Professional Documents
Culture Documents
-1-
-2Table of Contents
-3-
-4-
-5-
-6-
-7-
get the power disk LUN ID's and appropriately create the VG from the disks.
OR
#smitty tuning
Tuning Network & Kernel Parameters
Move cursor to desired item and press Enter.
Save/Restore All Tuning Parameters
Tuning Scheduler & Memory Load Control Parameters
Tuning Virtual Memory Manager, File System and Logical Volume Manager Params
Tuning Network Option Parameters
Tuning NFS Option Parameters
Tuning IO Parameters
Tuning RAS Parameters
-8-
Configuring Asynchronous IO
Following are the parameters that need to be tuned to configure the System to us Asynchronous IO.
maxreqs
Purpose: Specifies the maximum number of asynchronous I/O requests that can be outstanding at any one time.
Values: Default: 4096; Range: 1 to AIO_MAX (/usr/include/sys/limits.h)
To Display: lsattr -E -l aio0 -a maxreqs
To Change: chdev -l aio0 -a maxreqs=NewValue Change is effective after reboot and is permanent.
Tuning: This includes requests that are in progress, as well as those that are waiting to be started. The maximum
number of asynchronous I/O requests cannot be less than the
value of AIO_MAX, as defined in the /usr/include/sys/limits.h file, but can be greater. It would be appropriate for a
system with a high volume of asynchronous I/O to have a maximum number of asynchronous I/O requests larger
than AIO_MAX.
maxservers
Purpose: Specifies the maximum number of AIO kprocs per processor.
Values: Default: 10 per processor
Display: lsattr -E -l aio0 -a maxservers
Change: chdev -l aio0 -a maxservers=NewValue Change is effective after reboot and is permanent.
Tuning: This value limits the number of concurrent asynchronous I/O requests. The value should be about the same
as the expected number of concurrent AIO requests.
minservers
Purpose: Specifies the number of AIO kprocs that will be created when the AIO kernel extension is loaded.
Values: Default: 1
Display: lsattr -E -l aio0 -a maxservers
Change: chdev -l aio0 -a minservers=NewValue Change is effective after reboot and is permanent.
Tuning: Making this a large number is not recommended, because each process takes up some memory. Leaving
this number small is acceptable in most cases because AIO will create additional kprocs up to maxservers as
needed.
-9Paging Space
Raw LV Creation
After the LUN's from Storage have been assigned and are visible to the host,
Create a Volume Group.
Say vg20d has been created.
To create the raw device,
#mklv -t raw -y vg20d_8192m_01 vg20d 8192M
After creating the raw LV,
give the LV ownership to oracle:dba
#chown oracle:dba /dev/rvg20d_8192m_01
- 10 -
01/30/09
%usr
0
0
Average
%sys
0
0
0
100
0.02
0.3
Conclusion: The Server has been assigned 7 Physical Processors,14 Virtual Processors and with smt
enabled, the count becomes 28
i.e entitlement is the Actual Physical Processors assigned to the Partition.
What prtconf shows is the Virtual CPU's
Average
0
0
0 100 0.02
0.3
PowerPath Device
PowerPath Device
PowerPath Device
PowerPath Device
Taking an OS Backup/mksysb
#nohup mksysb ievX /dev/rmt0 &
OR
#smitty mksysb
- 11 -
[]
no
no
no
no
yes
no
no
yes
[]
- 12 -
.
.
.
Note:
Client
= NIM Client
Master Server = NIM server
On the Client,
#cd /
#mkdir backupfs
#cd backupfs
#mkdir logs
#chmod R 777 /backupfs
create a /backupfs mount point on the Master Server, spacious enough to store the mksysbs of a sufficient no. of
clients.
On the Client,
Mount the Master Servers /backupfs mount point onto the Clients /backupfs directory
#mount 10.77.8.102:/backupfs /backupfs
#nohup mksysb -i -e -X /backupfs/`hostname`_`date +"%d-%h-%y"` > /backupfs/logs/`hostname`_`date +"%d-%h%y"`.log &
After this is done,
Verify the logs directory (/backupfs/logs) which would show the mksysb Completion logs on the Master Server.
Eg:
more /backupfs/logs/UPSSUATAPP_Jan-27-2009.log
Creating information file (/image.data) for rootvg.
Creating list of files to back up..
Backing up 48454 files...............
48454 of 48454 files (100%)0512-038 mksysb: Backup Completed Successfully.
Pre-Restart Activities
Before Restarting the Server,
The following steps need to be performed
(a) Check if the root Volume Group is mirrored,
# lsvg rootvg -l
rootvg:
LV NAME
TYPE
hd5
boot
1
hd6
paging 2
hd8
jfs2log 1
hd4
jfs2
12
hd2
jfs2
20
hd9var
jfs2
16
hd3
jfs2
16
hd1
jfs2
16
hd10opt
jfs2
16
lg_dumplv
sysdump
fslv00
jfs2
280
LPs
2
4
2
24
40
32
32
32
32
8
280
- 13 -
jfs2
280 280 1 open/syncd /postscript
jfs2
280 280 2 open/syncd /data1
paging 32
32
1 open/syncd N/A
bootlist m normal o
hdisk0 blv=hd5
hdisk1 blv=hd5
i.e if PPs is double the LPs and if the blv is updated on both the disks, the rootvg is mirrored.
(b) Take the LVM Configuration backup.
for i in `lsvg -o`
do
lsvg rootvg|grep "VOLUME GROUP"|awk '{print $1,$2,$3}'
rootvg
lsvg $i -p
lsvg $i -l
done
- 14 -
- 15 -
Auto Negotiation/1000_Full
Yes
tp
Yes
#twisted pair
ssh Installation
The following packages need to be installed
#smitty installp from the
AIX Toolbox for Linux Applications CD & the Expansion Pack (Expansion Pack required only for pre-5.8 AIX)
openssl-0.9.7g-1
openssl-devel-0.9.7g-1
openssl-doc-0.9.7g-1
openssh.base.client
openssh.base.server
openssh.license
openssh.man.en_US
openssh.msg.en_US
- 16 -
Patch installation
Applying a patch
#smitty installp
Updating the Service Pack level #smitty update_all
OR
ssh-keygen Generation
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_dsa.
Your public key has been saved in //.ssh/id_dsa.pub.
The key fingerprint is:
e7:c8:05:9c:b6:f1:79:72:a3:6c:9d:70:ee:51:94:bb root@EBBP-VIEW
create a authorised_keys file in a .ssh directory in the home directory of the user that you wish to ssh to,without a
password
To establish the link on the Switch after connecting the fiber cables from the
Storage
# chdev -P fcs0
fcs0 Defined
# chdev -l fcs0 -a init_link=pt2pt
- 17 -
- 18 -
- 19 -
- 20 -
- 21 -
12288 MB
or
# cat /var/adm/syslog/syslog.log |grep -i Phy
Nov 20 16:44:59 NDCRP1V6 vmunix:
Nov 20 16:44:59 NDCRP1V6 vmunix:
11070196 Kbytes
physical page size = 4096 bytes, logical page size = 4096 bytes
Physical: 12582912 Kbytes, lockable: 9636284 Kbytes, available:
12299.0 MB
123019.1 KB
260072.5 KB
206876.7 KB
453451.1 KB
2468390 at 4 KB/page
24576 MB
332 MB
Check processor
#
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
processor
or
0 0/10
1 0/11
2 0/12
3 0/13
4 0/14
5 0/15
6 0/16
7 0/17
8 1/10
9 1/11
10 1/12
11 1/13
12 1/14
13 1/15
14 1/16
15 1/17
16 2/10
17 2/11
18 2/12
19 2/13
20 2/14
21 2/15
22 2/16
23 2/17
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
processor CLAIMED
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
PROCESSOR Processor
- 22 -
24
- 23 -
- 24 -
- 25 -
#ps -ef|grep ntp ( checking ntp deamon has started or not if the service is not started )
#/sbin/int.d/xntpd start
#ps -ef |grep cron ( check cron deamon has started or not if not need to start the cron)
#/sbin/init.d/cron start
#cat /etc/services
#cat /etc/hosts ( checking the host entris)
#hostname ( checking the hostname)
#ifconfig lan0 ( checking the ip address )
#netstat -rn ( checking the gateway)
#ls -lrt / ( checking the ownership)
Note: After checking all the above steps we will inform to DBA team to start the database
Set Parameter
(Note: Before changing the parameter take the backup of vmunix and build)
#kmtune (To check all OS parameter)
#kmtune |grep nfile
Need to check weather the parameter is static or dynamic, if the parameter is static reboot is required.
- 26 -
8122 - 8122
256 - 1024
Where 1024 is the new parameter, it will get effect in the next reboot
then build the new kernel
#mk_kernel
#kmupdate ( need to take reboot)
Ignite backup
#make_tape_recovery -A -v -I -a /dev/rmt/0mn
To check the status
#cd /var/opt/ignite/recovery/latest
- 27 -
#cat recovery.log
12/26/08 14:56:47 IST Started make_tape_recovery.
Password Reset
Note : To reset the password user has to take approval from his respective manager
Login to all servers checking root and /var mount paint usage,
if root is above 80% or 90%, need to check any directory is mounted on /,
#df -k * |sort -n ( To sort the size of directories in assending order
If /var is crosing 80% or 90%
# cd /var
#du -sk * |sort -n
# cd mail
(Delete users old mail if the size is more than 1 or 2 gb)
After taking backup of wtmp, syslog and cronlog ( make empty)
If you make syslog file empty excecute the below command
#kill -HUP syslogd ( To refresh the syslogd deamon)
- 28 -
02
( total size in kb) ( used size in kb) ( available size in kb) ( usage in %) /data01
- 29 -
User creation
( Users has to send the user creation form with there respective managers approval)
#useradd -md /home/oracle oracle ( to create the oracle user under /home)
#usermod -g dba oracle ( changing the oracle user group)
#passwd oracle ( To set password to oracle user)
Hardware issues (will log a call with hp with serial number and model)
#parstatus |grep -i serial ( To check the serial number)
#model ( Check the model)
hostname
:wq
Making the new port entry in /etc/services as per the application request.
(Approval is required)
- 30 -
CRON access
#vi /var/adm/cron/cron.allow
oracle
:wq
#ps -ef |grep cron
root 2085 1 0 Jan 24 ?
1:16 /usr/sbin/cron
root 627 9253 1 17:47:18 pts/4 0:00 grep cron
#
#top
#glance -d
or
#top -d
#glance -c
or
#top -w
Linux Activities
- 31 -
- 32 -
shared
0
buffers cached
30
2209
Check Processor
#dmidecode -q |egrep -i 'Socket Designation: Node '
Socket Designation: Node 1 CPU 3
Socket Designation: Node 1 CPU 1
Socket Designation: Node 1 CPU 2
Socket Designation: Node 1 CPU 4
Socket Designation: Node 2 CPU 3
Socket Designation: Node 2 CPU 1
Socket Designation: Node 2 CPU 2
Socket Designation: Node 2 CPU 4
or
# cat /proc/cpuinfo | grep 'processor' | wc l
32
- 33 -
- 34 -
#uptime
# service ntpd status (checking ntp deamon has started or not if the service is not started)
#/service ntpd start
#service crond status ( check cron deamon has started or not if not need to start the cron)
#/service crond start
#cat /etc/services
#cat /etc/hosts ( checking the host entris)
#hostname ( checking the hostname)
#ifconfig a eth0 ( checking the ip address )
#netstat -rn ( checking the gateway)
#ls -lrt / ( checking the ownership)
Note : After checking all the above steps we will inform to dba team to start the database
- 35 -
Password reset
Note : To reset the password user has to take approval from his respective manager
Login to all servers checking root and /var mount paint usage,
if root is above 80% or 90%, need to check any directory is mounted on /,
#df -k * |sort -n ( To sort the size of directories in assending order
If /var is crosing 80% or 90%
# cd /var
#du -sk * |sort -n
# cd /var/spool/mail
(Delete users old mail if the size is more than 1 or 2 gb)
After taking backup of wtmp, syslog and cronlog httplogs (accesslog and errorlog ) ( make empty)
If you make syslog file empty excecute the below command
#service syslogd restart ( To refresh the syslogd deamon)
13 File system create ( If the os is fresh)
# fdisk l To check free disk
#pvcreate /dev/sdb /dev/sdc /dev/sdd ( where /dev/sdb,sdc disk)
#pvdisplay or pvs To check PV
#vgcreate vg0 /dev/sdb /dev/sdc /dev/sdd
#vgdisplay
#lvcreate L +10240M n lv01 vg0
#lvdisplay
#mkfs t ext3 /dev/vg0/lv01
#mkdir /oracle
#mount /dev/vg0/lv01 /oracle
#df
Edit /etc/fstab and add mount point entry
/dev/vg0/lv01 /oracle ext3 defaults
Save and quit
12
- 36 -
User Creation
( Users has to send the user creation form with there respective managers approval)
#useradd -md /home/oracle oracle ( to create the oracle user under /home)
#usermod -g dba oracle ( changing the oracle user group)
#passwd oracle ( To set password to oracle user)
Hardware issues (will log a call with hp with serial number and model)
#demidecode |grep -i System Information (To check the serial number/model)
hostname
:wq
Making the new port entry in /etc/services as per the application request. ( approval is required)
- 37 -
CRON access
#vi /etc/cron/cron.allow
oracle
:wq
#service crond status
- 38 -
- 39 -
Check Processor.
# psrinfo -v OR #psrinfo
Status of virtual processor 0 as of: 01/31/2009 00:00:25
0
on-line since
01/20/2009 10:15:10
on-line since 01/20/2009 10:15:10
on-line since 01/20/2009 10:15:10.
2
on-line since
01/20/2009 10:15:10
on-line since 01/20/2009 10:15:08
The sparcv9 processor operates at 1593 MHz, and has a sparcv9 floating point processor.
Status of virtual processor 1 as of: 01/31/2009 00:00:25
on-line since 01/20/2009 10:15:10.
The sparcv9 processor operates at 1593 MHz, and has a sparcv9 floating point processor.
Status of virtual processor 2 as of: 01/31/2009 00:00:25
on-line since 01/20/2009 10:15:10.
The sparcv9 processor operates at 1593 MHz, and has a sparcv9 floating point processor.
Status of virtual processor 3 as of: 01/31/2009 00:00:25
on-line since 01/20/2009 10:15:08.
The sparcv9 processor operates at 1593 MHz, and has a sparcv9 floating point processor.
- 40 -
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
svc:/system/coreadm:default
svc:/system/device/fc-fabric:default
svc:/system/picl:default
svc:/milestone/devices:default
svc:/system/power:default
svc:/system/cryptosvc:default
svc:/network/initial:default
svc:/system/manifest-import:default
svc:/network/service:default
svc:/application/print/ppd-cache-update:default
svc:/milestone/single-user:default
svc:/system/filesystem/local:default
svc:/system/cron:default
svc:/system/sysidtool:net
svc:/application/psncollector:default
svc:/application/font/fc-cache:default
svc:/network/routing-setup:default
svc:/network/rpc/bind:default
svc:/network/nfs/status:default
svc:/system/sysidtool:system
svc:/network/nfs/cbd:default
svc:/network/nfs/mapid:default
svc:/network/nfs/nlockmgr:default
svc:/milestone/sysconfig:default
svc:/application/stosreg:default
svc:/system/sac:default
svc:/network/inetd:default
svc:/application/sthwreg:default
svc:/system/utmp:default
svc:/system/console-login:default
svc:/application/management/wbem:default
svc:/network/rpc/gss:default
svc:/network/rpc/meta:default
svc:/application/x11/xfs:default
svc:/application/font/stfsloader:default
svc:/network/nfs/client:default
svc:/network/rpc/rstat:default
svc:/network/rpc/cde-calendar-manager:default
svc:/network/rpc/cde-ttdbserver:tcp
svc:/network/rpc/smserver:default
svc:/network/rpc/mdcomm:default
svc:/network/rpc/metamed:default
svc:/network/rpc/metamh:default
svc:/network/rpc/rusers:default
svc:/network/cde-spc:default
svc:/network/security/ktkt_warn:default
svc:/system/filesystem/volfs:default
svc:/network/telnet:default
svc:/network/nfs/rquota:default
svc:/network/ftp:default
svc:/system/filesystem/autofs:default
svc:/network/finger:default
svc:/network/login:rlogin
svc:/network/shell:default
svc:/network/rpc-100235_1/rpc_ticotsord:default
svc:/network/stdiscover:default
svc:/network/stlisten:default
svc:/network/fs/tcp:default
svc:/system/system-log:default
svc:/system/dumpadm:default
svc:/network/smtp:sendmail
svc:/application/management/seaport:default
- 41 -
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_20
Jan_27
Jan_27
Jan_27
Jan_27
Jan_20
Jan_20
svc:/system/mdmonitor:default
svc:/network/ssh:default
svc:/application/management/snmpdx:default
svc:/application/management/sma:default
svc:/application/management/dmi:default
svc:/system/fmd:default
svc:/milestone/multi-user:default
svc:/application/cde-printinfo:default
svc:/application/graphical-login/cde-login:default
svc:/milestone/multi-user-server:default
svc:/system/zones:default
svc:/system/basicreg:default
svc:/system/webconsole:console
svc:/network/nfs/server:default
svc:/network/bpcd/tcp:default
svc:/network/vnetd/tcp:default
svc:/network/vopied/tcp:default
svc:/network/bpjava-msvc/tcp:default
svc:/application/print/ipp-listener:default
svc:/application/print/rfc1179:default
disable -t network/ssh:default
enable -t network/ssh:default
restart network/ssh:default
refresh network/ssh:default
For Other than Solaris 5.10 Like Solaris 5.7 , 5.8 , 5.9 Version OS.
To start & stop Service.
# /etc/init.d/sshd stop
# /etc/init.d/sshd start OR
# /etc/init.d/sshd stop; /etc/init.d/sshd start
# kill -HUP `cat /var/run/sshd.pid` -------------------> To refresh the sshd service
# cat /etc/services
---------------------------------> the service configuration file
# cat /etc/hosts -------------------------------------> ( checking the host entris)
# hostname -------------------------------------------> ( checking the hostname)
# ifconfig -a -------------------------------------------> (To Check the Network Interfaces)
Check gateway
# netstat -rn
- 42 -
- 43 -
User creation
( Users has to send the user creation form with there respective managers approval)
# useradd -md /home/oracle oracle ( to create the oracle user under /home)
# usermod -g dba oracle ( changing the oracle user group)
# passwd oracle ( To set password to oracle user)
CRON Access
# vi /etc/cron.d/cron.allow
oracle
root
:wq!
- 44 -
Performance Issue
# sar -d 1 5 (To check which disk is busy.)
("1" is time interval between each of "5" outputs.)
# sar 1 5 (To check cpu utilisation.)
# vmstat 1 5 (To check virtual memory utilisation.)
STATE
enabled
enabled,cds
enabled,cds
ID
536152017.11.BMDSERVER
1227011624.22.BMDSERVER
1226567711.25.BMDSERVER
Print DG Information
# vxprint -l rootdg
Disk group: rootdg
Group: rootdg
info: dgid=536152017.11.BMDSERVER
version: 110
alignment: 512 (bytes)
activation: read-write
detach-policy: global
copies: nconfig=default nlog=default
devices: max=0 cur=2
minors: >= 38000
- 45 -
v rootvol
ENABLED ACTIVE 20972736 ROUND pl rootvol-01 rootvol
ENABLED ACTIVE 20972736 CONCAT sd rootdg01-B0 rootvol-01 rootdg01 143328959 1
0
Disk_0
sd rootdg01-02 rootvol-01 rootdg01 0
20972735 1
Disk_0
pl rootvol-02 rootvol
ENABLED ACTIVE 20972736 CONCAT sd rootdg02-01 rootvol-02 rootdg02 0
20972736 0
Disk_1
root
RW
ENA
ENA
RW
ENA
v swapvol
ENABLED NEEDSYNC 61442688 ROUND swap
pl swapvol-01 swapvol
ENABLED ACTIVE 61442688 CONCAT RW
sd rootdg01-01 swapvol-01 rootdg01 20972735 61442688 0
Disk_0 ENA
pl swapvol-02 swapvol
ENABLED ACTIVE 61442688 CONCAT RW
sd rootdg02-02 swapvol-02 rootdg02 20972736 61442688 0
Disk_1 ENA
- 46 -
STATE
enabled
enabled,cds
enabled,cds
ID
536152017.11.BMDSERVER
1227011624.22.BMDSERVER
1226567711.25.BMDSERVER
- 47 -
FTP
Disable ftp access for particular user put user name in below file.
# vi /etc/ftpd/ftpusers
root
oracle
:wq!
RCP Issue
Package Installation
# pkginfo -l -------------------------------> ( To list the installed packages)
# pkgadd -d "Package Name" ----------------------> (To add package)
-d SUNWgtar
# pkgchk "Packge Name" --------------------------> (To check Package status)
SUNWgtar
# pkgrm "Packge Name" --------------------------> (To remove package)
SUNWgtar
Patch Installation
# patchadd "Patch Name" ---> (To Add Patch)
patchadd /var/sadm/spool/104945-02
# patchrm
For Example:- #
- 48 -
- 49 -
- 50 -
- 51 -
- 52 -
PowerPC Firmware
Version SF220_001 SMS 1.5
(c) Copyright IBM Corp. 2000, 2003 All rights reserved.
----------------------------------------------------------Main Menu
1.
2.
3.
4.
5.
Select Language
Setup Remote IPL (Initial Program Load)
Change SCSI Settings
Select Console
Select Boot Options
----------------------------------------------------------Navigation Keys:
X = eXit System Management Services
----------------------------------------------------------Type the number of the menu item and press Enter or select
Navigation Key: 5
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
l.
Press the 2 key and press Enter to select 2. Select Boot Devices.
Press the 1 key and press Enter to select 1. Select first Boot Device.
Press the 3 key and press Enter to select 3. CD/DVD.
Select the media type that corresponds to the CD-ROM device and press Enter.
Select the device number that corresponds to the CD-ROM device and press Enter. The CD-ROM device is now the
first device in the Current Boot Sequence list.
Press the ESC key until you return to the Configure Boot Device Order menu.
Press the 2 key to select 2. Select the second Boot Device.
Press the 5 key and press Enter to select 5. Hard Drive.
If you have more than one hard disk in your partition, determine which hard disk you will use to perform the AIX
installation. Select the media type that corresponds to the hard disk and press Enter.
Select the device number that corresponds to the hard disk and press Enter.
Press the x key to exit the SMS menu. Confirm that you want to exit SMS.
- 53 -
Select Language for BOS installation menus and press Enter to open the Welcome to Base Operating System
Installation and Maintenance menu.
Type 2 to select Change/Show Installation Settings and Install in the Choice field and press Enter.
88 Help ?
99 Previous Menu
>>> Choice [1]: 2
c.
d.
e.
Note:
The installation methods available depend on whether your disk has a previous Version of AIX installed.
When the Change Disk(s) screen displays, you can change the destination disk for the installation. If the default
shown is correct, type 0 in the Choice field and press Enter. To change the destination disk, do the following:
1. Type the number for each disk you choose in the Choice field and press Enter. Do not press Enter a final
time until you have finished selecting all disks. If you must deselect a disk, type its number a second time
and press Enter.
2. When you have finished selecting the disks, type 0 in the Choice field and press Enter. The Installation
and Settings screen displays with the selected disks listed under System Settings.
If needed, change the primary language environment. Use the following steps to change the primary language used
by this installation to select the language and cultural convention you want to use.
Note:
Changes to the primary language environment do not take effect until after the BOS installation has completed and
your system is rebooted.
1. Type 2 in the Choice field on the Installation and Settings screen to select the Primary Language
Environment Settings option.
2. Select the appropriate set of cultural convention, language, and keyboard options. Most of the options are
a predefined combination; however, you can define your own combination of options.
To choose a predefined Primary Language Environment, type that number in the Choice field
and press Enter.
To configure your own primary language environment, do the following:
a. Select MORE CHOICES.
b. Select Create Your Own Combination.
c. When the Set Primary Cultural Convention screen displays, type the number in the
Choice field that corresponds to the cultural convention of your choice and press Enter.
d. When the Set Primary Language screen displays, type the number in the Choice field
that corresponds to your choice for the primary language and press Enter.
e. When the Set Keyboard screen displays, type the number in the Choice field that
corresponds to the keyboard attached to the system and press Enter.
After you have made all of your selections, verify that the selections are correct. Press Enter to confirm your
selections and to begin the BOS installation. The system automatically reboots after installation is complete.
- 54 -
Installation Assistant
Move cursor to desired item and press Enter.
Set Date and Time
Set root Password
Configure Network Communications
Install Software Applications
Using SMIT (information only)
F1=Help
F9=Shell
f.
F2=Refresh
F10=Exit
F3=Cancel F8=Image
Enter=Do
Set the correct date, time, and time zone. Press the F3 or Esc+3 key to return to the Installation Assistant main
menu.
- 55 -
Select Set Root Password. Set a root password for the partition.
Select Configure Network Communications. Select TCP/IP Startup. Select from the Available Network
Interfaces and press Enter. Enter the appropriate network information in the Minimum Configuration and Startup
menu and press Enter. Use the F3 or Esc+3 key to return to the Installation Assistant main menu.
Exit the Installation Assistant by typing F10 or Esc+0.
The vterm window displays a login prompt.
4.
5.
Before you begin the installation, other users who have access to your system must be logged off.
Verify that your applications will run on AIX 5L Version 5.3. Also, check if your applications are binary compatible with AIX 5L
Version 5.3. If your system is an application server, verify that there are no licensing issues. Refer to your application
documentation or provider to verify on which levels of AIX your applications are supported and licensed. Check that your
hardware microcode is up to date.
All requisite hardware, including any external devices, such as tape drives or CD/DVD-ROM drives must be physically
connected and powered on.
Use the errpt command to generate an error report from entries in the system error log. To display a complete detailed report,
type the following:
# errpt a
6.
7.
There must be adequate disk space and memory available. AIX 5L Version 5.3 requires 128MB of memory and 2.2GB of
physical disk space.
Run the pre-migration script located in the mount_point/usr/lpp/bos directory on your CD. To mount the CD, run the following
command:
Make a backup copy of your system software and data. The instructions on how to create a system backup are described
elsewhere in this article.
Always refer to the release notes for the latest migration information.
- 56 -
When the system beeps twice, press F5 on the keyboard or 5 on an ASCII terminal. If you have a graphics display, you will
see the keyboard icon on the screen when the beeps occur. If you have an ASCII terminal, you will see the word keyboard
when the beeps occur.
Select the system console by pressing F1 or 1 on an ASCII terminal and press Enter.
Select the English language for the BOS installation menus by typing a 1 at the Choice field and press Enter. The Welcome
to Base Operating System Installation and Maintenance menu opens.
Type 2 to select Change/Show Installation Settings and Install in the Choice field and press Enter.
Verify that migration is the method of installation. If migration is not the method of installation, select it now. Select the disk or
disks you want to install.
1 System Settings:
Method of Installation....................Migration
Disk Where You Want to Install............hdisk0
2.
3.
4.
5.
- 57 -
Migration Confirmation
Either type 0 and press Enter to continue the installation,
or type the number of your choice and press Enter.
1. List the saved Base System configuration files which
will not be merged into the system. These files are
saved in /tmp/bos.
2. List the filesets which will be removed and not replaced.
3. List directories which will have all current contents
removed.
4. Reboot without migrating.
Acceptance of license agreements is required before using
system. You will be prompted to accept after the system
reboots.
>>> 0 Continue with the migration.
88 Help ?
-----------------------------------------------------------WARNING: Selected files, directories, and filesets
(installable options) from the Base System will be removed.
Choose 2 or 3 for more information.
>>> Choice[0]:
3.
4.
5.
6.
Select the Accept Licenses option to accept the electronic licenses for the operating system.
Verify the administrator (root user) password and network communications (TCP/IP) information.
Use any other options at this time. You can return to the Configuration Assistant or the Installation Assistant by typing
configassist or smitty assist at the command line.
Select Exit the Configuration Assistant and select Next. Or, press F10 or ESC+0 to exit the Installation Assistant.
If you are in the Configuration Assistant, select Finish now. Do not start the Configuration Assistant when restarting AIX and
select Finish.
When the login prompt displays, log in as the root user to perform system administration tasks.
Run the /usr/lpp/bos/post_migration script.
2.
Output similar to the following displays:
0009710fa9c79877
0009710f0b90db93
- 58 rootvg
None
active
You can use hdisk1 as our alternate disk because no volume group is assigned to this physical disk.
3.
Check to see if the alt_disk_install fileset has been installed by running the following (Note: This command is obsolete in AIX
5L Version 5.3. It has been replaced by alt_disk_copy, alt_disk_mksysb, and alt_rootvg_op.):
# lslpp -L bos.alt_disk_install.rte
4.
Output similar to the following displays if the alt_disk_install fileset is not installed:
lslpp: 0504-132 Fileset bos.alt_disk_install.rte not installed.
5.
Using Volume 1 of the AIX installation media, install the alt_disk_install fileset by running the following:
# geninstall -d/dev/cd0 bos.alt_disk_install.rte
6.
+-------------------------------------------------------------+
Summaries
+-------------------------------------------------------------+
Installation Summary
--------------------------------------------------------------Name
Level Part Event Result
--------------------------------------------------------------bos.alt_disk_install.rte 5.3.0.0 USR
APPLY SUCCESS
7.
Create a user-defined bundle called /usr/sys/inst.data/user_bundles/MyBundle.bnd that contains the following filesets:
I:bos.content_list
I:bos.games
8.
To create a user-defined software bundle, Create a text file with the extension .bnd in the /usr/sys/inst.data/user_bundles path by
running the following:
# vi /usr/sys/inst.data/user_bundles/MyBundle.bnd
Add the software products, packages, or filesets to the bundle file with one entry per line. Add a format-type prefix to each entry. For this
example, we are dealing with AIX installp packages, so the format-type prefix is I:.
Type the following in the MyBundle.bnd file: I: sysmgt.websm.security.
9. Create the /home/scripts directory:
mkdir /home/scripts
10. Create a user-defined customization script called AddUsers.sh in the /home/scripts directory:
touch /home/scripts/AddUsers.sh
chmod 755 /home/scripts/AddUsers.sh
11. Edit /home/scripts/AddUsers.sh to contain the following lines:
mkuser johndoe
touch /home/johndoe/abc.txt
- 59 -
touch /home/johndoe/xyz.txt
To clone the rootvg to an alternate disk, type the following at the command line to open the SMIT menu:
# smit alt_clone
2.
3.
4.
5.
6.
7.
8.
9.
hdisk0
hdisk1
0009710fa9c79877
0009710f0b90db93
rootvg
altinst_rootvg
By default, the alternate disk installation process changes the boot list to the alternate disk. To check this, run the following:
# bootlist -m normal -o
2.
3.
4.
The system boots from the boot image on the alternate disk (hdisk1).
When the system reboots, it will be running off the alternate disk. To check this, type the following:
# lspv
2.
hdisk0
hdisk1
3.
0009710fa9c79877
0009710f0b90db93
old_rootvg
rootvg
Verify that the customization script ran correctly by typing the following:
# find /home/johndoe print
4.
/home/johndoe
/home/johndoe/.profile
/home/johndoe/abc.txt
/home/johndoe/xyz.txt
5.
Verify that the contents of your software bundle was installed by typing the following:
# lslpp -Lb MyBundle
6.
- 60 -
Fileset
Level State Description
-----------------------------------------------------------bos.content_list 5.3.0.0 C AIX Release Content List
bos.games
5.3.0.0 C Games
- 61 -
- 62 -
platform = chrp
netboot_kernel = mp
if1 = master_net svr03 00045576ABDD
cable_type1 = tp
Cstate = BOS installation has been enabled
prev_state = ready for a NIM operation
Mstate = currently running
boot = boot
bosinst_data = bosinst_mksysb
lpp_source = 530lpp_res
mksysb = svr03_mksysb_res
nim_script = nim_script
spot = 530spot_res
control = master
Perform the installation operation
When powering on the new machine, specify a network adapter as the boot device using the SMS menu. Then, perform the installation
operation on the NIM master using the following command:
# nim -o bos_inst -asource=mksysb -a boot_client=no svr03
Use lsnim -l svr03 to monitor progress of the install.
- 63 -
smit alt_clone
Use the disk freed from the rootvg as the target disk Set bootlist to boot from this disk at next reboot NO All
other options are default.
This may take 20 to 30 minutes, once it is completed okay check for lspv you will find something like this.
[m013313@kaha1_csm]:/home/m013313 > lspv
hdisky
00cc596d606185b3
rootvg
active
hdiskx
00cc596d0e86f1e1
altinst_rootvg
Commit any applied software
smit commit
All options are default
Apply TL (if applicable)
Copy TL on the CSM server to LPAR and unpack (default location /opt/tecunix)
smit update_all
Check everything is applied
oslevel -s
Reboot
shutdown -Fr
Remirror rootvg
alt_disk_install -X
(to list the dump areas, substitute primary in -p field below if not the same as example)
- 64 -
List of devices on primary server with details of corresponding Volume Group (VG) details
Source devices are paired with respective target device in DG using following command. (this is to be done
on BCV server)
To add source device - symld -g DGNAME add dev {device id}
To add target device - symld -g DGNAME add dev {device id} tgt
Once DG creation is completed synchronization is triggered in full backup differential mode using following
command. (this is to be done on BCV server)
symclone -g DGNAME create -precopy -diff -tgt
Check for 99% completion of BCV replication. This can be done using following command
symclone -g DGNAME query i 10
Once 99% replication is complete for having consistent backup copy production database needs to be
changed in backup mode. This is done by logging in production server & executing following script from
/backup folder (this is to be done on Production server)
./ora_begin
This will put all database datafiles in backup mode
Now when database is in backup mode snapshot of BCV will be taken using following command
symclone -g DGNAME activate -tgt
Immediately after this the database will be brought back to normal mode from backup mode using following
command (this is to be done on Production server)
./ora_end
After 100% completion of background copy (can be verified using symclone verify command) all VGs will
be imported using respective map file created on production server on BCV server.
Once all VGs are imported successfully on BCV server mount directories will be created for all the
filesystems to be mounted on BCV server. All the filesystems will be mounted on BCV server after
completing fsck (file system check).
Ownership of all mounted filesystems will be changed to oracle user recursively & BCV copy will be
released to Oracle Team for validation.
- 65 -
After validation confirmation from database tem, BCV is released to Veritas Team with entire details of
mount points to be backed up for tape backup.
All the above mentioned steps are converted into standard script format to be used during day-to-day
operations.
As per backup schedule earlier backup completion is verified with Veritas team
On confirmation of successful tape backup the related filesystems of the environment to be backed up are
dismounted from BCV server using preconfigured script
Once 99% replication is complete for having consistent backup copy production database needs to be
changed in backup mode. This is done by logging in production server & executing following script from
/backup folder (this is to be done on Production server)
./ora_begin
Now when database is in backup mode snapshot of BCV will be taken using following command
symclone -g DGNAME activate -tgt
Immediately after this the database will be brought back to normal mode from backup mode using following
command (this is to be done on Production server)
./ora_end
After 100% completion of background copy (can be verified using symclone verify command) predefined
script will be executed which will import all VGs & filesystems will be imported, permissions of file systems
mounted will be changed to oracle user
- 66 -
- 67 -
- 68 -
00cadd4201c15c12
00cadd4251431c49
none
none
rootvg
rootvg
active
active
none
none
>If in case disk is not showing run cfgmgr command to detect disk
>Check disk size using command
#bootinfo -s <hdiskn> where n disk number
# bootinfo -s hdisk2
286102
2 Create Volume Group
>Use Smitty mkvg command
===============================================================
Add a Volume Group
Move cursor to desired item and press Enter.
Add an Original Volume Group
Add a Big Volume Group
Add a Scalable Volume Group
===============================================================
- 69 -
[datavg01]
256
+
[hdisk2]
no
+
yes
+
[]
no
+#
+
===============================================================
> Enter Volume group name
>Select Physical partition (PP) SIZE as required, 128mb is default PP size.
>Select physical volume in this case hdisk2 by pressing function key f4.
>Keep Activate volume group automatically always yes
3. Create Logical volume.
>Create Logical volume using Smitty mklv.
===============================================================
Add a Logical Volume
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
* VOLUME GROUP name
[Entry Fields]
[datavg02]
>Select volume group name by using F4 function key and press enter.
===============================================================
Add a Logical Volume
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP]
[Entry Fields]
Logical volume NAME
[datavg02lvol01]
* VOLUME GROUP name
datavg02
* Number of LOGICAL PARTITIONS
[40]
#
PHYSICAL VOLUME names
[hdisk2]
+
Logical volume TYPE
[jfs2]
+
POSITION on physical volume
middle
+
RANGE of physical volumes
minimum
+
MAXIMUM NUMBER of PHYSICAL VOLUMES
[]
#
to use for allocation
Number of COPIES of each logical
1
+
partition
- 70 -
= 40
>Select PV name
>Select logical volume type jfs2 and Press enter
4. Create mount point
Use # smitty jfs2
command
===============================================================
Enhanced Journaled File Systems
Move cursor to desired item and press Enter.
Add an Enhanced Journaled File System
Add an Enhanced Journaled File System on a Previously Defined Logical Volume
Change / Show Characteristics of an Enhanced Journaled File System
Remove an Enhanced Journaled File System
Manage Quotas for an Enhanced Journaled File System
Defragment an Enhanced Journaled File System
List Snapshots for an Enhanced Journaled File System
Create Snapshot for an Enhanced Journaled File System
Mount Snapshot for an Enhanced Journaled File System
Remove Snapshot for an Enhanced Journaled File System
Unmount Snapshot for an Enhanced Journaled File System
Change Snapshot for an Enhanced Journaled File System
Rollback an Enhanced Journaled File System to a Snapshot
===============================================================
>Select Add an Enhanced Journaled File System select volume group name and press enter .
===============================================================
Add an Enhanced Journaled File System
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
Volume group name
datavg02
SIZE of file system
Unit Size
Gegabytes
+
*
Number of units
[]
#
* MOUNT POINT
[/data]
Mount AUTOMATICALLY at system restart?
yes
+
PERMISSIONS
read/write
+
Mount OPTIONS
[]
+
Block Size (bytes)
4096
+
Logical Volume for Log
+
Inline Log size (MBytes)
[]
#
Extended Attribute Format
Version 1
+
ENABLE Quota Management?
no
+
Enter Mount Point Name here /data
===============================================================
- 71 -
- 72 -
in Action menu ..
Select volume group and enter.
Select new volume group name tab .Enter volume group name .Press OK
- 73 -
- 74 -
Within the Select disk to add window, highlight the disk you wish to add. You can identify it by its model number,
select code and bus address. Activate OK
- 75 -
If you want to give file system type, mount options like large files.
Select Modify FS Defaults press enter.
Exit SAM by returning to the System Administration Manager window and activating Exit SAM
Check entry in /etc/fstab
# cat /etc/fstab
#cat /etc/fstab
- 76 -
og,datainlog 0 2
- 77 -
- 78 -
/dev/vg00
read/write
available
255
8
8
16
1
1
2500
1
4
2168
1392
776
0
0
0
/dev/vg00/lvol1
available/syncd
300
75
75
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol2
available/syncd
256
64
64
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol3
available/syncd
200
50
50
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol4
available/syncd
200
50
50
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
/dev/vg00/lvol5
available/syncd
20
5
- 79 -
Allocated PE
Used PV
5
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol6
available/syncd
2572
643
643
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol7
available/syncd
1264
316
316
1
LV Name
LV Status
LV Size (Mbytes)
Current LE
Allocated PE
Used PV
/dev/vg00/lvol8
available/syncd
756
189
189
1
/dev/dsk/c0t4d0
available
2168
776
On
Here we saw that none of the logical volumes is mirrored and that we have only one physical volume (/dev/dsk/c0t4d0) in
vg00. In order to mirror this VG we will need to add another physical volume.
Boot Configuration
Let's check our boot configuration.
# lvlnboot -v
Boot Definitions for Volume Group /dev/vg00:
Physical Volumes belonging in Root Volume Group:
/dev/dsk/c0t4d0 (8/16/5.4.0) -- Boot Disk
No Boot Logical Volume configured
Root: lvol3
on:
/dev/dsk/c0t4d0
Swap: lvol2
on:
/dev/dsk/c0t4d0
Dump: lvol2
on:
/dev/dsk/c0t4d0, 0
We can see that our root volume is lvol3 and our swap and dump volume is lvol2 volume, all are in /dev/vg00
volume group.
- 80 -
Mirror vg00
Next step is to mirror all logical volumes in vg00 volume group. We can mirror one by one logical volume but it is
easier and faster to mirror them all at once. This can take some time.
# for i in /dev/vg00/lv*; do lvextend -m 1 $i /dev/dsk/c0t6d0; done
The newly allocated mirrors are now being synchronized. This operation will
take some time. Please wait ....
Logical volume "/dev/vg00/lvol1" has been successfully extended.
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf
--(text cut)--
- 81 -
[Split LVs
Now all logical volumes in /dev/vg00 volume group are mirrored. It is time to split this mirror so we have two
identical copies of our system. To make sure you don't loose any data this should be done only when all your
applications are stopped.
# lvsplit -s bkp /dev/vg00/lv*
Logical volume "/dev/vg00/lvol1bkp" has been successfully created with
character device "/dev/vg00/rlvol1bkp".
Logical volume "/dev/vg00/lvol1" has been successfully split.
--(text cut)-Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf
With this we have split every logical volume to the original and copy with 'bkp' sufix. For example, lvol1 and
lvol1bkp, lvol2 and lvol2bkp, and so on. In case of a problem after patching we will use 'bkp' logical volumes.
After splitting, new logical volumes (ones with the 'bkp' suffix) needs to be checked with the fsck for consistency.
# for i in /dev/vg00/lv*bkp; do fsck -F $(fstyp $i) $i; done
log replay in progress
replay complete - marking super-block as CLEAN
unknown_fstyp (no matches)
fsck: invalid argument to "-F FStype" option
fsck: /dev/vg00/lvol2bkp is not a valid file system type
usage: fsck [-F FStype] [-V] [-m] [special...]
or fsck [-F FStype] [-V] [-m] [-o specific_options] [special...]
log replay in progress
replay complete - marking super-block as CLEAN
--(text cut)-Do not worry about that error we got there. It is because we tried to fsck SWAP filesystem.
- 82 -
/dev/vg00/lvol3bkp
/dev/vg00/lvol1bkp
/dev/vg00/lvol4bkp
/dev/vg00/lvol5bkp
/dev/vg00/lvol6bkp
/dev/vg00/lvol7bkp
/dev/vg00/lvol8bkp
/ vxfs delaylog 0 1
/stand hfs defaults 0 1
/tmp vxfs delaylog 0 2
/home vxfs delaylog 0 2
/opt vxfs delaylog 0 2
/usr vxfs delaylog 0 2
/var vxfs delaylog 0 2
Perform patching
Before executing the patch installation it is recommended to check again output of 'lvlnboot -v' command and to run
preview of patch installation (-p option with swinstall command).
# lvlnboot -v
Boot Definitions for Volume Group /dev/vg00:
Physical Volumes belonging in Root Volume Group:
/dev/dsk/c0t4d0 (8/16/5.4.0) -- Boot Disk
/dev/dsk/c0t6d0 (8/16/5.6.0) -- Boot Disk
No Boot Logical Volume configured
Root: lvol3
on:
/dev/dsk/c0t4d0
Swap: lvol2
on:
/dev/dsk/c0t4d0
Dump: lvol2
on:
/dev/dsk/c0t4d0, 0
# swinstall -p -i -s /var/patches/depot/GOLDQPK11i_B.11.11.0612.459.depot
Execute the installation of patches.
# swinstall -i -s /var/patches/depot/GOLDQPK11i_B.11.11.0612.459.depot
And finally, reboot the system.
# shutdown -r -y 0
Booting from alternate boot device
39.32
Coprocessor State
----------------Functional
Cache Size
---------64 KB
Model: A180/1
Available memory (bytes)
134217728
- 83 8/16/5.4
8/16/5.6
8/16/4.0
(dec)
(dec)
(dec)
-------
Command
------BOot [PRI|ALT|<path>]
PAth [PRI|ALT|CON] [<path>]
SEArch [DIsplay|IPL] [<path>]
Description
----------Boot from specified path
Display or modify a path
Search for boot devices
COnfiguration [<command>]
INformation [<command>]
SERvice [<command>]
DIsplay
HElp [<menu>|<command>]
RESET
Device Type
----------Random access media
Random access media
LAN Module
ISL>
When you see 'ISL>' prompt it means that you are in Initial System Loader which will enable you to boot the system
into single user mode or logical volume maintenance mode. In this case we will use LV maintenance mode. This is
done by entering 'hpux -lm'.
ISL> hpux -lm
Boot
: disk(8/16/5.6.0.0.0.0.0;0)/stand/vmunix
- 84 -
Activating VG
We need to activate /dev/vg00 volume group in order to change boot information. Also, we need to mount /usr
filesystem as we will need commands that reside on it.
# vgchange -a y /dev/vg00
Activated volume group
Volume group "/dev/vg00" has been successfully changed.
# mount /dev/vg00/lvol7bkp /usr
- 85 -
# lvlnboot -v
Boot Definitions for Volume Group /dev/vg00:
Physical Volumes belonging in Root Volume Group:
/dev/dsk/c0t4d0 (8/16/5.4.0) -- Boot Disk
/dev/dsk/c0t6d0 (8/16/5.6.0) -- Boot Disk
No Boot Logical Volume configured
Root: lvol3bkp on:
/dev/ddk/c0t6d0
Swap: lvol2bkp on:
/dev/dsk/c0t6d0
Dump: lvol2bkp on:
/dev/dsk/c0t6d0, 0
Reboot
Conclusion
And that's all. Now you should have usable system that looks the same as your system before reboot.
- 86 -
MAXUPROC
Purpose: Specifies the maximum number of processes per user ID.
Values: Default: 40; Range: 1 to 131072
Display: lsattr -E -l sys0 -a maxuproc
Change: chdev -l sys0 -a maxuproc=NewValue
Change takes effect immediately and is preserved over boot. If value is reduced, then it goes into effect only after a
system boot.
Diagnosis: Users cannot fork any additional processes.
Tuning: This is a safeguard to prevent users from creating too many processes.
NCARGS
Purpose: Specifies the maximum allowable size of the ARG/ENV list (in 4 KB blocks) when running exec()
subroutines.
Values: Default: 6; Range: 6 to 1024
Display: lsattr -E -l sys0 -a ncargs
Change: chdev -l sys0 -a ncargs=NewValue
Change takes effect immediately and is preserved over boot.
Diagnosis: Users cannot execute any additional processes because the argument list passed to the exec() system
call is too long. A low default value might cause some programs to fail with the arg list too long error message, in
which case you might try increasing the ncargs value with the chdev command above and then rerunning the
program.
Tuning: This is a mechanism to prevent the exec() subroutines from failing if the argument list is too long. Please
note that tuning to a higher ncargs value puts additional constraints on system memory resources.
MAXPOUT
Purpose: Specifies the maximum number of pending I/Os to a file.
Values: Default: 0 (no checking); Range: 0 to n (n should be a multiple of 4, plus 1)
Display: lsattr -E -l sys0 -a maxpout
Change: chdev -l sys0 -a maxpout=NewValue Change is effective immediately and is permanent. If the -T flag is
used, the change is immediate and lasts until the next boot. If the -P flag is used, the change is deferred until the
next boot and is permanent.
Diagnosis: If the foreground response time sometimes deteriorates when programs with large amounts of
sequential disk output are running, sequential output may need to be paced.
Tuning: Set maxpout to 33 and minpout to 16. If sequential performance deteriorates unacceptably, increase one or
both. If foreground performance is still unacceptable, decrease both.
MINPOUT
Purpose: Specifies the point at which programs that have reached maxpout can resume writing to the file.
Values: Default: 0 (no checking); Range: 0 to n (n should be a multiple of 4 and should be at least 4 less than
maxpout)
Display: lsattr -E -l sys0 -a minpout
Change: chdev -l sys0 -a minpout=NewValue Change is effective immediately and is permanent. If the -T flag is
used, the change is immediate and lasts until the next boot. If the -P flag is used, the change is deferred until the
next boot and is permanent.
- 87 -
Diagnosis: If the foreground response time sometimes deteriorates when programs with large amounts of
sequential disk output are running, sequential output may need to be paced.
Tuning: Set maxpout to 33 and minpout to 16. If sequential performance deteriorates unacceptably, increase one or
both. If foreground performance is still unacceptable, decrease both.
MOUNT O NOINTEGRITY
Purpose: A new mount option (nointegrity) may enhance local file system performance for certain write-intensive
applications. This optimization basically eliminates writes to the JFS log. Note that the enhanced performance is
achieved at the expense of metadata integrity. Therefore, use this option with extreme caution because a system
crash can make a file system mounted with this option unrecoverable. Nevertheless, certain classes of applications
do not require file data to remain consistent after a system crash, and these may benefit from using the nointegrity
option. Two examples in which a nointegrity file system may be beneficial is for compiler temporary files, and for
doing a nonmigration or mksysb installation.
SYNCD <Interval>
Purpose: The time between sync() calls by syncd.
Values: Default: 60; Range: 1 to any positive integer
Display: grep syncd /sbin/rc.boot vi /sbin/rc.boot or
Change: Change is effective at next boot and is permanent. An alternate method is to use the kill command to
terminate the syncd daemon and restart it from the command line with the command /usr/sbin/syncd interval.
Diagnosis: I/O to a file is blocked when syncd is running.
Tuning: At its default level, this parameter has little performance cost. No change is recommended. Significant
reductions in the syncd interval in the interests of data integrity (as for HACMP) could have adverse performance
consequences.
MAXSERVERS
Purpose: Specifies the maximum number of AIO kprocs per processor.
Values: Default: 10 per processor
Display: lsattr -E -l aio0 -a maxservers
Change: chdev -l aio0 -a maxservers=NewValue Change is effective after reboot and is permanent.
Diagnosis: N/A
Tuning: This value limits the number of concurrent asynchronous I/O requests. The value should be about the same
as the expected number of concurrent AIO requests.
- 88 -
MINSERVERS
Purpose: Specifies the number of AIO kprocs that will be created when the AIO kernel extension is loaded.
Values: Default: 1
Display: lsattr -E -l aio0 -a maxservers
Change: chdev -l aio0 -a minservers=NewValue Change is effective after reboot and is permanent.
Diagnosis: N/A
Tuning: Making this a large number is not recommended, because each process takes up some memory. Leaving
this number small is acceptable in most cases because AIO will create additional kprocs up to maxservers as
needed.
- 89 -
vi /etc/security/opasswd
chmod 0600 /etc/security/opasswd
vi /etc/sysctl.conf
net.ipv4.tcp_syncookies =1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_redirects = 0
sysctl -p
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
cd /root
chattr +a .bash_history
chattr +i .bash_history
Edit /etc/ssh/sshd_config to disable direct root logins at the SSH level .
PermitRootLogin no
check
lsof -i -n | egrep 'COMMAND|LISTEN|UDP'
nmap -sTU localhost
stop unnessesory services and make it off on all the runlevel such as
nfs portmap nfslock cups anacron xinetd
atd
The default runlevel should be set to 3 since X11 (X Windows System) should not be running on a production
server
# grep ':initdefault' /etc/inittab
id:3:initdefault
To have changes in /etc/inittab become effective immediately, you can run:
# init q
Chmod 600 /etc/inittab
Disable sftp if it's not needed:
#Subsystem
sftp /usr/lib/misc/sftp-server
edit sshd_config
Edit /etc/motd
copy
#############################################################################
Welcome
#############################################################################
This is an official computer system and is the property of Vodafone Essar Ltd. and / or its affiliates. It is for
authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or
implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions:
interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement
personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the
user consents to these actions. Unauthorized or improper use of this system may result in administrative
disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and
- 90 -
consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions
stated in this notice.
#############################################################################
edit /etc/vsftpd/vsftpd.conf
change anonymous_enable=YES to NO
Run following command
chmod 777 /tmp
Chmod +t /tmp
service xinetd stop
service portmap stop
service nfs stop
service nfslock stop
service cups stop
chkconfig xinetd off
chkconfig nfs off
chkconfig nfslock off
chkconfig cups off
chkconfig portmap off
- 91 -
- 92 -
1) Insert the first installation CD into the CD drive and turn on or reset the system.
2) The system boots from the CD and displays a screen of instructions with a boot: prompt at the bottom
- 93 -
- 94 -
- 95 -
8) Select remove Linux portions on selected drive and create default layout.
Check Review And Modify Partitioning Layout.
- 96 -
- 97 -
9) Choose Yes
10) Create LVM and change partitions as per requirement. Make any desired changes to default layout.
- 98 -
- 99 -
13) Set the time zone for your system. Keep the System Clock Uses UTC option active. Then click Next.
14) Type in and confirm the root password for your system.
- 100 -
- 101 -
17) You get one last chance to go back before starting the installation process.
- 102 -
18) The next step is to reboot your computer into RHEL. Click Reboot.
- 103 -
LPAR Creation
- 104 -
- 105 -
Log on to the HMC of the Frame that is hosting the Managed System on which you wish to create an LPAR, using the
hscroot user id.
(https://10.77.41.48:/preloginmonitor/index.jsp)
Go to the Tasks Section, Configuration, Create Logical Partition.
Select AIX or Linux.
Below is the set of screenshots that would follow.
Enter the Partition name which should be similar in name to the hostname of the LPAR.
- 106 -
- 107 -
- 108 -
- 109 -
- 110 -
- 111 -
Select the Enable Connection Monitoring & Redundant Error Path Reporting Tabs which would enable the Manage
Serviceable Events in the Service Management Section of the HMC to be populated with Hardware errors that the
Server would encounter in the future.
Select the Boot Mode to be Normal unless you plan to boot the Server in SMS/Maintenance Mode.
This is the final Screen that would appear showing the profile Summary/Configuration.
- 112 -
- 113 -
- 114 -
- 115 -
Steps
1. Check the request is received with complete requirement, approved & remedy call has been logged for
request.
2. Check following
a. HBA are configured at operating system level.
b. Are fiber connectivity completed between server, switch.
c. Is required free space is available on storage.
3. Pass the request to Storage team with detailed requirement.
4. Post confirmation from storage team about new devices addition.
a. Scan server for newly added devices.
b. Create different volume groups as per requirement from application team.
c. Create required logical volume in newly created VG.
d. Create file system on logical volumes created.
e. Create requested mount points & mount the filesystems.
f. Assign ownership of requested user to respective mount points.
5. Send the confirmation mail to requestor & close ticket in Remedy.
- 116 -
o
o
o
If request from user or application owner then verify why shutdown is necessary?
Do they have valid reason? Check shut down is required or not?
Do they have valid approval from circles IT Head, Application Owner, Manager UNIX Team.
If request from Server admin Team .Take approval from Circles IT Head , Application Owner , Manager
Unix Team, User .Justify why shutdown is required .
- 117 -
- 118 -
Service Request
Severity 1
Severity 2
Severity 3
Once the Service request is been raised it can be seen on to the remedy tool, for which an admin has to login to the
remedy by putting his user name and password.
- 119 -
This is main management console admin has to click on Incident Management console, which will take the admin
to Personalized Incident Management console.
Here admin needs to select his group and he can list all the tickets which have been assigned to his group or to him
individually, Once ticket is been identified he can double click on that ticket to get the generic details.
- 120 -
Ticket has got different tabs in a single window which contains all the information about the Incident, As the
administrator works on the incident closure he can close the ticket.
For ticket closure admin has to give resolution details in the below mentioned fields and select appropriate reason
for closure.
- 121 -
Once the reason has been selected then revolvers name should be entered in the Assignee field and for successful
closure of the ticket this resolution window needs to be saved.
- 122 -
- 123 -
- 124 -
- 125 -
Work Instructions
Create a physical volume using pvcreate with the -B option.
# pvcreate -B /dev/rdsk/c0t5d0
Add the physical volume to your existing root volume group with vgextend:
# vgextend /dev/vg00 /dev/dsk/c0t5d0
Use mkboot to place boot utilities in the boot area:
# mkboot -l /dev/rdsk/c0t5d0
Use mkboot to add an AUTO file in boot LIF area:
# mkboot -a "hpux" /dev/rdsk/c0t5d0
Or, use the -lq option to allow your system to boot in the event that one of your disks is unavailable, resulting in a
loss of quorum.
# mkboot -a "hpux -lq" /dev/rdsk/c0t5d0
NOTE: Use the -lq option when your root volume group contains only 2 disks. If more than 2 disks are in the root
volume group, the -lq option is not needed as quorum will be maintained even if 1 disk fails.
You can check the contents of the AUTO file with
# lifcp /dev/rdsk/c0t5d0:AUTO If you choose, you can set the alternate boot path variable according to e.g.
# setboot -a 8/0/19/0.5.0
You can determine the hardware address of the disk that will become the mirror disk with 'ioscan -fnC' disk. To
check use setboot without any arguments.
Mirror the boot logical volume, primary swap logical volume, root logical volume and other logical volumes as
needed, to the above disk in the following sequence
# lvextend -m 1 /dev/vg00/lvol1 /dev/dsk/c0t5d0
# lvextend -m 1 /dev/vg00/lvol2 /dev/dsk/c0t5d0
# lvextend -m 1 /dev/vg00/lvol3 /dev/dsk/c0t5d0
# lvextend -m 1 (additional LV)
To check use lvdisplay -v.
Update all physical volumes in the volume group so that the logical volume becomes the root, boot, primary swap,
or a dump volume when the system is next booted:
For HP-UX 10.20 (not updated to) and 11.X only:
# lvlnboot -r /dev/vg00/lvol3
# lvlnboot -b /dev/vg00/lvol1
# lvlnboot -s /dev/vg00/lvol2
- 126 -
- 127 -
In order to test your mirror configuration, shut down the system and boot from the mirror disk.
# shutdown -ry 0
The system will shut down and reboot. As the system starts to come back up, look for the message (system's
output may vary):
TO INTERRUPT THE BOOT SEQUENCE, PRESS ...
Interrupt the boot sequence. This will display the Boot Admin display. At the boot_admin> prompt type:
bo Mirror_disk_hardware_address or
bo alt
if the alternate boot device has been configured. The system will prompt to interact with IPL, answer 'no', and the
system will boot from the mirror root disk.
NOTE: This example includes creating a mirror copy of the primary swap logical volume. The primary swap
mirror does not need to be on a specific disk or at a specific location, but it does need to be allocated on
contiguous disk space. The recommended mirror policy for primary swap is to have the Mirror Write Cache
and the Mirror Consistency Recovery Mechanisms disabled.
When primary swap is mirrored and your primary swap device also serves as a dump area, you must make
sure that Mirror Write Cache and Mirror Consistency Recovery is set to off at boot time to avoid loss of
your dump. To reset these options, you will need to reboot your system in maintenance mode. Then use
the lvchange(1M) command with the -M n and -c n options.
USER ID Management
- 128 -
- 129 -
User Addition
This command is used for adding users in a UNIX system
This is accomplished with the command useradd in all the flavors of UNIX (HP-UX, AIX and Solaris)
Command syntax:useradd (username)
Ex -: useradd test will add one user in the system with the name test
There are different switches associated with this command mentioned below
-g group :- Specifies the integer group ID or character string name of an existing group. This defines the primary
group membership of the new login.
-G group: - Specifies the integer group ID or character string name of an existing group. This defines the
supplemental group memberships of the new login
-d dir :-
-m:- Creates the home directory for the new login if it does not exist
For example to create a user test which primary group sys and secondary group other, home directory as
/home/test and creating the home directory as well while adding user, the syntax is
useradd test g root G other d /home/test m
User deletion
This command is used for deleting users in a UNIX system
This is accomplished with the command userdel in all the flavors of UNIX (HP-UX, AIX and Solaris)
Command syntax:userdel (username)
Ex -: userdel test will delete the user test in the system
There are different switches associated with this command mentioned below
-r
For example to remove user test along with the contents of its home directory as well, the syntax is
userdel r test
- 130 -
User Modification
This command is used for modifying an existing user in a UNIX system
This is accomplished with the command usermod in all the flavors of UNIX (HP-UX, AIX and Solaris)
Command syntax:usermod parameter (username)
The different parameters that are modified are mentioned below
-o :- Allows the UID to be non-unique (i.e., duplicate)
-g :-redefines the new primary group membership for the log in specified
-G :- redefines the new secondary group membership for the log in specified
-d dir:- specifies the new home directory for the log in
-e expire :- Specifies the date on which this login can no longer be used.
For example to modify an existing user test primary group to root , secondary group to mail , making its uid non
unique , changing its home directory as /home/test1 and expiry date as 7/14/2008 , the syntax is
usermod o g root G mail d /home/test1 e 7/14/2008 test
- 131 -
- 132 -
USER ID Creation
Prerequisites
o
o
o
o
o
o
o
o
o
Check proper approval from UNIX Team Manager, Application manager if user is application user is
available.
Request him to fill User Request Form containing details like user id name, home folder, default group,
permission required i.e. read/write/execute, cron, ftp access. IP of server,
User description.
Verify information given in User Request Form is complete or not. Proper approval is available or not.
If any information is missing, tell user to provide it and take fresh approval from its manager.
If it is privilege ID request make sure that proper approval is available
If security approval is not there please dont create privilege ID.
Admin should maintain a record of (user id, name of owner, employee id, access rights etc) when he
creates id, which would help in reducing the collection work which he does,
when a request comes for data.
Make sure you are maintaining the artifact for id creation.
- 133 -
Enter user name , select primary group pressing function key F4 ,enter home directory.
Press enter.
After creating user through smitty it will show command status OK .Press function key F3 it will go back to main
menu .
Enter user name. Press enter it will prompt for password enter password .
- 134 -
- 135 -
After confirming user addition system will give system generated password
Type command passwd on command line to change user password
# passwd testuser
- 136 -
- 137 -
- 138 -
- 139 -
- 140 -
Work Instructions
we need to make sure AUTO_RUN is disabled in cmviewcl.
cmmodpkg -d pkgname ------ this disables the pkg AUTO_RUN
ie.,
PACKAGE
gjsdpkg0
STATUS
up
STATE
running
AUTO_RUN NODE
disabled
gjsdp0
Steps for cluster Down & up :perform these steps from MP Console for the host (pls verify host first by netstat -in)
Capture all the seesion o/p.
#bdf
#cmviewcl
you will know the node name & pkg name by this.
Before rebooting the host :cmhaltpkg -v pkg_name
cmhaltnode -v Nodename
*******************
After reboot :cmrunnode -v Nodename
cmrunpkg -v pkg_name
vgchange -a y VG_name
vgchange -a e VG_name
fsck /dev/vg_name/lvol1
mount /dev/vg_name/lvol1 /mount_point
xntpd -x
exportfs -a
Note >> Please moniter the log file in another session when performing these steps.logs path is :cd /etc/cmcluser/pkgname
cat pkgname.log
Capture all the seesion o/p.
verify all the mount points before releasing.
----------------------------------------------------------------------------------------------------------For example :cmhaltpkg -v appkg0
cmhaltnode -v sd128bp0
*******************
cmrunnode -v sd128bp0
cmrunpkg -v appkg0
vgchange -a y
VG_name
vgchange -a e VG_name
fsck /dev/mumbscs02/lvol1
mount /dev/mumbscs02/lvol1
xntpd x
/mumbcsc02
- 141 -
19d59s4 1
PARTITION MENU:
0
- change `0' partition
1
- change `1' partition
2
- change `2' partition
3
- change `3' partition
4
- change `4' partition
5
- change `5' partition
6
- change `6' partition
7
- change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> quit
- 142 -
- 143 -
FORMAT MENU:
disk
- select a disk
type
- select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label
- write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save
- save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> save
Please name this partition type before saving it
format> p
PARTITION MENU:
0
- change `0' partition
1
- change `1' partition
2
- change `2' partition
3
- change `3' partition
4
- change `4' partition
5
- change `5' partition
6
- change `6' partition
7
- change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> p
Current partition table (unnamed):
Total disk cylinders available: 37178 + 2 (reserved cylinders)
Part
Tag Flag Cylinders
Size
Blocks
0
root wm
0 - 68
129.38MB (69/0/0)
264960
1
swap wu
69 - 137
129.38MB (69/0/0)
264960
2 backup wu
0 - 37177
68.07GB (37178/0/0) 142763520
3 unassigned wm
0
0
(0/0/0)
0
4 unassigned wm
0
0
(0/0/0)
0
5 unassigned wm
0
0
(0/0/0)
0
6
usr wm 138 - 37177
67.82GB (37040/0/0) 142233600
7 unassigned wm
0
0
(0/0/0)
0
partition> 6
Part
Tag Flag Cylinders
6
usr wm 138 - 37177
Enter partition id tag[usr]: new_disk
`new_disk' not expected.
Enter partition id tag[usr]: newdisk
`newdisk' not expected.
Size
67.82GB
Blocks
(37040/0/0) 142233600
FORMAT MENU:
disk
- select a disk
type
- select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label
- write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save
- save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> save
Please name this partition type before saving it
format> save name
Please name this partition type before saving it
format> label
Ready to label disk, continue?
Ready to label disk, continue? y
format> save
Please name this partition type before saving it
format> ls
`ls' is not expected.
format> ?
Expecting one of the following: (abbreviations ok):
disk
- select a disk
type
- select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label
- write label to the disk
- 144 -
PARTITION MENU:
0
- change `0' partition
1
- change `1' partition
2
- change `2' partition
3
- change `3' partition
4
- change `4' partition
5
- change `5' partition
6
- change `6' partition
7
- change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> name
Enter table name (remember quotes): "new_disk"
partition> q
FORMAT MENU:
disk
- select a disk
type
- select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label
- write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save
- save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> save
Saving new disk and partition definitions
Enter file name["./format.dat"]: /etc/format.dat
format> q
root@ebp-hyd # cd /
root@ebp-hyd # newfs /dev/rdsk/c2t16d247s2
newfs: construct a new file system /dev/rdsk/c2t16d247s2: (y/n)? y
/dev/rdsk/c2t16d247s2: 142763520 sectors in 37178 cylinders of 60 tracks, 64 sectors
69708.8MB in 1377 cyl groups (27 c/g, 50.62MB/g, 6272 i/g)
- 145 -
- 146 -
- 147 -
- 148 -
- 149 -
- 150 -
Condition 2:
If var usr and opt is inside the root then backup command is :
ufsdump 0uf /dev/rmt/0 /
- 151 -
- 152 -
HP
Mail ID ( Monday to Firday - hpi.rc@hp.com only for official time 10:00 AM to 5:30 PM)
Mail id Night disk - nightdesk.bangalore@hp.com time 5:30 PM to 7:00 AM
Including Saturday and Sunday
Toll Free Number - 800-425-8080 1800-425-4994 / 18004258080 Cell 9844152008
+ 91 080 2563 3555 ( Transfer to CMG )
IBM
Mail ID -- rccindia@in.ibm.com (24* 7 support )
Toll Free Numbers - : 1800 425 6666
Toll Free Fax No : 1800 425 1133
Alternate STD No : 080 26788940/ 970
Sun
( this is use for only AMC server )
Mail id - escare@wipro.com this is for only Monday to Saturday 9;00 AM to 6:00 PM
Toll Free Number 18002003456/18003453456 All days ( 24*7 )
For New server / within warranty servers
Mail id - sun-service-request-info@Sun.COM /apen-support@Sun.COM
Toll Free Number 18004254786
- 153 -
- 154 -
Appendix
OS Hardening and
SA&D Checklist for
Security Health Check
UNIX
Server Provisioning
for UNIX
WI Server Health
Check for UNIX