UNIX Health Check

Resolving LED code 555

If your system hangs with LED code 555, it will most likely mean that one of your rootvg file systems is corrupt. The following link will provide information on how to resolve it:

http://www-304.ibm.com/support/docview.wss?uid=isg3T1000217

After completing the procedure, the system may still hang with LED code 555. If that happens, boot the system from media and enter service mode again, and access the volume group. Then check what the boot disk is according to:

# lslv -m hd5

Then also check your bootlist:

# bootlist -m normal -o

If these 2 don't match, set the boot list to the correct disk, as indicated by the lslv command above. For example, to set it to hdisk1, run:

# bootlist -m normal hdisk1

And then, make sure you can run the bosboot commands:

# bosboot -ad /dev/hdisk1
# bosboot -ad /dev/ipldevice

Note: exchange hdisk1 in the example above with the disk that was indicated by the lslv command.

If the bosboot on the ipldevice fails, you have 2 options: Recover the system from a mksysb image, or recreate hd5. First, create a copy of your ODM:

# mount /dev/hd4 /mnt
# mount /dev/hd2 /mnt/usr
# mkdir /mnt/etc/objrepos/bak
# cp /mnt/etc/objrepos/Cu* /mnt/etc/objrepos/bak
# cp /etc/objrepos/Cu* /mnt/etc/objrepos
# umount /dev/hd2
# umount /dev/hd4
# exit

Then, recreate hd5, for example, for hdisk1:

# rmlv hd5
# cd /dev
# rm ipldevice
# rm ipl_blv 
# mklv -y hd5 -t boot -ae rootvg 1 hdisk1
# ln /dev/rhd5 /dev/ipl_blv
# ln /dev/rhdisk1 /dev/ipldevice
# bosboot -ad /dev/hdisk1

If things still won't boot at this time, the only option you have left is to recover the system from a mksysb image.

Topics: AIX, Storage, System Admin ↑

Mounting USB drive on AIX

To familiarize yourself with using USB drives on AIX, take a look at the following article at IBM developerWorks:

http://www.ibm.com/developerworks/aix/library/au-flashdrive/

Before you start using it, make sure you DLPAR the USB controller to your LPAR, if not done so already. You should see the USB devices on your system:

# lsconf | grep usb
+ usbhc0 U78C0.001.DBJX589-P2          USB Host Controller
+ usbhc1 U78C0.001.DBJX589-P2          USB Host Controller
+ usbhc2 U78C0.001.DBJX589-P2          USB Enhanced Host Controller
+ usbms0 U78C0.001.DBJX589-P2-C8-T5-L1 USB Mass Storage

After you plug in the USB drive, run cfgmgr to discover the drive, or if you don't want the run the whole cfgmgr, run:

# /etc/methods/cfgusb -l usb0

Some devices may not be recognized by AIX, and may require you to run the lquerypv command:

# lquerypv -h /dev/usbms0

To create a 2 TB file system on the drive, run:

# mkfs -olog=INLINE,ea=v2 -s2000G -Vjfs2 /dev/usbms0

To mount the file system, run:

# mount -o log=INLINE /dev/usbms0 /usbmnt

Then enjoy using a 2 TB file system:

# df -g /usbmnt
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
/dev/usbms0     2000.00   1986.27    1%     3182     1% /usbmnt

Topics: AIX, System Admin ↑

Parent process ID

It's very easy to determine the parent process ID, without looking it up in the process list. For example for the current korn shell process, you can determine the parent process of the korn shell process, by looking at the process list:

 # ps -ef | grep ksh | grep -v grep
    root  8061040 17891578   0 22:28:32  pts/0  0:00 -ksh

In the example above you can see that the parent process of the korn shell process with PID 8061040 is 17891578. The same answer can be retrieved by simply looking at the PPID variable:

# echo $PPID
17891578

Topics: AIX, System Admin ↑

Generating a PDF file from a text file on AIX

It's quite easy to generate a PDF file from a text file on AIX. What you need to do that, are both Enscript and Ghostscript installed. Both of them are RPMs that can be found in the AIX Toolbox for Linux Applications. Download the enscript and ghostscript RPMs, along with the RPMs ghostscript-fonts, libpng and urw-fonts, which are required by Ghostscript to run. Put the 5 RPMs in a single folder on your AIX system and run the following command to install all five:

# rpm -ihv *rpm

Now that it is installed, you can easily generate a PDF file. For example, if you wish to generate a PDF file from /etc/motd, run the following command:

# /opt/freeware/bin/enscript -B -p - /etc/motd \
| /usr/bin/gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite \
-sOutputFile=/tmp/motd.pdf -f -

The PDF file is written to /tmp/motd.pdf, and can be viewed with any PDF viewer.

Topics: AIX, System Admin ↑

How to create a null printer

To create a printer queue that dumps its contents to /dev/null, simply run the following command:

# /usr/lib/lpd/pio/etc/piomkpq -A file -p generic -d null -D asc -q lpnull

This will create a printer queue called lpnull and it will write any print jobs to /dev/null.

Topics: HMC, Logical Partitioning ↑

Useful HMC commands

Here are some very useful commands for the Hardware Management Console (HMC): Show vital product data, such as the serial number:

# lshmc -v

Show the release of the HMC:

# lshmc -V

Show network information of the HMC:

# lshmc -n

Reboot the HMC:

# hmcshutdown -r -t now

Show the connected managed systems:

# lssysconn -r all

Change the password of user hscpe:

# chhmcusr -u hscpe -t passwd -v abc1234

List the users of the HMC:

# lshmcusr

These are intersting log files of the HMC:

# ls -al /var/hsc/log/hmclogger.log
# ls -al /var/hsc/log/cimserver.log

Monitor the disk space:

# monhmc -r disk

This can be used to view the file systems of the HMC. Try using "proc", "mem" and "swap as well. By default this command will loop forever and update the screen every 4 seconds. You can run it only once, with the following command:

# monhmc -r disk -n 0

Zero out log files:

# chhmcfs -o f -d 0

This will delete any temporary files. Extremely useful if the HMC calls home to IBM about high usage of one of its file systems. Open a virtual console from the HMC:

# vtmenu

Exit by typing "~." (tilde dot) or "~~." (tilde tilde dot). Force the closure of a virtual terminal session:

# rmvterm -m SYSTEM-9117-570-SN10XXXXX -p name

Change the state of a partition:

# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o on -n name
-f default_profile
# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o shutdown 
-n name --immed

To start all partitions of one managed server:

# chsysstate -m Prd2-Server-8233-E8B-SN0XXXXXX -r lpar -o on --all

List partition profiles for a managed system:

# lssyscfg -r prof -m SYSTEM-9117-570-SN10XXXXX

List partition information:

# lspartition

Topics: AIX, Hardware, Storage, System Admin ↑

Creating a dummy disk device

At some times it may be necessary to create a dummy disk device, for example when you need a disk to be discovered while running cfgmgr with a certain name on multiple hosts.

For example, if you need the disk to be called hdisk2, and only hdisk0 exists on the system, then running cfgmgr will discover the disk as hdisk1, not as hdisk2. In order to make sure cfgmgr indeed discovers the new disk as hdisk2, you can fool the system by temporarily creating a dummy disk device.

Here are the steps involved:

First: remove the newly discovered disk (in the example below known as hdisk1 - we will configure this disk as hdisk2):

# rmdev -dl hdisk1

Next, we create a dummy disk device with the name hdisk1:

# mkdev -l hdisk1 -p dummy -c disk -t hdisk -w 0000

Note that running the command above may result in an error. However, if you run the following command afterwards, you will notice that the dummy disk device indeed has been created:

# lsdev -Cc disk | grep hdisk1
hdisk1 Defined    SSA Logical Disk Drive

Also note that the dummy disk device will not show up if you run the lspv command. That is no concern.

Now run the cfgmgr command to discover the new disk. You'll notice that the new disk will now be discovered as hdisk2, because hdisk0 and hdisk1 are already in use.

# cfgmgr
# lsdev -Cc disk | grep hdisk2

Finally, remove the dummy disk device:

# rmdev -dl hdisk1

Topics: AIX, Storage, System Admin ↑

Erasing disks

During a system decommission process, it is advisable to format or at least erase all drives. There are 2 ways of accomplishing that:

If you have time:

AIX allows disks to be erased via the Format media service aid in the AIX diagnostic package. To erase a hard disk, run the following command:

# diag -T format

This will start the Format media service aid in a menu driven interface. If prompted, choose your terminal. You will then be presented with a resource selection list. Choose the hdisk devices you want to erase from this list and commit your changes according to the instructions on the screen.

Once you have committed your selection, choose Erase Disk from the menu. You will then be asked to confirm your selection. Choose Yes. You will be asked if you want to Read data from drive or Write patterns to drive. Choose Write patterns to drive. You will then have the opportunity to modify the disk erasure options. After you specify the options you prefer, choose Commit Your Changes. The disk is now erased. Please note, that it can take a long time for this process to complete.

If you want to do it quick-and-dirty:

For each disk, use the dd command to overwrite the data on the disk. For example:

for disk in $(lspv | awk '{print $1}') ; do
   dd if=/dev/zero of=/dev/r${disk} bs=1024 count=10
   echo $disk wiped
done

This does the trick, as it reads zeroes from /dev/zero and outputs 10 times 1024 zeroes to each disk. That overwrites anything on the start of the disk, rendering the disk useless.

Topics: AIX, System Admin ↑

Unconfiguring child objects

When removing a device on AIX, you may run into a message saying that a child device is not in a correct state. For example:

# rmdev -dl fcs3
Method error (/usr/lib/methods/ucfgcommo):
0514-029 Cannot perform the requested function because a
child device of the specified device is not in a correct state.

To determine what the child devices are, use the -p option of the lsdev command. From the man page of the lsdev command:

-p Parent
     Specifies the device logical name from the Customized Devices
     object class for the parent of devices to be displayed. The 
     -p Parent flag can be used to show the child devices of the 
     given Parent. The Parent argument to the -p flag may contain
     the same wildcard charcters that can be used with the odmget 
     command. This flag cannot be used with the -P flag.

For example:

# lsdev -p fcs3          
fcnet3 Defined   07-01-01 Fibre Channel Network Protocol Device
fscsi3 Available 07-01-02 FC SCSI I/O Controller Protocol Device

To remove the device, and all child devices, use the -R option. From the man page for the rmdev command:

-R
     Unconfigures the device and its children.
     When used with the -d or -S flags, the 
     children are undefined or stopped, respectively.

The command to remove adapter fcs3 and all child devices, will be:

# rmdev -Rdl fcs3

Topics: AIX, Security, System Admin ↑

mkpasswd

An interesting open source project is Expect. It's a tool that can be used to automate interactive applications.

You can download the RPM for Expect can be downloaded from http://www.perzl.org/aix/index.php?n=Main.Expect, and the home page for Expect is http://www.nist.gov/el/msid/expect.cfm.

A very interesting tool that is part of the Expect RPM is "mkpasswd". It is a little Tcl script that uses Expect to work with the passwd program to generate a random password and set it immediately. A somewhat adjusted version of "mkpasswd" can be downloaded here. The adjusted version of mkpasswd will generate a random password for a user, with a length of 8 characters (the maximum password length by default for AIX), if you run for example:

# /usr/local/bin/mkpasswd username
sXRk1wd3

To see the interactive work performed by Expect for mkpasswd, use the -v option:

# /usr/local/bin/mkpasswd -v username
spawn /bin/passwd username
Changing password for "username"
username's New password:
Enter the new password again:
password for username is s8qh1qWZ

By using mkpasswd, you'll never have to come up with a random password yourself again, and it will prevent Unix system admins from assigning new passwords to accounts that are easily guessible, such as "changeme", or "abc1234".

Now, what if you would want to let "other" users (non-root users) to run this utility, and at the same time prevent them from resetting the password of user root?

Let's say you want user pete to be able to reset other user's passwords. Add the following entries to the /etc/sudoers file by running visudo:

# visudo

Cmnd_Alias MKPASSWD = /usr/local/bin/mkpasswd, \
                      ! /usr/local/bin/mkpasswd root
pete ALL=(ALL) NOPASSWD:MKPASSWD

This will allow pete to run the /usr/local/bin/mkpasswd utility, which he can use to reset passwords.

First, to check what he can run, use the "sudo -l" command:

# su - pete
$ sudo -l
User pete may run the following commands on this host:
(ALL) NOPASSWD: /usr/local/bin/mkpasswd, !/usr/local/bin/mkpasswd root

Then, an attempt, using pete's account, to reset another user's password (which is successful):

$ sudo /usr/local/bin/mkpasswd mark
oe09'ySMj

Then another attempt, to reset the root password (which fails):

$ sudo /usr/local/bin/mkpasswd root
Sorry, user pete is not allowed to execute 
'/usr/local/bin/mkpasswd root' as root.

Number of results found: 469.
Displaying results: 141 - 150.

Order

No time to lose? Need to know what's wrong with
your UNIX system now? Then get started TODAY!