, startsrc, stopsrc,

    refresh, srcmstr

  • 21/07/13 6:01 PMAIX QuickStart

    Page 11 of 21

    PPID of 1), but instead, stay children of srcmstr. List the status of the cdromd servicelssrc -s cdromd

    List the status of inetd subserviceslssrc -l -s inetd

    List the status of all members of the NFS grouplssrc -g nfs

    Performance / Kernel / Tuning

    The primary statistics provider for most basicperformance commands on AIX is the Perfstat API/ kernel extension (See/usr/include/libperfstat.h.) This API supportsmost non-trace based performance related tools.

    The trace-based tools (denoted by a "T" in the listbelow) utilize the trace facility. These toolsgenerate significantly more detail than the perfstatbased tools. Unfortunately the level of detailprovided by these tools comes at the expense ofperformance. Caution should be used whenrunning these tools on a production system.

    AIX 6.1 introduced probevue, a lightweightdynamic trace facility that provides trace-likeinsight but with a minimal performance impact.The probevue command utilizes scripts written inthe Vue language to define what events to capturedata on and how to report that data. Additionalinformation can be found on the ProbeVue page.

    With the introduction of Micro-partitions manycommands were modified both to account forperformance statistic gathering in the virtualizedenvironment as well as reporting virtual statistics.When WPARs were introduced many commandswere extended to report per-WPAR or WPARspecific statistics. The WPAR specific options aretypically enabled with the -@ switch. Commands inthe following list that support this option aremarked with the "@" symbol.

    The *o commands (vmo, schedo, no, nfso, raso,ioo, and lvmo) are used to view and set systemrelated tunables. Persistent tunables are saved in/etc/tunables/nextboot. Some persistenttunables are inserted in and set from the BLV(therefore they require that bosboot run to set thevalue for next boot.

    The following is a list of general and lower-levelsystem commands for performance anddiagnostics:atmstat - Show statistics and device details for

    ATM adapterscurt - [T@] CPU Utilization Reporting Tool. A

    trace based tool for monitoring CPUactivity.

    entstat - Show statistics and device details forEthernet adapters

    fcstat - Show statistics and device details forFC HBAs

    fddistat - Show statistics and device details forFDDI adapters

    fileplace - Show fragmentation and block / fs

    splat - [T] Simple Performance Lock AnalysisTool. Provides lock statistics. Must berun on a system booted with lock tracereporting enabled.

    spray - Network load generation tool using aremote sprayd daemon. Requires theRPC daemon (rpc-sprayd) to beregistered.

    svmon - Displays general to detailed reports ofVM usage on the system as a whole orfor individual processes.

    tcpdump - Capture network packets. Packets canbe filtered by type, port, interface,address, or other criteria. Packets canbe captured with detail or in summary.See examples at the end of thenetworking examples section.

    topas - topas is a curses-based, interactive,multi-area, general performancereporting tool. topas is often the firsttool used in a performance tuningexercise. New topas users may finduseful info on the local introduction totopas page.

    tprof - [T@] A trace based profiling tool.truss - Reports syscall, signals, and most

    aspects of system interaction by aprocess.

    uptime - Reports system uptime as well as 1, 5,and 15 minute system load averages.

    vmstat - [@] Report statistics from the virtualmemory subsystem.

    Note: The examples section is not meant to be

    comprehensive or even well representative of theavailable options and performance monitoringmethods. The scope and design of this page doesnot allow for a full treatment of the performancetools. Each section requires a careful selection ofthe command examples and information that is ofuse. This section requires significantly moreabbreviation to fit in a reasonable space. The goalhas been to give a mix of some common examplesalong with some that are slightly atypical.

    Most iterative commands here use two secondintervals. This is done only to make themconsistent when showing the iterative options.

    List processes in ptree-like outputps -T1

  • 21/07/13 6:01 PMAIX QuickStart

    Page 12 of 21

    usage for a file.filemon - [T@] Generate a report of advanced /

    detailed disk statistics that highlightswhere I/O was generated and whatgenerated it.

    gprof - Generate profiling statistics for abinary.

    iostat - [@] Supports I/O statistics on multipledevice types, but used primarily as afirst line disk I/O statistic reportingtool.

    ipcrm - [@] Remove IPC (InterProcessCommunication) semaphores,message queues, and shared memorysegments

    ipcs - [@] List IPC (InterProcessCommunication) semaphores,message queues, and shared memorysegments

    iptrace - Network packet tracing daemon.Results can be viewed with ipreport

    istat - A command line stat() tool. It givessimilar info to ls but in potentiallymore scriptable output.

    kdb - An interactive user-space commandfor viewing kernel structures, memorylocations, tables, etc... from a runningsystem or a dump of the kernel.

    lparstat - [@] Reports per-LPAR statistics -primarily memory and CPU utilization.Also reports virtualization-awarestatistics such as entitlementconsumption and hypervisor calls. TheWPAR flag on this command is -W not-@.

    lvmstat - Reports I/O statistics on VG structures(as opposed to per-disk statistics).Statistics gathering must be enabledwith the -e switch before use.

    mpstat - [@] Reports performance statisticssuch as interrupts, context switches,min/maj faults, system calls, andprocessor affinity.

    netpmon - [T@] Reports detailed network,socket, and NFS related statistics overan interval.

    netstat - [@] Show networking status forTCP/UDP through physical layers.

    pmcycles - A tool to measure actual CPU speed(presumably for CPUs that may gointo power save).

    pprof - [T@] Reports detailed statistics onkernel threads.

    probevue - Lightweight dynamic tracing tool thatutilizes the Vue language. AdditionalProbeVue resources are availablelocally on the ProbeVue page.

    ps - [@] List processespstat - Show the contents of several system

    List all file opens for the ls processtruss -topen ls

    List all file opens for a running PIDtruss -topen -p 274676 274676 is simply a PID that was active on the

    system when I created the example.List all open files for a running PIDprocfiles -n 274676

    List all memory segments for a running PIDsvmon -P 274676

    Get a filename for an inode from previous resultsncheck -i 1041 /dev/hd4 Once again, this example is of a local (to this

    system) inode value. In this case svmonreturned the inode and filesystem of the file -the actual filename was desired.

    Enable advanced statistics gathering on VG datavglvmstat -v datavg -e Use -e to enable, -d to disable.

    Monitor network throughput for ent0while [ 1 ] ; do entstat -r ent0 | grepBytes ; sleep 2 ; done First column is transmit and second is receive.

    This is a non-curses based example, see thenext example for a topas based solution.

    Monitor network throughput for all interfacestopas -E

    Paging - in usesvmon -i 2 The -i 2 parameter tells to iterate every two

    seconds.Paging - activityvmstat 2

    Show top-like CPU usage by processtopas -P

    Show system wide CPU usagempstat 2

    Get NFS server statisticswhile [ 1 ] ; do nfsstat -s ; sleep 2 ;done

    Generate CPU loaddd if=/dev/random of=/dev/null

    List I/O stats organized by adapteriostat -a 2

    Get extended I/O stats on just two disksiostat -D hdisk0 hdisk1 2

    List I/O stats by file systemiostat -F 2 Not supported on 5.3

    Show network statistics for interfacesnetstat 2

  • 21/07/13 6:01 PMAIX QuickStart

    Page 13 of 21

    tables from a core file or active kernel.rmss - Tool to simulate a reduced memory

    footprint for an application. Runningthe LPAR with reduced memory maybe a more popular alternative to thiscommand.


    The ODM (Object Data Manager) is a databasestore for system information on AIX. The ODM isprimarily used for system items such as deviceinstances and the configuration options for thosedevices but may also be used for applications suchas SMIT.

    The ODM is a collection of object classes (files) thatare primarily in /etc/objrepos but also stored in/usr/lib/objrepos, /usr/share/lib/objreposand the BLV. The copy and/or location of the ODMto use is specified either by an application or theODMDIR / ODMPATH environmental variables. Forexample, the SMIT screens are stored in objectclasses in /usr/lib/objrepos but can be stored inan alternate ODM source. See the "Extending SMIT For Common

    Localized Tasks" page for info on using analternate ODM source for SMIT.

    While applications can create object classesanywhere they wish, the system object classesprimarily exist in the three directories listed in theprevious point. This is done to separate data basedupon the type of filesystem it is in. Data that isspecific to a system is stored in /etc/objrepos.Platform specific data that can be shared acrosssystems (such as a network boot) is stored in/usr/lib/objrepos. Platform independent datathat can be share across systems is stored in/usr/share/lib/objrepos. One example of this isthe lpp object class that exists in all threelocations. The lslpp -l will query each of theseobject classes and display each in its own group.

    The primary benefits of the ODM is that it storescomplex data, enforces data types on that data,and provides a rich API / set of command lineutilities to access it. The API supports locking thatinsures a view consistency that is not guaranteedwith flat files.

    When mapping ODM to database concepts, an ODMobject class is the equivalent of a database table,and is implemented as one or more files. An ODMobject would be a row in that table. An objectdescriptor would be the equivalent of a databasecolumn definition.

    The ODM supports relations in the form of the "link"data type. It does not allow for joins of the data,nor does it enforce referential integrity duringinserts. The ODM does not enforce a primary key,specifically the unique constraint of a key. For thisreason, it is possible to have duplicate objects in aobject class.

    ODM command line tools:odmget Query data from an ODM object class.

    Specific queries are supported with the -q

    Object classes are implemented as one or two filesdepending upon the data types used in thedefinition of the object class. The primary file hasthe same name as the object class. An optional fileending in .vc is used for variable length and multi-byte nchar data. The ODM data files are notrecognized by the file command so I haveincluded a sample MAGIC for both file types.

    0 long 0x000dcfac ODM data file0 long 0x000caa1c ODM variable datafile

    MAGIC entries for ODM files

    Many introductions to the ODM use typicaldatabase examples to show how data is stored andretrieved. While this is useful for understanding thestructure of an object class it is counter-productivein that it masks what is really stored in the ODM.Another method of learning the ODM is to use thetruss-query method. This means that you wrap acommand in truss (truss -topen) to capture thefile opens, then query the resulting object classesfor the data they contain.

    The ODM command line tools work on two differentformats of input/output from the object classes.The structure of the object classes are defined in asyntax that is very similar to a C struct. Actualobject data is structured in a stanza format.

    class my_object_class { short descriptor1; short descriptor2; vchar text[1024];};

    Example of odmcreate/odmshow struct. (Nonsensical tablewith two short int(eger)s and a string.)

    CuAt: name = "inet0" attribute = "hostname" value = "mumbai" type = "R" generic = "DU" rep = "s" nls_index = 24

    Example of odmadd/odmget stanza syntax. (Actual outputfrom a system.)

    Steps to shrink an ODM object class called "Bloat"odmshow Bloat > Bloat.definitionodmget Bloat >

  • 21/07/13 6:01 PMAIX QuickStart

    Page 14 of 21

    option, but it is not possible to limitresults to specific "columns" without usinganother command like grep. If the querystring is omitted, then all data will bereturned. (This is an effecive way to backup the data from the object class.) Thedata will be returned in theodmadd/odmget stanza format.

    odmadd Insert data into an ODM object class. Thedata must be in the odmadd/odmgetstanza format. Because null values are notallowed, all "columns" must be filled withappropriate data.

    odmchange Change data in an ODM object class. Aquery syntax allows the user to specify alimited set of objects (rows). The datachanged is specified in a odmadd/odmgetstanza format. The stanza file does notneed to be complete as only thedescriptors (columns) present in thestanza file will be changed in eachmatched object.

    odmcreate Creates an ODM object class based uponan odmcreate/odmshow "struct" file. TheODM file will be created in the defaultdirectory. Existing object classes with thesame name will be overwritten withoutwarning.

    odmdelete Will delete objects (rows) from an ODMobject class. The -q query syntax issupported to limit the objects deleted. Ifthe query is omitted, all items will bedeleted. Selective delete operations canlead to bloated object class files.

    odmdrop Deletes an entire ODM object class. Allobjects (rows) and the object class itselfwill be deleted. All object class files aredeleted. Future queries to this object classwill fail.

    odmshow Create a odmcreate/odmshow structoutput based upon the description of theODM object class. The results will defineeach descriptor (column) in the objectclass (table) as well as have other datarelated to the current contents of theobject class in comment format. Thisoutput can be used to re-create an emptyobject class using the odmcreatecommand.

    odmcreate Bloat.definitionodmadd odmshow saves the table definition. odmget

    saves the table data. odmcreate re-creates thetable. odmadd restores the data. This is not apopular task on AIX. The example here ismore to relate the purposes of the commandsand give some insight into how they can beused.

    Determine the ODM files opened by lsattrtruss -topen lsattr -El inet0

    Query CuAt for the inet0 configodmget -o CuAt -q name=inet0

    The SMIT customization page has more ODM

    command examples. Command reference: odmget, odmadd,

    odmchange, odmcreate, odmdelete, odmdrop,odmshow

    Software Management

    A fileset is the smallest manageable component inthe LPP (Licensed Program Product) hierarchy. Apackage is a collection of related filesets. An LPP isa group of packages that tend to fall within oneproduct type, such as "bos" - the base operatingsystem.

    Filesets are divided by what part of the system theyinstall to. This is either "root", "usr", or "share".These divisions are determined by install locationas well as platform dependence / independence.Use the lslpp -O flag with r, u, or s options to listfilesets from only one location. (Additionaldiscussion of this is found in the ODM section andthe three separate lpp ODM data stores - one foreach fileset install location.)

    Most administrators perform installs via the SMIT or

    List all software packages on /dev/cd0installp -l -d /dev/cd0 It is not necessary to explicitly mount

    /dev/cd0. The installp command will do itautomatically. None of the examples using/dev/cd0 (including SMIT) in this sectionrequire the explicit mounting of the CD/DVDROM.

    List the software in the default repository locationinstallp -ld /usr/sys/inst.images

    List all RPM packages on the systemrpm -qa

    List all files in the installed gcc RPMrpm -ql gcc-4.2.0-3

    List all filesets that are applied, and can becommitted or rejected

  • 21/07/13 6:01 PMAIX QuickStart

    Page 15 of 21

    NIM methods. SMIT is most popular for simpleone-off installs and smaller environments. Use ofinstallp directly from the command line issignificantly more complex than SMIT or NIM.

    The most popular SMIT fast paths areinstall_latest and update_all. The install fastpath requires that a package repository bespecified on the first screen then presents the userwith a screen of install options to include the optionto browse and select from the supplied repository.

    Bundles are simply formatted lists of packages tobe installed as a unit. Bundle files are stored locallyin /usr/sys/ and/usr/sys/ Bundles canbe installed using the smitty easy_installcommand.

    Filesets can be installed in the applied or committedstates. Applied filesets retain previous versions andcan be rolled back to the previous version(rejected). The first version of a fileset installed ona system is always committed.

    SUMA (Service Update Management Assistant) is amethod to automate the retrieval of systemupdates from the Internet.

    List all installed filesets separated by filesystem typelslpp -l

    List all installed filesets with combined filesystem infolslpp -L Adding the -c option will make this output

    scriptable in that it will be colon delimited. Seethe next example.

    List just the filesets on a systemlslpp -Lc | cut -d : -f 2

    List all files in the bos.mp64 filesetlslpp -f bos.mp64

    List all files in the root part of bos.rte.shelllslpp -Or -f

    List what known fileset provides kshwhich_fileset ksh

    List the installed fileset that provides /usr/bin/kshlslpp -w /usr/bin/ksh *ksh* would have worked, but more results.

    installp -sList packages on media in /dev/cd0gencopy -Ld /dev/cd0

    Copy contents of CD to local directorygencopy -d /dev/cd0 -t /proj/instsrc \ -UX all

    Copy contents of CD to default local directorygencopy -d /dev/cd0 -UX all

    Download AIX 5.3 TL10 updates to local repositorysuma -x -a Action=Download \ -a RqType=TL -a RqName=5300-10 The updates will be placed in the default local

    repository in /usr/sys/inst.images.Install the mkinstallp toolinstallp -acgXYd /usr/sys/inst.images \ bos.adt.insttools The options are:

    -a Apply-c Commit-g Install prerequsites-X Extend filesystems if necessary-Y Agree to licenses-d Specify a sourcebos.adt.insttools pagkage to install

    Backup the rootvgmksysb -eivX /mnt/bombay.mksysb The options are:

    -e Exclude files listed in /etc/exclude.rootvg-i Create an / file-v List files as they are backed up-X Extend /tmp if necessary/mnt/bombay.mksysb The file to create

    As this command will back up all mountedfilesystems in rootvg it is necessary toaccount for the potential size of this file. Theroot user has a file size limit (fsize) and can betemporarily disabled with ulimit -funlimited

    Command reference: installp, inutoc, lslpp, emgr,

    gencopy, suma, mksysb

    Users / Groups

    AIX users and groups have an administrativeattribute that determines who can make changesto that user or group. Only the root user (orequivalent RBAC role) can modify a user or groupthat has the admin attribute set. Regular, non-admin accounts, may be modified by members ofthe security group. Non-admin groups can havegroup administrators (that are not part of thesecurity group) that can modify the groupmembers.

    The following is a table that represents how theadmin attribute of a user/group effects who canmodify that item: admin

    attribute =rootuser


    users on the groupadms list

    user true Yes No N/Afalse Yes Yes N/A

  • 21/07/13 6:01 PMAIX QuickStart

    Page 16 of 21

    group true Yes No No

    false Yes Yes Yes

    RBAC (Role Based ACcounting) is a natural

    maturation from using simple SUID/SGID binariesto a more granular method of granting privileges tousers to accomplish tasks. Legacy RBAC wasintroduced in AIX 4.2.1, and was upgraded toEnhanced RBAC in AIX 6.1. This document refersto the Enhanced version of RBAC and onlymentions Legacy RBAC in contrast whereappropriate.

    Legacy RBAC was a simplified method to divide roottasks into groups and give non-root users ability toperform those tasks. This was done with traditionalSUID/SGID applications that then checked to see ifthe user was assigned the privilege before the taskwas attempted. As a result, it required specializedbinaries that were potentially open to exploitbecause the processes they spawned still hadeffective root access. The benefit was the moregranular division of responsibilities that RBACpromises. Unfortunately, Legacy RBAC was notsufficient to change many administrator's minds onthe use of root for all tasks administrative.

    Enhanced RBAC does not rely upon SUID/SGIDapplications but instead allows for granularpermissions based upon the users role membershipand only the permissions required to complete thetask. The kernel only allows authorizations to non-root users for very specific actions instead ofrelying on the application code to grant thataccess.

    A user is assigned a role that aligns with anadministrative task such as the ability to restart (orshutdown) the system. The role is a groupingmethod that defines all authorizations that arerequired to accomplish that type of task.Commands, files, and devices are added to priv*files that define what authorizations are required toperform that specific task or access that file /device. When a command is run, the requiredauthorizations are checked against theauthorizations assigned to roles for the userrunning the command. If the user lacks sufficientaccess then permission is denied.

    The following table lists the key configuration filesin the Enhanced RBAC system, the commands usedto access/modify those files and what the files arefor.user.roles chuser


    Provides a mapping betweenexisting users and existingroles - both of which aredefined elsewhere.

    roles chrolemkrolelsrolermrole

    Defines roles as either agroup of authorizations or ofsub-roles.

    authorizations mkauthchauthlsauthrmauth

    Defines user createdauthorizations. Systemauthorizations are definedelsewhere.

    privcmds setsecattrlssecattr

    Lists all authorizations thatare required for a command

    Relationship between RBAC files.

    Create an admin group called wfavorit with GID 501mkgroup -a id=501 wfavorit

    List the attributes of the just-created group wfavoritlsgroup wfavorit

    Create an admin user called wfavorit with UID 501mkuser -a id=501 shell=/usr/bin/ksh \home=/home/wfavorit pgrp=wfavorit \wfavorit

    Set the password for user wfavorit (run as privilegeduser)pwdadm wfavorit or passwd wfavorit

    Add wfavorit as member of the security groupchgrpmem -m + wfavorit security

    Make a group with wfavorit as the adminmkgroup adms=wfavorit favorite

    Make wfavorit an administrator of the proj groupchgrpmem -a + wfavorit proj

    List all users on the systemlsuser -a ALL The -a switch lists specific attributes, but in

    this case it is empty and only the user namesare displayed. See other lsuser examples inthis section for other uses of the -a switch.

    List all admin users on the systemlsuser -a admin ALL | grep =true

    List attributes for user wfavorit in a stanza formatlsuser -f wfavorit

  • 21/07/13 6:01 PMAIX QuickStart

    Page 17 of 21

    rmsecattr to complete its task.privfiles setsecattr


    Lists all authorizations thatare required to read or writeto a file.

    privdevs setsecattrlssecattrrmsecattr

    Lists all authorizations thatare required to read or writeto a device.

    The user environmental variables are stored in/etc/environment and /etc/security/environ.The variables set in /etc/environment are givento all users and processes while the settings in/etc/security/environ are per-user.

    User limits are set for login processes from the/etc/security/limits file. The chuser commandcan be used to modify this file.

    The default options for the mkuser command arestored in /usr/lib/security/mkuser.default.

    The /etc/security/passwd file is the shadowpassword file.

    The last command returns login information forthe system (from the /var/adm/wtmp file. The/etc/security/lastlog file contains per-userinformation on each users login attempts.

    List login history for user wfavoritlast wfavorit

    List the fsize ulimit for user wfavoritlsuser -a fsize wfavorit

    Change the file size ulimit to unlimited for wfavoritchuser fsize=-1 wfavorit

    List all groups and their IDslsgroup -a id ALL

    List all members of the favorite groupchgrpmem favorite

    User / Group admin command reference: mkuser,

    chuser, rmuser, lsuser, pwdadm, mkgroup,chgroup, rmgroup, lsgroup, chgrpmem, usrck,grpck, pwdck

    RBAC command reference: setkst, chrole, mkrole,lsrole, rmrole, mkauth, chauth, lsauth, rmauth,ckauth, setsecattr, lssecattr, rmsecattr

    User command reference: users, w, who, whoami,whodo, id, chsh, passwd, setgroups, ulimit,setsenv, last, finger

    OtherBoot Process

    The normal numbers represent what you see as thestep begins. The red numbers are error codeswhen that command / step fails. This is not acomplete list of error codes. A more complete setcan be found in Diagnostic Information for MultipleBus Systems.

    Power onHardware initializationRetrieve bootlist from NVRAMLocate BLV and load into memory 20EE000BKernel initializes and mounts RAM FSPhase 1 (rc.boot 1)

    RAM FS is resized Logging begins restbase copies ODM to RAM FS 548

    cfgmgr configures base devices inODM510

    bootinfo determines boot device 511,554Phase 2 (rc.boot 2)

    ipl_varyon varies on rootvg 551,552,554,556 fsck of / 517,555 mount of / 517,557 fsck & mount of /usr 517,518 fsck & mount of /var 517,518 copycore, umount /var 517 swapon /dev/hd6 517

    RAM FS version of ODM copied to/etc/objrepos517

    cfgcon configures console c31

    (cfgcon exit codes. c33 is assumed here) c32, c33, orc34 System hang detection is started c33 Graphical desktop is (optionally) started savebase updates ODM copy on BLV 530 syncd & errdemon started System LED is turned off rm -f /etc/nologin Start several optional services log: "System initialization completed"

    Phase 3 complete, init continuesprocessing inittab The previous boot process listing is for a normal

    disk boot. This will vary for network, tape, and CDboots. Read the contents of /sbin/rc.boot forspecifics on each boot device method and type(normal or service).

    The boot order is stored in NVRAM. The settings areset and retrieved using the bootlist command.

    The BLV (Boot Logical Volume) is /dev/hd5. It iscreated / updated with the bosboot command.

    bosboot updates the boot record at the start of thedisk, copies the SOFTROS from/usr/lib/boot/aixmon.chrp, copies thebootexpand utility, copies the kernel from /unix,creates a copy of the RAM FS from the list of filesin /usr/lib/boot/chrp.disk.proto, and createsa base ODM.