Hubba's Blog

Category Archives | Automation | HowTo | Packaging (RPM) | Shell Scripting | System - AIX | System - Apple / OSX | System - Linux | System - Solaris | System - Windows | Virtualization |

Date Archives | June 2025 | February 2025 | December 2024 | March 2024 | February 2024 | December 2023 | August 2023 | June 2023 | March 2023 | October 2022 | June 2022 | November 2020 | March 2012 | December 2011 | October 2011 | September 2011 | December 2010 | July 2010 | June 2010 |

RSS Feed

EXIT

Archive for the System - AIX category

AIX 7.1 to 7.2 upgrade

Posted on Wed, Mar 13, 2024 at 15:23 by Hubertus A. Haniel

Note: This guide is not aimed as a step by step command reference as systems may be configured in different way - It is more of a reminder of the steps that are involved and it is still a work in progress guide.

One should familiarize themselves with the following articles:

• The AIX migration guide
• Best Practice: Migrating to AIX 7.2

The assumption is that we are working on an AIX server where rootvg is mirrored across hdisk0 and hdisk1. Just to ensure that the boot partitions are up to date it is advisable to execute "bosboot -ad /dev/hdisk0" and the same for hdisk1.

It should be ensured that we have an up to date mksysb or we should create one preferably on a NIM server that we can boot of and recover this image.

We will now have to break the rootvg mirror using "unmirrorvg rootvg hdisk1" which will now free up hdisk1.

Now we can use "alt_disk_copy -d hdisk1" to create an alternative rootdisk copy which is NOT a mirror but a copy in itself. - This will create a copy and set hdisk1 as a bootdisk.

After the copy has completed we can reboot the server and we should now see that hdisk1 has become the active rootvg and hdisk0 is in a volume group called old_rootvg.

While running on this rootvg copy we should upgrade any components that may need to be upgraded as a pre requisite to AIX 7.2 eg Veritas Filesystems if they are in use.

To do the migration to 7.2 we need to boot of the 7.2 boot media from NIM or CD/DVD and the NIM server may need to be prepped for that by adding the NIM client for a bos_install.

Once we are successfully booting of the media (remember the LED lights so you can see the process) we should be prompted on the console to press 1 to recognise that we are on the correct console. We may also be prompted for a language selection.

We should then be dropped into the install menu which by default should have chosen "Migration" rather then "Full install" - This can be checked in the advanced install configuration menu and one should also make sure that the correct disk is selected which in our case should be hdisk1 but the default may go for hdisk0 which we do not want to touch.

After the migration the server should then boot into AIX 7.2 on hdisk1 and once we have confirmed that everything is OK we can remove old_rootvg and fully remirror the disks not forgetting bosboot on all mirrors to make sure the boot sector is populated.

Edited on: Wed, Mar 13, 2024 15:55

Posted in HowTo (RSS), System - AIX (RSS)

SSH troubleshooting

Posted on Fri, Feb 16, 2024 at 11:40 by Hubertus A. Haniel

When SSH issues are reported it is all to tempting to jump on a box make changes to the config file to fix the suspected issues and restarting sshd.

This may not always be the best way because:

• Error messages in syslog may be misleading as it is difficult to track down an individual session and debug messages may be filtered out in syslog
• On a busy system other users that still work may get disconnected/locked out while the problem is being worked on
• In the worst case you will get disconnected and will not get back into the system other than via the console

The way to avoid this is to start ssh with the "-d" option which will start sshd in debugging mode and it will listen for one session only. If required multiple -dd (up to three) can be specified to increase the debugging level. Obviously the running ssh session is already listening on port 22 so we do not interfere with that so we need to specify a different port to listen on that is not in use with the -p option. For security reasons build into sshd you must run sshd with the full path of where it is installed.

# /usr/sbin/sshd -ddd -p 2222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 595
debug2: parse_server_config: config /etc/ssh/sshd_config len 595
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:82 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:96 setting UsePAM yes
debug3: /etc/ssh/sshd_config:99 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:108 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:131 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:138 setting PermitRootLogin without-password
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.

Now the user can connect to that port with something like "ssh -p 2222 user@host" which will then give us detailed information of what is happening with that connection.

To make changes to the config file and to debug/test these changes it is best to make a copy of the existing config file and edit this file instead so we copy the config with something like:

# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.TEST

Then we can start a session using this config file with:

# /usr/sbin/sshd -ddd -p 2222 -f /etc/ssh/sshd_config.TEST
debug2: load_server_config: filename /etc/ssh/sshd_config.TEST

Once confident that our changes are safe and they will not break anything else we can copy the changes to the real config file and restart the main ssh daemon on the system.

Edited on: Fri, Feb 16, 2024 12:36

Posted in HowTo (RSS), System - AIX (RSS), System - Linux (RSS), System - Solaris (RSS)

How to recover the hscroot password on an HMC

Posted on Sat, Dec 02, 2023 at 15:01 by Hubertus A. Haniel

We recently where locked out of an old HMC that is no longer supported but had problems with an LPAR attached to it which we are trying to get rid off so IBM where not very helpful to get us into it so I found the below procedure somewhere on the internet and now tested it on V7R7.9.0 before I will do on the real system by installing the HMC code on a VMware system - for that some hacks that are described at http://omnitech.net/reference/2013/05/01/installing-hmc-in-virtualbox/ where necessary I have lost the link to the procedure below so I am putting it here in case somebody else needs it. I did not actually have to follow the full procedure as init=/bin/rcpwsh prompted me to change the hscroot password rather than dropping me into a shell and then continued to fully boot at which stage I could just could log straight back in.

Anybody familiar with Linux will probably be familar with this procedure as it works on most linux distributions with init=/bin/bash. In case of the HMC I just was not sure how locked down these devices where and would I be challanged with encrypted filesystems and stuff like that....

Here we go:

1) Power off the HMC.

2) Power on the HMC, and as soon as the Loading grub message is displayed

quickly press the F1 key to get into grub.

The Grub menu will show one line with the text hmc.

3) On the Grub menu, select e for edit. The next GRUB screen is displayed with two lines:

root (hd0,0)

kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off

Note: The root device can vary by model: hda2 C03, C04, CR2, and hdc2 for CR3.

4) Move the cursor down to the line starting with kernel. Select e for edit.

Move the cursor to the right and append the following to the end of the string:

V5.1.0 to V6.1.1: init=/bin/bash

V6.1.2 and later: init=/bin/rcpwsh

The final string will vary slightly by version and model:

kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off init=/bin/rcpwsh

Press the Enter key to save the changes.

5) Press b to boot the changed selection.

This will boot to a bash shell on older HMC's - On newer HMC's this willl prompt you for a new hscroot password after the kernel is loaded and after changing the password it will continue to boot so you can skip the next steps until step 9. You may want to choose a simple password as the keyboard mapping may not match your locale if you are outside the US.

6) Verify root is mounted read/write. If not you may need to rmount it with

mount -o remount,rw /dev/hda2 /

Note: The root device can vary by model: hda2 C03, C04; hdc2 for CR2,CR3; sda2 for CR4.

7) Reset root and hscroot passwords. Run the following commands to reset the passwords. The command will prompt the user to enter the new password and a confirmation password. Any warning concerning the password being too simplistic can be ignored.

Reset root password:

/usr/bin/passwd

Reset hscroot password:

/usr/bin/passwd hscroot

8.) Reboot the HMC (left ctl+left alt+del).

9) Log on as hscroot.

10) Immediately after logon, use the Web-based System Manager (HMC GUI) or the chhmcusr

Edited on: Wed, Mar 13, 2024 15:56

Posted in HowTo (RSS), System - AIX (RSS)

Colour output in your scripts

Posted on Wed, Aug 02, 2023 at 13:03 by Hubertus A. Haniel

On Linux I have been using tput to produce colours in my output but then I noticed the other day that this does not actually seem to work on Solaris but I am not sure why so I had to resort to the old fashioned way of using escape sequences. This works perfectly fine in Linux:

#!/bin/bash
GREEN=$(tput setaf 2)
RED=$(tput setaf 1)
YELLOW=$(tput setaf 3)
NOCOL=$(tput sgr0)

echo "This works in Linux...."
echo "This is ${GREEN} Green${NOCOL} in Green"
echo "This is ${RED} Red${NOCOL} in Red"
echo "This is ${YELLOW} Yellow${NOCOL} in Yellow"
echo ""

So on Solaris this would be done like this (And this also works on Linux):

#!/bin/bash
GREEN="\033[0;32m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
NOCOL="\033[0m"

echo "This works in Linux and Solaris...."
echo -e "This is ${GREEN} Green${NOCOL} in Green"
echo -e "This is ${RED} Red${NOCOL} in Red"
echo -e "This is ${YELLOW} Yellow${NOCOL} in Yellow"

So I guess I am going to have to stick to the second method to make my stuff work across platforms - From the script bits above you can see that a font effect is turned on with a code and you will have you will have to use a reset code "\033[0m" to turn it back off. The \033 ANSI escape sequence has a lot of codes to go in hand with it to do all sort of clever effects.

    echo -e "\033[31;1;4mHello\033[0m"

This example above has a comma separated list of codes so you got 31 for red, 1 for bold and 4 for underline and all this is cleared again with 0

This is a table that lists all the effect codes:

Code	Effect	Note
0	Reset / Normal	all attributes off
1	Bold or increased intensity
2	Faint (decreased intensity)	Not widely supported.
3	Italic	Not widely supported. Sometimes treated as inverse.
4	Underline
5	Slow Blink	less than 150 per minute
6	Rapid Blink	MS-DOS ANSI.SYS; 150+ per minute; not widely supported
7	[[reverse video]]	swap foreground and background colors
8	Conceal	Not widely supported.
9	Crossed-out	Characters legible, but marked for deletion. Not widely supported.
10	Primary(default) font
11–19	Alternate font	Select alternate font n-10
20	Fraktur	hardly ever supported
21	Bold off or Double Underline	Bold off not widely supported; double underline hardly ever supported.
22	Normal color or intensity	Neither bold nor faint
23	Not italic, not Fraktur
24	Underline off	Not singly or doubly underlined
25	Blink off
27	Inverse off
28	Reveal	conceal off
29	Not crossed out
30–37	Set foreground color	See color table below
38	Set foreground color	Next arguments are 5;<n> or 2;<r>;<g>;<b>, see below
39	Default foreground color	implementation defined (according to standard)
40–47	Set background color	See color table below
48	Set background color	Next arguments are 5;<n> or 2;<r>;<g>;<b>, see below
49	Default background color	implementation defined (according to standard)
51	Framed
52	Encircled
53	Overlined
54	Not framed or encircled
55	Not overlined
60	ideogram underline	hardly ever supported
61	ideogram double underline	hardly ever supported
62	ideogram overline	hardly ever supported
63	ideogram double overline	hardly ever supported
64	ideogram stress marking	hardly ever supported
65	ideogram attributes off	reset the effects of all of 60-64
90–97	Set bright foreground color	aixterm (not in standard)
100–107	Set bright background color	aixterm (not in standard)

The table below lists the basic 8bit color table which should be sufficient for most cases - there are plenty of other sources to give you 256 colours but in most cases that would not be required

Edited on: Thu, Dec 05, 2024 16:29

Posted in HowTo (RSS), Shell Scripting (RSS), System - AIX (RSS), System - Linux (RSS), System - Solaris (RSS)

AIX for System Administrators

Posted on Thu, Jun 08, 2023 at 10:50 by Hubertus A. Haniel

While searching for some specific information on AIX today I came across a really good site which I thought I bookmark here as it contains lots of useful information: - https://aix4admins.blogspot.com/

I hope it will help others as well.

Edited on: Wed, Aug 02, 2023 14:33

Posted in HowTo (RSS), System - AIX (RSS)

AIX - Get the serial number of the system.

Posted on Fri, Oct 28, 2022 at 11:55 by Hubertus A. Haniel

On AIX the serial number of the system can be retrieved multible ways. - "lsconf | head" will get you the serial number and you can grep it out of that output but actually this is quite an expensive call to make if you are doing this across a large estate to populate your inventory database. lsconf will actually go down and probe the hardware for things and will be quite in efficiant.

The serial number is actually stored on the local filesystem in the ODM which is the system registry for an AIX system and it is much more efficient to retrieve it from there using "odmget CuAt | grep -p systemid"

Posted in HowTo (RSS), System - AIX (RSS)

What HMC is managing an LPAR?

Posted on Tue, Oct 25, 2022 at 11:41 by Hubertus A. Haniel

Trying to work out what HMC is managing an LPAR? - Simple command that I always forget!

This is to work out what the HMC is that is managing an LPAR from AIX on the actual LPAR.

The command you are looking for is "lsrsrc IBM.MCP".

- Note the above command is lsrsrc NOT lssrc!

This will return a bunch of information - The bits you are looking for is "KeyToken" which is the HMC hostname and "HMCIPAddr" which is the public IP address of the HMC. "HMCAddIPs" is the private IP that is talking to the pSeries frame.

There may more than one resource listing these if there are two HMC's that are connected.

Edited on: Wed, Jun 04, 2025 11:42

Posted in System - AIX (RSS), Virtualization (RSS)

function cleanexit {} - Clean your shit!

Posted on Mon, Jun 20, 2022 at 11:42 by Hubertus A. Haniel

When writing shell scripts in bash that create temporary files I prefer to stick a clean exit function at the top of the script that runs the clean up no matter how the script exits - this should even remove files when the script got interrupted:

	function cleanexit
	{
		rm -f /var/tmp/tmpfile
	}
	trap cleanexit INT QUIT TERM EXIT

Let me know if you have a better idea!

Edited on: Wed, Aug 02, 2023 14:36

Posted in HowTo (RSS), Shell Scripting (RSS), System - AIX (RSS), System - Linux (RSS), System - Solaris (RSS)

Welcome - Notes from a Linux/Unix Engineer

Posted on Tue, Jun 01, 2010 at 11:11 by Hubertus A. Haniel

I used to collect notes documents and HOWTO's at http://www.rootunix.org  which are now archived at http://www.unixcook.com/old-unix-docs/  as it was difficult to maintain and I got lazy with it. I have come across a cross-platform blog software called Thingamablog   which is written in Java so it works on Windows and Unix and I am hoping that it will enable me to publish useful notes at a quicker pace with not a lot of messing around.

We will see how successful that will be....

Posted in Automation (RSS), HowTo (RSS), Packaging (RPM) (RSS), Shell Scripting (RSS), System - AIX (RSS), System - Apple / OSX (RSS), System - Linux (RSS), System - Solaris (RSS), System - Windows (RSS), Virtualization (RSS)