Skip to content


mount WINdows shares on AIX host without SAMBA

Already for a while, it is possible to mount WIN shares (file systems) on AIX host. This feature requires the following file sets:

lslpp -l | grep cifs | awk '{print $1}'
  bos.cifs_fs.rte           
  bos.cifs_fs.smit         

Their installation ends in creation of a new device called nsmb0. A WIN share can be mounted from a command line and/or smitty. After I mounted it manually, I un-mounted it and I used the smitty cifs_fs to make sure that the file /etc/filesystems is updated and this share will automatically be mounted with all the necessary privileges and permissions. A while ago, someone asked (in a comment) why I did not used a command line for some task… Well, if I do the same “think” at least once a week than I will do it from a command line. For anything executed at longer intervals, I thank AIX GODS for smitty – this is one of the few feature that put this OS apart from any other -all can be done from a menu (smit/smitty/wsm/….)

From the command line:

mount -v cifs -n wmd.edu/lawson/lawson99 \
-o wrkgrp=WMD-EDU,fmode=775 '/SQL_Queries$' /tmp/mnt

Above, the share user is defined as lawson with password lawson99, the WIN server exporting the share is called resemns04.research.chop.edu and the share is named /SQL_Queries$ which we want on our AIX host as /tmp/mnt.

To make sure that this mount persists any reboots, I unmounted it and executed smitty cifs_fs which populated with the required information looked like:

* Pathname of mount point                            [/tmp/mnt]
* SERVER Name                                        [wmd.edu]
* USER Name                                          [lawson]
  Password                                           [yourPassword]
* Share name                                         [/SQL_Queries$]
* Mount as a READ-ONLY system?                       [no]
  User ID                                            [80]
  Group ID                                           [80]
  Mode                                               [775]
  Domain to Authenticate against                     [WMD-EDU]
* Mount now,add entry to /etc/filesystems, or both   [Both]
* /etc/filesystems entry will mount on start         [no]
  Mount type name                                    []

Notice that we have to enter information about two users! The USER Name and the Password entries define the WIN login account that will be used to authenticate this mount request on the WIN server. The User ID and the Group ID define the AIX user that will “own” the mounted share (on the AIX host) using the numerals associated with his login name and primary group. The $ character at the end of the share name is in this case real – it is what it is. It does not mean that every share must have it at the end of its name.

The input above, produced the following stanza in the file /etc/filesystems:

/tmp/mnt:
        dev             = /SQL_Queries$
        vfs             = cifs
        nodename        = wmd.edu/lawson
        mount           = true
        options         = uid=80,gid=80,fmode=775,wrkgrp=WMD-EDU
        account         = false

Please leave a comment if you know more about cifs shares then I presented in this post, thanks!

Posted in Real life AIX.

Tagged with , , , , , , .


How to sftp on a different port or ports?

This utility is based on ssh and as such it has to be “played” accordingly with ssh rules of the game.
These rules says (among others) that to make ssh listen to a different port – it (the port) must be identified in the /etc/ssh/sshd_config configuration file.

This morning, I had a request to allow sftp to communicate between two hosts over the port 10021. To allow this to happen, the following line was added to the sshd_config configuration files on both hosts.

Port 10021

Following with the refresh of sshd daemon.

stopsrc -s sshd;startsrc -s sshd;lssrc -s sshd

Next, all was tested:

SourceHost:/tmp> sftp -oPort=10021 duszyk@TargetHost:/home/duszyk
duszyk@TargetHost's password:
Connected to TargetHost.
Changing to: /home/duszyk
sftp> ..............
sftp> quit
bye

It is better to enter the following into the sshd_config:

Port 22
Port 10021

In order to “make sure” that sshd will still listen and respond to all requests issued on its default port.

Posted in Real life AIX.

Tagged with , , , .


Introduction to PowerHA from IBM DeveloperWorks

This very nice presentation has a lot of potential to help these who are either “new” to PowerHA or still have some areas that need more explanation.
Check it out – Introduction to PowerHA posted on IBM DeveloperWorks by Tejaswini Kaujalgi and Uma Chandolu (both from IBM).

Posted in HACMP.

Tagged with , , .


migrating cluster resources from SVC (2145) to XIV (2810) storage

It is good for me that this cluster is still not released into “production”. Still, there is a lot of installation/testing activities and to get application folks to release it for a few hours is not possible.
So the cluster storage migration has to be done with the cluster resources being actively used. This probably sounds more scary than it really is. As almost always, storage migration will be done with the help of the mirrorvg/unmirrorvg commands – this will be done first. Next, we will remove the cluster’s heartbeat network and re-create it using the new XIV disk.

Posted in AIX, HACMP, Real life AIX.

Tagged with , , , , , , , .


loading multiple variables in ksh

A few days ago, I had to re-populate home directories after an alt_disk installation from an earlier prepared mksysb image which was created with an exclude list containing /home. This action resulted in a post documenting the recreation process based on a few lines of ksh code.
There are many other options, some does not need scripting at all. A previous backup or scp from the source host could be used to receive the same result.

The next snippet shows the way to simultaneously load (read) multiple (in this case two) variables (user and home) in ksh.

Please notice, that egrep is employed to exclude system accounts as here the root and the rest of system accounts have their homes either outside of /home or not at all.

cat /etc/passwd | egrep -v \ "^daemon|^nobody|^lpd|^root|^adm|^bin|^sys|^uucp|^lp|^snapp" |\
awk -F ':' '{print $1 $6}' | while read user home
do
         pgrp=`lsuser -a pgrp $user | awk -F '=' '{print $2}'`
         mkdir -p $home
         chown $user.$pgrp $home
done

Awk is used to extract the first and the sixth element from each line of the /etc/passwd which are next used to initialize the two variables – user and home. The first variable is used to obtain user’s primary group, the second to create his/hers home directory which ownership is set using all three variables. Notice usage of -F to change awk's internal Input Field Separator variable (FS) – in /etc/passwd it is : character but to access user’s primary group it has to be changed to the = character.

To learn more about awk you may follow this link – http://www.grymoire.com/Unix/Awk.html to the Grymoire Blog.

Posted in Real life AIX.

Tagged with , , , , , , .


AIX and XIV

We are about to start using XIV storage with our AIX machines. From what hear (depending on the source) I get a quite conflicting opinions.
Do you have any comments, advice or recommendations on how to set up an AIX v.6.1 host with XIV v1.7?
Any bit of info will be appriciated – thanks in advance!

Posted in Real life AIX.


creating /home directories using logins from /etc/passwd

As a part of P7 hardware migration, four new machines were built using a mksysb image of an existing host (using P6 hardware). All went without any hiccups but as the result how the mksysb image was created the /home directory was empty – there was only the lost+found. It is our practice to exclude /home from any mksysbs.

So what is the fastest and the easiest way to populate /home with “homes”? One could restore the contents of /home from a backup tape. Another could ftp or scp them to get a similar result. Is this list of possibilities complete? Nope.

Here it is another way to do it. It was selected as no user had any interest in the contents of his/hers home.

First, we need to generate a listing of all users taken from the /etc/passwd and store it in a file (Users.txt)

lsuser -a ALL > /home/Users.txt

Next, using an editor like for example vi we need to remove from Users.txt any account we do not want to reside in home.

The script shown bellow, documents the process of reading (a line by line) the previously made file and using the extracted user login name to obtain the name of his/hers primary group (pgrp) in order to provide all the required entries to the commands mkdir and chown. The first one create the user home directory and the second assigns to it his/hers ownership.

#!/usr/bin/ksh

for user in `cat Users.txt`
do
        mkdir $user
        pgrp=`lsuser -f $user | grep pgrp | awk -F '=' '{print $2}'`
        chown $user.$pgrp $user
done

As it is shown here, both files (the user logins and the script) must reside in the same directory (/home) in order to do what they promise. If there is any other way to approach this task, please let me know.

Update:

One reader commented that it is wrong to assume that users directories are always in /home ….. . So to take in account such situation, the code above could be (for example) modified as follows:

#!/usr/bin/ksh

for user in `cat Users.txt`
do
        home=`lsuser -a home $user | awk -F '=' '{print $2}'`
        pgrp=`lsuser -a pgrp $user | awk -F '=' '{print $2}'`
        mkdir -p $home
        chown $user.$pgrp $home
done

Posted in Real life AIX.

Tagged with , , , , , , .


restrict ftp access to AIX host

I am not going to discuss the “cons” of using ftp – they are pretty much known to all involved with UNIX in general. Still, for some ftp is “a must” and for various reasons it has to be used.

To completely disable ftp access is easy. Just comment out or remove the following two line in the file /etc/inetd.conf and both ftp and its simpler version tftp.

ftp     stream  tcp6    nowait  root    /usr/sbin/ftpd     ftpd
tftp    dgram   udp6    SRC     nobody  /usr/sbin/tftpd    tftpd -n

Follow these “edits” with refresh -s inetd and these services will be disabled on the host.

In order to allow ftp access to a particular user or users, system administrator has to leave the two daemons in place (ftp daemons are left operational).
Contrary to cron access control, ftp instead of two access control files (for cron they are cron.allow and cron.deny) there is only one ftp access control file. This file is called /etc/ftpusers. Its syntax is identical to cron access files – one login name per line.

AIX being itself has a special command to manipulate contents of this file. This command is called ruser.

For example, to allow only the users brickj and bondj access to ftp, system administrator may do the following.

Process the /etc/passwd file to create corresponding entries in the /etc/ftpusers:

for user in `cat /etc/passwd | awk -F ':' '{print $1}'`
do
    ruser -a -f $user
done

The same can be done without cat and awk:

for user in `lsuser -a ALL`
do
    ruser -a -f $user
done

At this moment nobody can ftp! So, brickj and bondj login names have to be removed from ftpusers file.

ruser -d -f brickj; ruser -d -f bondj

Anything left? Yes, test it!!! Does ftp work only for brickj and bondj on this machine?

Posted in Real life AIX.

Tagged with , , , , .


a cluster that just refused to work …..

This cluster just does not want to cooperate.  It worked OK for a few weeks, than it started to misbehave. On of the previous post describes what I had to do to get it to work. Now, the same cluster stopped cooperating again. I cannot move its resource group from one node to another as I do not see neither node in the selection list. I get some errors suggesting that the network adapter is unreachable, some other message asks me to enable automatic verification and synchronization in the HACMP SMIT Extended Configuration, Extended Cluster Service Settings menu, then restart the selected nodes. Please let me know, when you find this menu option in smitty of its other variations.

Posted in AIX, HACMP, Real life AIX.

Tagged with , , , , , , , , , , , .


recovering “lost” host using its mksysb image and NIM server

Someone asked me what would have do be done if we lost one of our data centers? First, in our case this would not be really a show stopper as we have a number of them and most of our systems (at least all defined as Level 1) are clustered with nodes located in geographical dispersed locations.

So the question has to be re-phrased – what would we do to “re-create” a destroyed machine?

Posted in Real life AIX.

Tagged with , , , , , , , , , , .




Copyright © 2016 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.