Skip to content


Learn to use AIX Logical Volume Manager

A newcomer to AIX administration could gain more understanding and appriciation of Logical Volume Manager following this presentation. A machine was just assigned one additional LUN that we have to accquire and use to create a new volume group. A few weeks ago, the same host received a LUN known locally as the hdisk8 which was used to expand capacity of the file system /u40 residing in the volume group called oracle_vg. Today, we have to investigate if this file system could be shrinked to free hdisk8 so this disk could be added to a new volume group. See page 2 for details.

Posted in Real life AIX.

Tagged with , , , .


LINUX authentication with TDS LDAP and SSL

A while ago, I posted some information about setting a LINUX (RedHat 6.2) client to authenticate with the Tivoli Directory Server. This post is more informative. It shows how to configure LINUX client to authenticated against multiple TDS servers over SSL – so the generated traffic is encrypted. If this sounds interesting, flip to the next page.

Posted in AIX, ldap, Linux, Real life AIX.

Tagged with , , , , , , .


LAWSON authentication with LDAP

Integrating LDAP/AD login names and passwords with our UNIX environment was not implemented without challenges but all pales looking at the benefits of this integration. One of the benefits was the ability to use the long (up to 265 characters) login names.

Somehow, it was surprising to discover that LAWSON application’s own authorization mechanism does not accept logins longer then 10 characters, oops …. For a moment we felt like being doomed. But thanks to the splendid LAWSON administrator that we have, we discovered that the long login names used by the operating system can be mapped to the shorter ones allowed by LAWSON – a Lawson user is one that has an entry in the /etc/passwd. It does not matter that there is no corresponding entry in the /etc/group or /etc/security/user and so forth – there must be an entry in the /etc/passwd for LAWSON to view a login account as a legitimate one.

So somewhere, where only the LAWSON administrator knows there is the file that maps UNIX login name with the appropriate LAWSON application login name. The LAWSON user authentication proceeds pretty much along this line:

    a. user logs into UNIX host with his/hers long login –
    LDAP authenticate the user

    b. AIX passes the flow of control to the /etc/profile

    c. inside this file, there is a call to a script that based on the user group
    membership invokes the LAWSON authentication procedure

    d. this procedure maps the OS login name to a shorter one which is looked up
    in the /etc/passwd and if the match is made the user is allowed to proceed
    into the LAWSON realm

    e. user is asked to provide the LAWSON password and if a valid response is
    provided user can proceed into the LAWSON realm.

Sometimes, system administrator who “owns” the LAWSON servers needs to know what are the logins which are longer then 10 characters allowed by this application. On the next page, you will find a simply script that does exactly what I have just described – pulling this information out of the LDAP repository.

Posted in AIX, Linux, Real life AIX, scripts.


finding it with find

It happened again – we have to migrate another environment to LDAP (TDS/AD). As one of the first steps, we have to “clean” it. Each host has to be checked and all inactive local login accounts and groups have to be removed. Next, all local “admin” accounts have to go for the same treatment. This post shows one possible way to identify the “dormant” groups residing on a host. If you are interested to learn more, please proceed to the next page.

Posted in Real life AIX.

Tagged with , .



configure time service on AIX host

Today, ORACLE DBA asked me to verify (set if needed) that time service on his AIX hosts starts and runs with the -x option. This post shows how to set the time service including the SLEWING feature. Select page 2.

Posted in AIX.

Tagged with , , , .


network configuration of LINUX host

Occasionally, as a post-installation step or during the lifetime of a host its IP configuration has to change. This post demonstrate one way to do it. The following applies to RedHat. It is very possible that it is applicable for some other LINUX flavors as well.

This task can be accomplished with a GUI or strictly via a command line. This process creates/edit file in the directory called /etc/sysconfig/network-scripts. We are interested in the file called ifcfg-eth0:

# cat ifcfg-eth0
DEVICE=eth0
HWADDR=00:50:56:99:01:13
NETMASK=255.255.254.0
IPADDR=10.18.48.186
NM_CONTROLLED=yes
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
GATEWAY=10.18.49.254
DNS1=159.14.3.10
DNS2=159.14.27.2
DNS3=10.19.81.12
IPV6INIT=no
USERCTL=no

This file will be empty if this is the first time network services are being configured. If you edit this file by hand, at the minimum enter NETMASK andIPADDR and GATEWAY. If you use the ASCII GUI based utility called system-config-network this file will be populated for you.
Even when you use the GUI tool, you should take a look inside it to check if ONBOOT=yes, otherwise the command service network start will fail silently and you will wonder what is going on 🙂

To finish, edit the files /etc/resolv.conf and /etc/nsswitch.conf. The first to enter the search domain or domains and the second to specify the search order (local, LDAP, ....)

Posted in Linux, Real life AIX.

Tagged with , , .


“issues” with HMC connectivity …..

There is nothing more trivial (or so it seems) than moving a host from one “place” where it was attached to one HMC to another place where it is attached to another HMC on another network.

The HMC appliance in the new location is set as a DHCP server for all attached to it AIX hosts (their Service Processes) so before shutting down the machine to be relocated, we enter its ASM menus and change the network settings of its appropriate HMC interface from Static to Dynamic (for IP address assignment).

Soon after the host is relocated, racked and powered ON it becomes obvious that something is wrong – HMC appliance is not able to “discover” its new “client”. Without going into too many details, after switching cables, checking VPN setting and a few other details it is decided to use the LCD panel to learn of any IP addresses present on hosts HMC1 and HMC2 interfaces. We determine that each interface has an address from a different network. It does not matter that DHCP change did not survive the trip (this does not matter at all). What matters is the lack of connectivity with host’s Service Processor which consequently does not allow us to activate its partitions ……

The question: “what to do next?” Call IBM for and have them send an engineer on site? Get up and drive and look at the situation with our very own eyes?
These are valid answers but there is one more, one that neither I, nor my “admin” colleague, thought about. Good for everybody involved that our SAN administrator suggested using one of the “free” ports of this HMC appliance to connect it directly with one of the HMC ports on the relocated server. Oh really? There are unused network ports? – The lesson in humility, indeed 🙂

After configuring the adapter to the same network as the client HMC2 the appliance picked the client allowing us to power the partition and present the host to its users.

As clearly seen, it always pays to have a knowledgeable and alert person at the remote data center. This person value becomes more and more apparent further away the data center is from the main office.

So at this moment, this particular HMC appliance has configured three network interfaces: eth0 as a fixed IP address used for direct logins. eth1 has running DHCP protocol on subnet 10.25.25.0 – all managed systems except the newly relocated one get their HMC1/2 IP addressed on this network. eth2 is set to the fixed address of 172.172.172.2/24 and the HMC2 port of the relocated host was set to 172.172.172.68/24. This leaves eth3 for yet another net.

Have a good weekend AIX admins!

Update:

Have you heard about the “pin whole” reset? Power all partitions down. Insert thing wire (paper clip) it into the single hole next to the service processor LCD screen. This will rest service processor. This is how I got HMC1 to respond to DHCP.
Additionally, the fact that the host firmware was 12 levels bellow the current one was could contribute to the issues described above. It is time for an update.

Posted in HMC, Real life AIX.

Tagged with , , .


LINUX – testing booting from “software” RAID1

The subject of this and a few earlier posts is software mirroring of LINUX boot partition. Do I think that there is still room for md0? Do I think that the protection delivered via this device is still a viable option?

After spending a few days, learning mdadm again and getting it to work, I say that mdadm belongs to the annals of history. Today, with SAN boot accepted if not embraced, mdadm does not carry the same weight as it did ten or more years ago.

But for the very few cases that cannot use SAN for boot, software RAID can still offer a promise of an uninterrupted sleep. For this reason alone and for these very few people this post may be helpful. For everybody else the time spent reading it could be just a waste of time.

Posted in Linux.

Tagged with , , , , .


AIX Technology Level update strategies

I found this very nice post on developerWorks from Brazil. For some it could be a refresh of what they already know, for the reset a nice tool to increase AIX knowledge. Please follow this link:

http://www.ibm.com/developerworks/aix/library/au-aixtlupdate/index.html

Posted in Real life AIX.

Tagged with , , , , , , .




Copyright © 2016 - 2018 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.