Skip to content


recovering “lost” host using its mksysb image and NIM server

Someone asked me what would have do be done if we lost one of our data centers? First, in our case this would not be really a show stopper as we have a number of them and most of our systems (at least all defined as Level 1) are clustered with nodes located in geographical dispersed locations.

So the question has to be re-phrased – what would we do to “re-create” a destroyed machine?

Posted in Real life AIX.

Tagged with , , , , , , , , , , .


IBM Power Systems Champions……

I have been nominated and named as one of the 2011 IBM Power Systems Champions. For these who did the “selection and nomination”, I say

Thank You!

Posted in NonAix.

Tagged with , , , .


Adding disks to a Shadow Image based backup environment….

Sooner or later, capacity of the existing Shadow Image becomes too constricting and it need to be extended. Usually, it happens after expansion of a file system in a volume group which is “Shadow Imaged”.
For some, the Shadow Image disk are local to the host which backup is taken with this mechanism. For others, Shadow Image disks are remote – located on the server that performs the actual backup of data. When the volume group runs out of capacity, and a new disk or disks (P-VOLs) have to be added to it, the identical addition has to be done to the set of disks which are the target of the Shadow Image operations and which are called the S-VOLs.

Posted in Real life AIX, scripts.

Tagged with , , , , , , , , .


a cluster that just stopped working….

A few weeks ago, I build a two nodes cluster which used to work till yesterday. Well, yesterday I rebooted the nodes to activate the latest XIV drivers I had to install anticipating a future migration from SVC to XIV based storage.
After the reboot I could not start PowerHA (HACMP) services on one of the nodes. Trying to verify/sync the cluster generated nothing but this meaningful message cldare: A communication error prevents obtaining the VRMF from remote nodes. Eventually, I started the cluster on the other node which allowed application team to continue their work. I got stuck with the other node….

Posted in HACMP, Real life AIX.

Tagged with , , , , , , .


Disk Path Design for AIX

I stumbled upon this presentation a while ago. Finally, today I had time to translate its html version into PDF and to show it here.

This is another document from Dan Braden, IBM – very well worth the time needed to read it: Disk Path Design for AIX Including SAN Zoning.

Dan’s presentation was accompanied by Jim Blue “San Best Practices” presentation which can be viewed here: SN08 SAN Best  Practices.pdf

Posted in Real life AIX.

Tagged with , , , , , , , , .


ikeyman and getting it to work for you….

Well, I am not suggesting that there is something wrong with it, some error or something as bad. Just that in my case, in order to get the “CMS key database type” as one of the options, I had to do the following:

1. update my .profile to include these two directives:

export JAVA_HOME=/usr/IBM/HTTPServer/java

export PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb/usr/bin/X11

These directive re-point JAVA to the ikeyman own JAVA file sets. PATH is not pointing to any AIX JAVA directories….

2. update the file $JAVA_HOME/jre/lib/security/java.security to add these two lines (to make ikeyman aware of CMS):

security.provider.X=com.ibm.security.cmskeystore.CMSProvider
security.provider.X+1=com.ibm.crypto.fips.provider.IBMJCEFIPS

where, X and X+1 are the next consecutive numbers.

For a nice post guiding you through the process of creating key databases, issuing certificates and so forth follow this link http://www-01.ibm.com/support/docview.wss?uid=swg21006430

I reversed my .profile to its original state after I was done using ikeyman.

Posted in ldap.

Tagged with , , , , .


fc_qns on steroids = sanscan

In the past, I learnt to appreciate fc_qns. Lately, I started using its bigger and better “version” called sanscan.
You can get it from an IBM Service engineer. Just call the 1-800-IBM-SERV, open a SAN related PMR and after you are connected with your engineer ask for sanscan. I will have it here as soon as I figure out how to allow downloads from my blog….

If your AIX hosts are SAN attached you must have sanscan, really.

nemo1:MDC:/root>./sanscan

sanscan v2.2
Copyright (C) 2010 IBM Corp., All Rights Reserved


Processing FC device:
    Adapter driver: fcs0
    Protocol driver: fscsi0
    Connection type: fabric
    Local SCSI ID: 0x011e00
    Local WWPN: 0x10000000c9460ab1
    Local WWNN: 0x20000000c9460ab1

Initializing device information...
Scanning SAN...
SCSI ID LUN ID   WWPN    WWNN    Vendor ID Product ID Rev  NACA Qualifier     Device    Type                  Error(s)
---------------------------------------------------------------------------------------------------------------               
070c00  0000000000000000 5005076801302afd 5005076801002afd IBM   2145  0000 yes  Not connected Unknown                or no device
..........................................................................................
..........................................................................................
..........................................................................................

sanscan produces tonns of information that may be priceless for a stressed AIX administrator. Ask for it.

Posted in Real life AIX.

Tagged with , , , , , , .


ssh does not work, really?

You will find a few posts touching ssh “issues” in this blog. This morning, I had to interrupt my daily routine (building, building, and more building for migration from the older to the newest hardware) in order to convert the “old” scripts (rcp based) into the new (scp based) – for the very well known reasons….

Posted in Real life AIX.

Tagged with , , , .


new sshd issues – it keeps dying…

Today, I was made aware that users cannot login (using the Putty/ssh) to one of wpars. Thanks God for the clogin command which allows root logins from the parent partition to any of its wpars (children).
So after I logged in the parent lpar, and executed the clogin followed with the appropriate wpar name I was able to login to check and to fix what’s broken.

Posted in Real life AIX.

Tagged with , , , , , , .


AIX native ACLs – a primer

The triplets of read, write and execute as associated with a file object has been around as long as UNIX. To say that today their usefulness has depreciated is nothing but an understatement. Still, despite the amount of time that has passed since UNIX introductions many sites relies nothing but rwx to set access privileges which results (often and frequently) with file systems/directories being wide open to access by all who can log into the host. Why? Often because of a “conflict of interests”; initially we create numerous groups with the best of intentions which we assign to their respected file systems to quickly yield to the business requirements dictating the the members of one group also be able to access the files in the other file system, and so forth and so forth. I do think that currently the usefulness of the original triplets rwx.

Well, regardless who is right and who is not I want to suggest you introduce yourselves to AIX ACLs, RBAC and maybe even to ACLs NFS v.4 (who knows, maybe this is God gift to AIX administrators?). This post will try to introduce you to the AIX own ACL that deliver a more granular control over file objects. Note that NFS v.4 ACLs delivered far more granular control then AIX native ACLs.

Posted in AIX, Real life AIX.

Tagged with , , , , , , , , , , .




Copyright © 2015 - 2016 Waldemar Mark Duszyk. - best viewed with your eyes.. Created by Blog Copyright.