aix:custom_aix
This is an old revision of the document!
Customize AIX server
- root's home directory: don't use / as root home directory, if you reach 100% full, then it'll be hard to restart your server. ksh93 (1993) is supported by IBM and more recent than ksh (1988)
My customization:
mklv -t jfs2 -y rootlv rootvg 128M crfs -v jfs2 -m /root -d rootlv -Ayes mount /root chuser home=/root shell=/usr/bin/ksh93 root chuser fsize=-1 data=-1 root Then logout an login
- cleanup of / directory:
rm -r /.SPOT /.sh_history /.vi_history /smit*
- Change differents values concerning: max number of groups in a server, max character for login, maximum length of the command line, max processes per user
chdev -l sys0 -a ngroups_allowed=2048 chdev -l sys0 -a max_logname=256 chdev -l sys0 -a ncargs=1024 chdev -l sys0 -a maxuproc=8192
- Profile files
cat > ~root/.profile_root << EOF if [ "\$(whoami)" != "root" ]; then export PS1="[\$(whoami)@\$(/usr/bin/hostname -s)]\\\$PWD$ " else export PS1="[\$(whoami)@\$(/usr/bin/hostname -s)]\\\$PWD# " fi set -o vi alias lsvscsi='echo "cvai" | kdb | grep vscsi' alias lsvfcs='echo "vfcs" | kdb | grep fcs' alias ll='ls -lsa' [ -x /usr/linux/bin/ls ] && alias lll='/usr/linux/bin/ls -lsa --color' # needs coreutils rpm package EOF
cat > ~root/.profile <<EOF EDITOR=/usr/bin/vi HOSTNAME=\$(hostname) set -o vi alias ll='ls -lsa' . ~root/.profile_root # If real TTY then allows BACKSPACE if [ \$(tty | awk '{print \$1}' | egrep -q "Global|pts" ; echo \$?) -eq 0 ] then stty erase ^? fi EOF
cat > ~root/.bashrc << EOF EDITOR=/usr/bin/vi HOSTNAME=\$(hostname) set -o vi alias ll='ls -lsa' . ~root/.profile_root stty erase ^? EOF
echo "DTSOURCEPROFILE=true" > ~root/.dtprofile
Add the following lines to /etc/profile:
# cat /etc/profile .... HOSTNAME=\$(/usr/bin/hostname -s) PS1="[\$LOGNAME@\$HOSTNAME]\$PWD# " export PS1 EDITOR=/usr/bin/vi export EDITOR EXTENDED_HISTORY=ON HISTSIZE=10000 HISTTIMEFORMAT="%F %T " export EXTENDED_HISTORY HISTSIZE HISTTIMEFORMAT alias ll='ls -lsa' export DSM_LOG=/tmp # centralize all TSM logs dsmj.log trap 1 2 3
cat >> /etc/environment << EOF # VG mirroring parallelism NUM_PARALLEL_LPS=12 EOF
- Remove all unused entries in the following files: /etc/rc.tcpip /etc/inetd.conf /etc/inittab
- Update TZ variable into /etc/environment (needs a reboot)
Ex: TZ=Europe/Luxembourg
- Add a DNS and domain into /etc/resolv.conf (domain and/or search)
Ex:
server 1.2.3.4
server 2.5.6.8
domain gggg.com
search ggg.com aaa.com bbb.be
- Add into /etc/netsvc.conf the name resolution on local, allow IPV4 and IPV6 (needed for sendmail), and IPV4 on DNS
echo "hosts=local,bind4" >> /etc/netsvc.conf
- Add after 127.0.0.1 the following line into /etc/hosts:
::1 loopback localhost # needed for sendmail (IPV6 local resolution)
- Enable 1 or more time server into /etc/ntp.conf, and comment broadcastclient
server 1.2.3.4 prefer server 3.4.5.6
Activate NTP service:
chrctcp -S -a xntpd stopsrc -s xntpd; startsrc -s xntpd
- Syslog config:
You can have more system logs than the errlog (errpt), you can activate syslog daemon. Logs files are text fomat.
Add the following lines in /etc/syslog.conf
[aix-srv@root] /root# cat /etc/syslog.conf *.emerg /var/log/syslog/emerg.log rotate size 200k files 4 compress *.alert /var/log/syslog/alert.log rotate size 200k files 4 compress *.crit /var/log/syslog/crit.log rotate size 200k files 4 compress *.err /var/log/syslog/error.log rotate size 200k files 4 compress *.warning /var/log/syslog/warning.log rotate size 500k files 4 compress *.notice /var/log/syslog/notice.log rotate size 500k files 4 compress *.info /var/log/syslog/info.log rotate size 500k files 4 compress *.debug /var/log/syslog/debug.log rotate size 500k files 4 compress auth,authpriv.debug /var/log/syslog/auth.log rotate size 500k files 4 compress
Create empty files for log, they won't be automatically created:
[aix-srv@root] /root# mkdir -p /var/log/syslog [aix-srv@root] /root# for file in $(cat /etc/syslog.conf | grep -v "^#" | awk '{print $2}') do touch $file done
Uncomment the entry for syslogd in /etc/rc.tcpip, or use the following command; then restart syslod:
[aix-srv@root] /root# chrctcp -S -a syslogd [aix-srv@root] /root# stopsrc -s syslogd; startsrc -s syslogd
- Backup system
To be able to recover your server, even if it never happens, customize your system image to store the minimum needed Use the file /etc/exclude.rootvg (take care to syntax)
/tmp/ ^./mnt/ ^./mksysb/ ^./var/core/
Command to backup: mksysb -i -e /mksysb_images/node1
- Dump device sysdumpdev -K
- Centralize core files, useful to centralize program cores to one place, best is to create a filesystem (1GB for example)
mklv -tjfs2 -y corelv rootvg 1G crfs -vjfs2 -d corelv -m /var/core -Ayes -a log=INLINE mount /var/core chmod 777 /var/core chcore -c on -p on -l /var/core -n on -d syscorepath -p /var/core
- add additionnal fileset like: rpm: logrotate, rsync, tar, zip, unzip, bzip2, bash, lsof…
# bash rpm -Uhv bash-4.3-16.aix5.1.ppc.rpm # lsof rpm -Uhv lsof-4.88-1.aix7.1.ppc.rpm # coreutils rpm -Uhv libgcc-4.8.3-1.aix7.1.ppc.rpm rpm -Uhv libstdc++-4.8.3-1.aix7.1.ppc.rpm rpm -Uhv gettext-0.10.40-8.aix5.2.ppc.rpm rpm -Uhv info-5.1-2.aix5.1.ppc.rpm rpm -Uhv gmp-6.0.0a-1.aix5.1.ppc.rpm rpm -Uhv libiconv-1.14-2.aix5.1.ppc.rpm rpm -Uhv coreutils-8.24-1.aix5.1.ppc.rpm # logrotate rpm -Uhv popt-1.16-1.aix5.1.ppc.rpm rpm -Uhv logrotate-3.8.2-1.aix5.1.ppc.rpm # rsync rpm -Uhv rsync-3.1.1-1.aix5.1.ppc.rpm # tar rpm -Uhv tar-1.28-1.aix5.1.ppc.rpm # zip rpm -Uhv bzip2-1.0.6-1.aix5.1.ppc.rpm rpm -Uhv unzip-6.0-2.aix5.1.ppc.rpm rpm -Uhv zip-3.0-1.aix5.1.ppc.rpm # grep - sed rpm -Uhv sed-4.2.2-1.aix5.1.ppc.rpm rpm -Uhv zlib-1.2.8-1.aix5.1.ppc.rpm rpm -Uhv readline-6.3-5.aix5.1.ppc.rpm rpm -Uhv pcre-8.36-1.aix5.1.ppc.rpm rpm -Uhv grep-2.21-1.aix5.1.ppc.rpm # vnc server rpm -Uhv libjpeg-9a-1.aix5.1.ppc.rpm rpm -Uhv tightvnc-server-1.3.10-2.aix5.1.ppc.rpm
Minimum NO (Network Options) options for gigabit ethernet:
no -p -o udp_recvspace="655360" no -p -o udp_sendspace="65536" no -p -o tcp_recvspace="262144" no -p -o tcp_sendspace="262144" no -p -o udp_pmtu_discover="0" no -p -o tcp_pmtu_discover="0" no -p -o rfc1323="1" # For linux NFS mount # nfso -p -o portcheck="1" # nfso -p -o nfs_use_reserved_ports="1"
Info:
to connect to VNC, start a session (vncserver :1) on session 1 for example, use a VNC viewer and select <IP_address>:<session_number>, or http://<IP_address>:5800+<session_number>
- Resize the filesystems with minimum /var 512M, /tmp 1G, / keep 40%free
- check paging space 2GB minimum
- Create an mksysb script, for example
#!/bin/ksh
#set -x
#@(#) script qui effectue un mksysb
#@(#) soit en local dans /mksysb
#@(#) soit en remote par mount NFS
#@(#) sur le serveur NIM
#@(#) retention de 2 versions
#@(#) ver 1.0 12-06-2006
export LANG=C
SN=`basename $0`
HN=`hostname -s`
TIME=`date`
NUM=`date +%y%m%d%H%M`
LOGPATH=/var/log
LOCAL_PATH=/mnt
LOGFILE=$LOGPATH/fullbackup.log
VERSION_EXIST=1
REMOTE_BACKUP_SERVER=nim
REMOTE_PATH=/mksysb
UMOUNT=1
VPD_USER=vpd
MAILTO="prod"
MSG="Backup failed please check $LOGFILE"
TMP_FILE=/tmp/$$
echo "########################################" >> $LOGFILE
echo `date`" : Begin of "$SN >> $LOGFILE
if [ "$VERBOSE_LOGGING" = "high" ]
then
set -x
fi
case "$1" in
local )
MKSYSB_PATH=$REMOTE_PATH
;;
remote )
MKSYSB_PATH=$LOCAL_PATH
mount $REMOTE_BACKUP_SERVER:$REMOTE_PATH $MKSYSB_PATH
if [ $? -ne 0 ]
then
echo "NFS mount failed" >> $LOGFILE
exit 1
fi
UMOUNT=0
;;
* )
echo "Usage: $0 (local | remote)"
exit 1
esac
# Remove old mksysb
NOB=`ls $MKSYSB_PATH | grep $HN | wc -l | awk '{print $1}'`
while [[ "$NOB" -ge $VERSION_EXIST ]]
do
FILE=`ls -rt $MKSYSB_PATH | grep $HN | head -1`
if [ -f $MKSYSB_PATH/$FILE ]
then
echo "Removing mksysb $FILE" >> $LOGFILE
rm -f $MKSYSB_PATH/$FILE
fi
let NOB=NOB-1
done
# make new backup
echo "Starting backup of `hostname`" >> $LOGFILE
echo "Backup of / and exclude files from /etc/exclude.rootvg" >> $LOGFILE
mksysb -e -i -X ${MKSYSB_PATH}/$HN.mksysb.$NUM >> $LOGFILE 2>&1
if [ $? -gt 0 ]
then
echo $MSG > $TMP_FILE
mailx -s "Mksysb $SN failed on AIX $HN " $MAILTO < $TMP_FILE
fi
chown $VPD_USER ${MKSYSB_PATH}/$HN.mksysb.*
echo "Mksysb size in GB" >> $LOGFILE 2>&1
du -sg ${MKSYSB_PATH}/$HN.mksysb.$NUM >> $LOGFILE 2>&1
if [ $UMOUNT -eq 0 ]
then
umount $MKSYSB_PATH
fi
echo `date`" : End of "$SN >> $LOGFILE
exit 0
- Now check also: Pre and Post upgrade or migration actions
******************************************************************************* * * * IT IS AN OFFENSE TO CONTINUE WITHOUT PROPER AUTHORIZATION. * * * * This system is for the use of authorized users only. Individuals using * * this computer system without authority, or in excess of their authority, * * are subject to having all of their activities on this system monitored and * * recorded by system personnel. In the course of monitoring individuals * * improperly using this system, or in the course of system maintenance, the * * activities of authorized users may also be monitored. Anyone using this * * system expressly consents to such monitoring and is advised that if such * * monitoring reveals possible evidence of criminal activity, system * * personnel may provide the evidence of such monitoring to law enforcement * * officials. * * * *******************************************************************************
aix/custom_aix.1609532517.txt.gz · Last modified: 2021/01/01 21:21 by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
