This is an old revision of the document!
Table of Contents
Test 000-221 - AIX 7 Administration
- Number of questions: 72
- Time allowed in minutes: 90
- Required passing score: 58%
- Test languages: English
System Availability (10%)
Identify resources used by Cluster Aware AIX
For the folling commands to work, you have to have bos.cluster installed and running them within a cluster environment.
Query status of nodes:
lscluster -m
Interface state:
lscluster -i -n
Disk info and state:
lscluster -d
Run commands on all nodes:
clcmd ps -ef
Configure dump devices and analyze output
IBM documentation: Managing System Dump Devices
The sysdumpdev command changes the primary or secondary dump device designation in a system that is running. The primary and secondary dump devices are designated in a system configuration object. The new device designations are in effect until you run the sysdumpdev command again, or you restart the system.
It is not recommended that a standalone dump logical volume be mirrored. It is much better practice to have a primary and a secondary dump device, each wholly contained on separate hdisks, rather than mirroring these devices. If for some reason the primary dump device is inaccessible the dump program will then attempt to dump to the secondary device.
Show information
View information about primary and secondary dump device:
sysdumpdev -l primary /dev/lg_dumplv secondary /dev/sysdumpnull copy directory /var/adm/ras forced copy flag TRUE always allow dump TRUE dump compression ON type of dump traditional
Enable “always allow dump”:
sysdumpdev -k
Estimate size of dump for current running system:
sysdumpdev -e 0453-041 Estimated dump size in bytes: 798385766
Change dump device
Create a new LV and change the dump device
sysdumpdev -Pp /dev/dumplv
Start a dump and analyse
Start dump, reboot wil take place!
sysdumpstart -p
Shows dump date, time and size
sysdumpdev -L 0453-039 Device name: /dev/lg_dumplv Major device number: 10 Minor device number: 11 Size: 203220992 bytes Uncompressed Size: 2208585577 bytes Date/Time: Tue Oct 8 13:27:09 CEST 2013 Dump status: 0 Type of dump: traditional dump completed successfully
Copy last dump from dump device
savecore -d /var/adm/ras 0481-183 Saving 203220992 bytes of system dump in /var/adm/ras/vmcore.0.BZ
Analyse dump:
dmpuncompress vmcore.0.BZ
-- replaced with vmcore.0
kdb /var/adm/ras/vmcore.0 /usr/lib/boot/unix_64
/var/adm/ras/vmcore.0 mapped from @ a00000000000000 to @ a00000083a45769
START END <name>
0000000000001000 00000000058A0000 start+000FD8
F00000002FF47600 F00000002FFDF9C8 __ublock+000000
000000002FF22FF4 000000002FF22FF8 environ+000000
000000002FF22FF8 000000002FF22FFC errno+000000
F1000F0A00000000 F1000F0A10000000 pvproc+000000
F1000F0A10000000 F1000F0A18000000 pvthread+000000
Dump analysis on CHRP_SMP_PCI POWER_PC POWER_4 machine with 4 available CPU(s) (64-bit registers)
Processing symbol table...
.......................done
read vscsi_scsi_ptrs OK, ptr = 0x0
(0)> stat
SYSTEM_CONFIGURATION:
CHRP_SMP_PCI POWER_PC POWER_4 machine with 4 available CPU(s) (64-bit registers)
SYSTEM STATUS:
sysname... AIX
nodename.. p630
release... 1
version... 7
build date May 10 2013
build time 11:15:39
label..... j2013_19C1
machine... 005FF6FD4C00
nid....... 5FF6FD4C
time of crash: Tue Oct 8 13:27:09 2013
age of system: 43 min., 59 sec.
xmalloc debug: enabled
FRRs active... 0
FRRs started.. 0
CRASH INFORMATION:
CPU -1 CSA 053A7E80 at time of crash, error code for LEDs: 00000000
(0)>
Determine elements necessary to reduce single points of failure
- Servers / nodes
- Applications
- Networks and interfaces
- Disks and adapters
Understand geographical logical volume manager (GLVM)
IBM Documentation GLVM Overview
You can configure geographically mirrored volume groups in AIX® GLVM, without having to install and configure an HACMP™ cluster. The AIX GLVM technology provides the same geographic data mirroring functionality as HACMP/XD for GLVM, only without the automated monitoring and recovery which is provided by HACMP.
GLVM is intended for non-concurrent access only. In order to prevent accidental concurrent access, it is recommended that a geographically mirrored volume group not be automatically varied online during system startup.
The RPV device driver does not encrypt the messages that are sent between the RPV client and RPV server. IBM recommends the IP Security (IPsec) feature of AIX for network security.
Maintain hardware (CEC/Blade Hardware), deferred or concurrent firmware, AMM firmware (for Power Blades), whether an adapter replacement or new installation.
See hardware manuals and IBM Fix central for updates. IBM Fix central
Storage Management (21%)
Manage storage devices (traditional disk, Solid State Drives, and tape) including redundancy
Show disk size in MB, lspv only works if disk is in a volume group:
getconf DISK_SIZE /dev/hdisk0
Manage physical and virtual devices
The cfgmgr command configures devices and optionally installs device software into the system.
cfgmgr
Show physical devices:
lspv hdisk0 005ff6fd4c672d8d rootvg active hdisk1 005ff6fd44f62149 datavg active hdisk2 0042579a00041f31 datavg active hdisk3 005ff6fd8cc976b8 rootvg active
Create and manage volume groups
List volume groups:
lsvg rootvg datavg
Show volume group information:
lsvg rootvg VOLUME GROUP: rootvg VG IDENTIFIER: 005ff6fd00004c000000014185113848 VG STATE: active PP SIZE: 128 megabyte(s) VG PERMISSION: read/write TOTAL PPs: 1092 (139776 megabytes) MAX LVs: 256 FREE PPs: 962 (123136 megabytes) LVs: 11 USED PPs: 130 (16640 megabytes) OPEN LVs: 10 QUORUM: 1 (Disabled) TOTAL PVs: 2 VG DESCRIPTORS: 3 STALE PVs: 1 STALE PPs: 1 ACTIVE PVs: 2 AUTO ON: yes MAX PPs per VG: 32512 MAX PPs per PV: 1016 MAX PVs: 32 LTG size (Dynamic): 256 kilobyte(s) AUTO SYNC: no HOT SPARE: no BB POLICY: relocatable PV RESTRICTION: none INFINITE RETRY: no
List logical volumes within volume group:
lsvg -l rootvg rootvg: LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT hd5 boot 1 2 2 closed/syncd N/A hd6 paging 4 8 2 open/syncd N/A hd8 jfs2log 1 2 2 open/syncd N/A hd4 jfs2 2 4 2 open/syncd / hd2 jfs2 12 24 2 open/syncd /usr hd9var jfs2 32 64 2 open/stale /var hd3 jfs2 1 2 2 open/syncd /tmp hd1 jfs2 1 2 2 open/syncd /home hd11admin jfs2 1 2 2 open/syncd /admin lg_dumplv sysdump 16 16 1 open/syncd N/A livedump jfs2 2 4 2 open/syncd /var/adm/ras/livedump
Create volume group datavg, pp size = 128MB with 2 disks:
mkvg -y datavg -s 128 hdisk1 hdisk2
Change volume group characteristics:
chvg
Add / remove physical volume to volume group:
extendvg vg3 hdisk3 hdisk8 reducevg vg01 hdisk1
Remove volume group:
varyoffvg exportvg
Create and manage logical volumes
Create logical volume:
mklv -t jfs2 -y instimglv datavg 5000
Extend logical volume:
extendlv testlv 8 extendlv lv05 10M
Sync stale logical volume:
syncvg -l hd9var
Create and manage filesystems
Create file system:
crfs -v jfs2 -d instimglv -m /usr/sys/inst.images -A yes
Resize filesystem:
chfs -a size=20G /usr/sys/inst.images
System and Network Security (4%)
There are five (5) components to the RBAC security database:
- Authorizations
- Roles
- Privileged Commands
- Privileged Devices
- Privileged Files
The predifined roles are:
- The ISSO (Information System Security Officer) role manages all other roles. This makes it the most powerful role on the system.
- SA - Systems Administrator
- SO - System Operator
Configure Role Based Access Control
Create and assign role to user so that user can shutdown system. Create authorization:
mkauth shut_auth
Set security attributes
setsecattr -c accessauths=shut_auth /usr/sbin/shutdown
Create role
mkrole authorizations=shut_auth admin_role
Modify user
chuser roles=admin_role benst
Read security databases and load into the kernel
setkst
Test:
swrole admin_role rolelist -e /usr/sbin/shutdown -Fr
Configure and Manage remote access
Install OpenSSH?