Command and Technical Reference, Volume 1

pmanrmdloadSDR

Purpose

pmanrmdloadSDR - Reads a pmanrmd configuration file and loads the information into the System Data Repository (SDR).

Syntax

pmanrmdloadSDR ConfigFileName

Flags

None.

Operands

ConfigFileName: Specifies a pmanrmd configuration file.

Description

The Problem Management subsystem provides 16 resource variables, named IBM.PSSP.pm.User_state1 through IBM.PSSP.pm.User_state16. These are predefined resource variables that have been set aside for system administrators to create their own resource monitors. A resource monitor that you create through Problem Management is a command that gets executed repeatedly by the pmanrmd daemon at a specific interval. The standard output from the command is supplied to the Event Management subsystem as the value for the resource variable. You can then use the pmandef command to subscribe to events for that resource variable.

The resource variable name, resource monitor command, sampling interval, and list of nodes for which the resource monitor is defined are stored in the SDR. The pmanrmdloadSDR command is used to store those definitions in the SDR.

You define your resource monitor to the pmanrmd daemon by doing the following:

Making a copy of the /spdata/sys1/pman/pmanrmd.conf sample configuration file.
Editing your copy of the configuration file. Provide the following:
- The name of the resource variable (for example, IBM.PSSP.pm.User_state1)
- The resource monitor command
- A sampling interval (in seconds)
- The nodes on which to run the resource monitor command
When typing commands in this file, be aware that the command string of the pmrmCommand line will get enclosed in single-quotes and the Korn Shell rules apply to it. Keep in mind that a single quote cannot occur within single quotes. If a command contains single quotes, each must be replaced by the four characters '\'' (single quote, backslash, single quote, single quote). For example:
```
Command="mount | awk '\''{print $3}'\'' | tail -l"
```
The marks between awk and tail are single quotes, the others are double quotes.
Loading the configuration information into the SDR by using the pmanrmdloadSDR command.
Stopping and restarting the pmanrmd daemon on the nodes that are affected by this change:
Control workstation:
```
stopsrc -s pmanrm.syspar_name
startsrc -s pmanrm.syspar_name
```
where syspar_name is the name of the system partition.
Node:
```
stopsrc -s pmanrm startsrc -s pmanrm
```

For a more complete description of Problem Management resource monitors, refer to the "Using the Problem Management subsystem" chapter in PSSP: Administration Guide

Files

/spdata/sys1/pman/pmanrmd.conf: A sample pmanrmd configuration file.

Security

You must have write access to the SDR to run this command.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Prerequisite Information

IBM RS/6000 Cluster Technology: Event Management Programming Guide and Reference

The "Using the Problem Management subsystem" chapter in PSSP: Administration Guide

Location

/usr/lpp/ssp/bin/pmanrmdloadSDR

Related Information

Commands: pmandef

pmv

Purpose

pmv - Specifies a parallel file move.

Syntax

pmv [-w - | noderange | 'hostlist args'] mv_args

Flags

The pmv command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.

-w -: Specifies that host names should be read from standard input. Host names can be in any format accepted by rsh.

Operands

noderange

Indicates a specification via "node number." The node number corresponds to the position of a node in a frame and its slots. A node number indicates frame and slot. For example, frame 1 slot 1 would be referred to by 1. Frame 2 slot 1 would be node number 17, while frame 3 slot 2 would be 34. If a node occupies more than one slot, either node number refers to that node. Node numbers can be specified as ranges such as 1-3, which would refer to frame 1 slots 1-3, or 23-29,50,2, which would refer to frame 2 slots 7-13, frame 4 slot 2, and frame 1 slot 2. This option is only valid for an SP system.

'hostlist args'

Specifies flags and arguments to be passed to the hostlist command. Hostlist allows several ways of listing hosts based on various criteria. Refer to the hostlist command.

Note:: To use the working collective file specified by the WCOLL environment variable, you must specify a null string as the first argument. Refer to the dsh command for more information about a working collective.

mv_args

Specifies arguments to the AIX rm or mv commands.

Note:: The -i is not supported (the dsh command does not support standard input to remote hosts).

Description

The pmv command issues the AIX mv command on multiple hosts. The output is formatted so that duplicate output is displayed only once. The pmv command uses dsh to execute the mv command on multiple hosts. The output of the ls commands is written to standard output and formatted. The pmv command is identical to pexec mv.

Files

working collective file: See the dsh command.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run pmv using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

|You must have access to the AIX remote commands or the secure remote |commands to run this command.

This command will automatically forward the DCE credentials if K5 is an enabled AIX authentication method and the user of the command has DCE credentials that can be forwarded. The special DCE credentials for root, called the machine or self host principal credentials, cannot be forwarded. To obtain DCE credentials that can be forwarded as a root user, a root user must issue dce_login -f.

Location

/usr/lpp/ssp/bin/pmv

Related Information

Commands: dsh, mv, pexec

Examples

To move a file from each host1, host2, and host3 to a different directory, enter:

pmv -w host1,host2,host3 /tmp/shnozzola /etc/shnozzola

ppred

Purpose

ppred - Performs a command on those hosts for which a test is satisfied.

Syntax

ppred: [-w - | noderange | 'hostlist args'] 'ksh test'
: 'true_command' ['false_command']

Flags

The ppred command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.

-w -: Specifies that host names should be read from standard input. Host names can be in any format accepted by rsh.

Operands

noderange

'hostlist args'

Specifies flags and arguments to be passed to the hostlist command. Hostlist allows several ways of listing hosts based on various criteria. Refer to the hostlist command.

Note:: To use the working collective file specified by the WCOLL environment variable, you must specify a null string as the first argument. Refer to the dsh command for more information about a working collective.

'ksh test'

ppred expects the second argument to be a quoted string in proper syntax to be evaluated via the ksh test command. This test is passed to the remote hosts and evaluated on them.

'true_command'

ppred expects the third argument to be a quoted string containing a command to be executed on the hosts for which the test is true.

'false_command'

ppred expects the fourth argument to be a quoted string containing a command to be executed on the hosts for which the test is false. This argument is optional.

Description

The ppred command performs a test on remote hosts in parallel. On each host where the test succeeds, a command is run. Optionally, a command can be specified that runs if the test is unsuccessful.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run ppred using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

|You must have access to the AIX remote commands or the secure remote |commands to run this command.

Location

/usr/lpp/ssp/bin/ppred

Related Information

Commands: dsh, hostlist, test

Examples

To verify that a file exists and is a regular file on the host occupying the first slot in each of 4 frames, enter:

ppred '-s 1-4:1' '-f /etc/passwd' 'echo \'host_name\''

pps

Purpose

pps - Specifies a parallel ps command.

Syntax

pps [-w - | noderange | 'hostlist args'] ps_args

Flags

The pps command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.

-w -: Specifies that host names should be read from standard input. Host names can be in any format accepted by rsh.

Operands

noderange

'hostlist args'

Specifies flags and arguments to be passed to the hostlist command. Hostlist allows several ways of listing hosts based on various criteria. Refer to the hostlist command.

Note:: To use the working collective file specified by the WCOLL environment variable, you must specify a null string as the first argument. Refer to the dsh command for more information about a working collective.

ps_args

Specifies arguments to the AIX ps command.

Description

The pps command uses dsh to execute the ps command on multiple hosts. The output of the ls commands is written to standard output and formatted so that distinct output is presented only once. The pps command is identical to pexec ps.

Files

working collective file: See the dsh command.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run pps using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

|You must have access to the AIX remote commands or the secure remote |commands to run this command.

Location

/usr/lpp/ssp/bin/pps

Related Information

Commands: dsh, pexec, ps

Examples

To list processes on each host1, host2, and host3 (described previously), enter:

pps -w host1,host2,host3 -ef

preparevsd

Purpose

preparevsd - Makes a virtual shared disk available.

Syntax

preparevsd {-a | vsd_name...}

Flags

-a: Specifies that all the virtual shared disks in the stopped state are to be prepared.

Operands

vsd_name: Specifies a virtual shared disk. If the virtual shared disk is not in the stopped state, you will get an error message.

Description

The preparevsd command brings the specified virtual shared disks from the stopped state to the suspended state. The virtual shared disks are made available. Open and close requests are honored, while read and write requests are held until the virtual shared disks are brought to the active state. If they are in the suspended state, this command leaves them in the suspended state.

You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:

smit vsd_mgmt

and select the Prepare a Virtual Shared Disk option.

Security

You must be in the AIX bin group to run this command.

Restrictions

If you have the Recoverable Virtual Shared Disk software installed and operational, do not use this command. The results may be unpredictable.

See PSSP: Managing Shared Disks.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/preparevsd

Related Information

Commands: cfgvsd, ctlvsd, lsvsd, resumevsd, startvsd, stopvsd, suspendvsd, ucfgvsd

Examples

To bring the virtual shared disk vsd1vg1n1 from the stopped state to the suspended state, enter:

preparevsd vsd1vg1n1

prm

Purpose

prm - Specifies a parallel file remove.

Syntax

prm [-w - | noderange | 'hostlist args'] rm_args

Flags

The prm command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.

-w -: Specifies that host names should be read from standard input. Host names can be in any format accepted by rsh.

Operands

noderange

'hostlist args'

Specifies flags and arguments to be passed to the hostlist command. Hostlist allows several ways of listing hosts based on various criteria. Refer to the hostlist command.

Note:: To use the working collective file specified by the WCOLL environment variable, you must specify a null string as the first argument. Refer to the dsh command for more information about a working collective.

rm_args

Specifies arguments to the AIX rm command.

Description

The prm command issues the AIX rm command on multiple hosts. The output is formatted so that distinct output is displayed only once. The prm command uses dsh to execute the rm command on multiple hosts. The output of the ls commands is written to standard output and formatted. The prm command is identical to pexec rm.

Files

working collective file: See the dsh command.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run prm using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

|You must have access to the AIX remote commands or the secure remote |commands to run this command.

Location

/usr/lpp/ssp/bin/prm

Related Information

Commands: dsh, rm, pexec

Examples

To remove a file from each host1, host2, and host3 (described previously), enter:

prm -w host1,host2,host3 /tmp/shnozzola

psyslclr

Purpose

psyslclr - Removes entries from syslog log files on a set of nodes.

Syntax

psyslclr: [-a] [ -d pids] [-e endtime] [-f facilities] [-g config]
: [-h] [ -l logs] [-n nodes] [-p priority]
: [-r resources] [-s startime] [ -w hosts] [-y days]

Flags

-a: Trims logs on all nodes in the system partition.
-d pids: Trims records matching the process IDs list.
-e endtime: Trims records before endtime (mmddhhmm).
-f facilities: Uses the facilities list to parse the syslog.conf file.
-g config: Uses an alternate syslog.conf file.
-h: Displays usage information.
-l logs: Trims the list of log files (the syslog.conf file is not parsed). (This is lowercase l, as in list.)
-n nodes: Trims records matching the nodes.
-p priority: Uses priority value to parse the syslog.conf file.
-r resources: Trims records from the resource list.
-s startime: Trims records created after startime (mmddhhmm).
-w hosts: Runs the command on a file or list of host names.
-y days: Trims records more than days old.

Operands

None.

Description

Use this command to delete log entries in syslogd generated log files. Options allow for selecting the files and records that are trimmed.

The arguments to options -d, -f, -l, -n, -r, and -w can be a comma-delimited or single-quoted, blank-delimited list of values. If the -l flag is used, the command will only trim records from the specified list of log file names. If the -l flag is not passed, the command will first parse the syslog configuration file (the default is /etc/syslog.conf) to select files for trimming.

The -f and -p flags can be used to control selecting files in the configuration file. All files found in the configuration file will be trimmed if the -f and -p flags are not used.

The -d, -e, -n, -r, -s, and -y flags are used to match log entries to be deleted. A record must match a value from each of the flags that are used to be trimmed. If a flag is not passed, all records match for that field. To delete all records, use the -y flag with 0 as the argument. If the -w flag begins with a slash (/), it is interpreted as a file containing a list of nodes to execute the command on; otherwise, it can be a list as described previously. If neither the -a nor the -w flags are used, the command defaults to the local node.

Note:: |The syslogd daemon is stopped during this process, so |trimming activity should be planned accordingly. The daemon is then |restarted using the default or alternate syslog configuration file. |

Files

/etc/syslog.conf: syslog daemon configuration file.
/etc/logmgt.acl: Access Control List (ACL) file for psyslclr permissions.

Security

The psyslclr command consists of a client script and a server procedure which is executed by the Sysctl facility. Sysctl performs access authorization according to the configuration of security services on the server nodes. The server uses the Sysctl aclcheck procedure for granting access which requires the caller to have a principal entry in the log management ACL: /etc/logmgt.acl. The principal must log into the appropriate authentication service prior to running this command.

Location

/usr/lpp/ssp/bin/psyslclr

Related Information

Commands: psyslrpt

Daemons: syslogd

Examples

To remove all entries older than 30 days from all syslog log files on all nodes in the local system partition, enter:
```
psyslclr -a -y 30
```
To remove all entries between April 11th and July 23rd that were logged by ftp or snmpd on node k47n10, enter:
```
psyslclr -w k47n10 -s 04110000 -e 07230000 -r ftp,snmpd
```
To remove all entries from files that may be written by user or mail facilities at a priority level of error or higher on the nodes in the /tmp/nodelist file, enter:
```
psyslclr -w /tmp/nodelist -f mail,user -p error -y 0
```

psyslrpt

Purpose

psyslrpt - Generates reports of records in syslog log files on a set of nodes.

Syntax

psyslrpt: [-a] [ -d pids] [-e endtime] [-f facilities] [-g config]
: [-h [-l logs] [-n nodes] [-p priority] [-r resources]
: [-s startime] [-w hosts]

Flags

-a: Generates the report on all nodes in the system partition.
-d pids: Reports on records matching the process IDs list.
-e endtime: Reports on records before endtime (mmddhhmm ).
-f facilities: Uses the facilities list to parse the syslog.conf file.
-g config: Specifies the use of an alternate syslog.conf file.
-h: Displays usage information.
-l logs: Reports on the list of log files (the syslog.conf file is not parsed). (This is lowercase l, as in list.)
-n nodes: Reports records matching the nodes.
-p priority: Uses priority value to parse the syslog.conf file.
-r resources: Reports records from the resource list.
-s startime: Reports records created after startime (mmddhhmm).
-w hosts: Runs the command on the file or list of host names.

Operands

None.

Description

Use this command to generate reports of log entries in syslogd generated log files. Options allow for selecting the files and records that are reported. The arguments to options -d, -f, -l, -n, -r, and -w can be a comma-delimited or single-quoted, blank-delimited list of values. If the -l flag is used, the command will report records from the specified list of log file names. If the -l flag is not passed, the command will first parse the syslog configuration file (the default is /etc/syslog.conf) to select files for reporting.

The -f and -p options can be used to control the selecting of files in the configuration file. All files found in the configuration file are reported on if the -f and -p flags are not used.

The -d, -e, -n, -r, and -s options are used to match log entries to be reported. A record must match a value from each of these flags that are used to be reported. If a flag is not passed, all records match for that field. If the -w argument begins with slash (/), it is interpreted as a file containing a list of nodes to execute the command on; otherwise, it can be a list as described previously. If neither the -a nor -w flags are used, the command defaults to the local node.

Files

/etc/syslog.conf: syslog daemon configuration file.

Security

The psyslrpt command consists of a client script and a server procedure which is executed by the Sysctl facility. Sysctl callbacks perform access authorization according to the configuration of security services on the server nodes. The server procedure uses the Sysctl AUTH callback for granting access which requires the caller to have been authenticated in accordance with the security policy of the target node or nodes.

Location

/usr/lpp/ssp/bin/psyslrpt

Related Information

Commands: psyslclr

Daemons: syslogd

The PSSP: Administration Guide

Examples

To report all entries from all syslog log files on all nodes in the local system partition starting on March 3rd, enter:
```
psyslrpt -a -s 03030000
```
To report all entries between April 11th and July 23rd that were logged by ftp or snmpd on node k47n10, enter:
```
psyslrpt -w k47n10 -s 04110000 -e 07230000 -r ftp,snmp
```
To report entries from the specific log file /var/adm/SPlogs/SPdaemon.log with process IDs 10479 or 1157 on nodes k47n12 and k47n15, enter:
```
psyslrpt -w k47n12,k47n15 -d'10479 1157' -l /var/adm/SPlogs/SPdaemon.log
```

rcmdtgt

Purpose

rcmdtgt - Obtains a Kerberos Version 4 authentication ticket for the local realm, with a maximum allowed lifetime, using the service key for the instance of the rcmd principal on the local host.

Syntax

rcmdtgt

Flags

None.

Operands

None.

Description

Use this command to obtain Kerberos Version 4 authorization with a maximum allowed lifetime, using the service key for rcmd.localhost found in the service key file at /etc/krb-srvtab. When using SP authentication services, these tickets have an unlimited lifetime. When using AFS authentication services, a maximum of 30 days is enforced.

This command is intended primarily for use in shell scripts and other batch-type facilities.

The KRBTKFILE environment variable must be used to specify the ticket cache file used by rcmdtgt to store authentication tickets.

If Kerberos Version 4 is not an active authentication method for AIX remote commands, and Compatibility is not an active authentication method for SP trusted services, this command performs no function but returns successfully.

Because the ticket obtained using this command may not expire, the user should be careful to delete the temporary ticket file.

When using /usr/lpp/ssp/rcmd/bin/rcmdtgt, remember to check that the authentication method is in fact Kerberos Version 4 before using k4destroy or /usr/lpp/ssp/kerberos/bin/kdestroy to destroy credentials. While Kerberos Version 4 may be configured, the authentication method may be superseded by DCE and you could be destroying credentials obtained by the system administrator through a Kerberos Version 4 login.

Environment Variables

KRBTKFILE: The pathname of the ticket cache file to use.

Files

/etc/krb.conf: Contains the name of the local realm.
/etc/krb-srvtab: Specifies the service key file.

Security

You must have root privilege to run this command.

Location

/usr/lpp/ssp/rcmd/bin/rcmdtgt

Related Information

Commands: k4destroy, k4init

Files: krb.conf

Refer to the "RS/6000 SP files and other technical information" section of PSSP: Command and Technical Reference for additional Kerberos information.

Examples

The following example, excerpted from the sample script.cust file, shows how rcmdtgt can be used in a shell script to perform the authentication required to use the rcp command:

# set the host name from which you will copy the file.
SERVER='cat /etc/ssp/server_host_name | cut -d" " -f1'
 
# Define a temporary ticket cache file, then get a ticket
export KRBTKFILE=/tmp/tkt.$$
/usr/lpp/ssp/rcmd/bin/rcmdtgt
#
# Perform kerberos-authenticated rcp
# rcp is linked to AIX rcp
 
rcp $SERVER:/etc/resolv.conf /etc/resolv.conf
# Remove the ticket cache file
/bin/k4destroy
unset KRBTKFILE

removehsd

Purpose

removehsd - Removes one or more hashed shared disks, the virtual shared disks associated with them, and the System Data Repository (SDR) information for virtual shared disks on the associated nodes.

Syntax

removehsd: {-v hsd_names | -a} [-f]

Flags

-v: Specifies the hashed shared disk name or names that are to be removed by this command.
-a: Specifies that the command should remove all hashed shared disks in the system or system partition.
-f: Forces the system to unconfigure the hashed shared disks and its underlying virtual shared disks and remove them. If -f is not specified and any of the virtual shared disks that constitute the hashed shared disks to be removed are configured or the hashed shared disk itself is configured, the command is unsuccessful.

Operands

None.

Description

Use this command to remove the logical volumes associated with virtual shared disks in the set of hashed shared disks. The order in which the virtual shared disks that make up the hashed shared disks and the hashed shared disks themselves are removed is the reverse of the order in which they were created.

If the virtual shared disk or hashed shared disk is configured on any of the nodes on the system partition, this command is unsuccessful, unless the -f flag is specified.

Security

You must have access to the virtual shared disk subsystem via the sysctl service to run this command.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/removehsd

Related Information

Commands: createhsd, removevsd

Examples

To unconfigure and remove the virtual shared disks associated with the hashed shared disks DATA and remove the hashed shared disk as well, type:

removehsd -d DATA -f

You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:

smit delete_vsd

and select the Remove a Hashed Shared Disk option.

removevsd

Purpose

removevsd - Removes a set of virtual shared disks that are not part of any hashed shared disk.

Syntax

removevsd: {-v vsd_names | -a} [-f]

Flags

-v: Specifies the virtual shared disk name or names that are to be removed by this command.
-a: Specifies that the command should remove all virtual shared disks in the system or system partition.
-f: Forces the system to unconfigure the virtual shared disks and remove them. If -f is not specified and any of the virtual shared disks that are to be removed are configured, the command is unsuccessful.

Operands

None.

Description

Use this command to remove the logical volumes associated with the virtual shared disks and update the backup nodes' Object Data Managers (ODMs), if any exist. The virtual shared disk information will be deleted from the System Data Repository (SDR). The removal of the virtual shared disks is done in the reverse of the order in which they were created. Volume groups are not removed with this command.

If the virtual shared disk is configured on any of the nodes on the system partition, this command is unsuccessful, unless the -f flag is specified.

Note:: This command is unsuccessful if one of the virtual shared disks named in vsd_names belongs to a hashed shared disk. To remove virtual shared disks that belong to a hashed shared disk, use removehsd.

You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:

smit delete_vsd

and select the Remove a Virtual Shared Disk option.

Security

You must have access to the virtual shared disk subsystem via the sysctl service to run this command.

Prerequisite Information

PSSP: Managing Shared Disks

Related Information

Commands: createvsd, removehsd

Location

/usr/lpp/csd/bin/removevsd

Examples

To unconfigure and remove all defined virtual shared disks in a system or system partition, enter:

removevsd -a -f

resource_center

Purpose

resource_center - Invokes the RS/6000 SP Resource Center.

Syntax

resource_center [-c] [Netscape flags ...]

Flags

-c: Forces the SP Resource Center to prompt the user for the Netscape location.
Netscape flags: Refer to Netscape documentation or run netscape -h to list available flags.

Operands

None.

Description

The RS/6000 SP Resource Center provides one single interface for all softcopy SP documentation and information resources. It consists of HTML files, Java and JavaScript, and runs in Netscape Navigator. The SP Resource Center provides access to the following RS/6000 SP information:

Publications, READMEs, Redbooks, White Papers
Up-to-date Service Information
SP Product Information (Software & Hardware)
Many other online resources useful to the RS/6000 SP user and administrator.

Upon invoking the resource_center command for the first time, a dialog box will ask you for the location of the Netscape executable that is installed on your system. Enter the full pathname to the Netscape program (for example, /usr/local/bin/netscape). This path information is stored in your $HOME/.resctr file, and you will only be prompted for it once.

The resource_center command will bring up Netscape Navigator with the top level RS/6000 SP Resource Center page loaded. There are three frames on the SP Resource Center interface. The frame on the top is the Title frame. The frame on the left is the Navigation frame. The large frame on the right is the Display frame.

The Title frame lets you access the IBM Home Page on the Internet (click on the IBM logo), go back to the top of the SP Resource Center (the "Home" link), search the contents of the SP Resource Center (the "Search" link), display an index of the SP Resource Center's contents (the "Index" link), and obtain help about the use of the SP Resource Center (the "Help" link).

The Navigation frame lets you select content to view. This frame contains categories that may be expanded and collapsed to display their sub-categories. Click on a category with a right-pointing arrow to expand the category, and click on a category with a down-pointing arrow to collapse the category. When one category is expanded, all other categories are collapsed. When a category is expanded, any of the sub-categories may be selected, and the contents are displayed in the Display frame.

Some sub-categories on the Navigation frame include a small "world" icon that indicates that the link will take you to the Internet. If you do not have an Internet connection, these links will not work. When you select a link to the Internet, a new Netscape window appears. This ensures that the SP Resource Center Title and Navigation frames do not get in the way of the Internet Web page.

The Display frame is used to display all local information. When a non-Internet link is selected from the Navigation frame, the resulting information is displayed in the Display frame.

To quit the SP Resource Center, exit Netscape Navigator.

Environment Variables

The NETSCAPE environment variable is used (if set) to specify the pathname to the Netscape Navigator Web browser that will be used to display the RS/6000 SP Resource Center.

Files

$HOME/.resctr: Stores the pathname to Netscape Navigator for each user.

Restrictions

If your machine does not have a connection to the Internet, some of the SP Resource Center's hyperlinks will not function.

Web pages on the Internet that the SP Resource Center points to may not be available due to the dynamic nature of the Web.

Prerequisite Information

Netscape Navigator version 4 or later is required to run this command. The first time each user invokes the resource_center command, the pathname to the Netscape program is stored in $HOME/.resctr.

If online publications are installed on the system, the SP Resource Center will use the local copies, otherwise it will look on the Web for the online publications.

Location

/usr/lpp/ssp/bin/resource_center

Examples

To invoke the RS/6000 SP Resource Center, enter:

resource_center

This example assumes the directory /usr/lpp/ssp/bin is in your path.

resumevsd

Purpose

resumevsd - Activates an available virtual shared disk.

Syntax

resumevsd [-p | -b | -l server_list] {-a | vsd_name ...}

Flags

-p

Specifies that the primary server node defined for the global volume group is to be the active server. The -p flag is not valid for CVSD.

-b

Specifies that the secondary server node defined for the global volume group is to be the active server. The -b flag is not valid for CVSD.

Note:: This flag is used only by the Recoverable Virtual Shared Disk subsystem.

-a

Specifies that all the virtual shared disks that have been defined are to be resumed.

-l

Passes the server_list to the driver.

Operands

vsd_name: Specifies a virtual shared disk.

Description

The resumevsd command brings the specified virtual shared disks from the suspended state to the active state. The virtual shared disks remains available. Read and write requests which had been held while the virtual shared disk was in the suspended state are resumed.

You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:

smit vsd_mgmt

and select the Resume a Virtual Shared Disk option.

Security

You must be in the AIX bin group to run this command.

Restrictions

If you have the Recoverable Virtual Shared Disk software installed and operational, do not use this command. The results may be unpredictable.
See PSSP: Managing Shared Disks
The -b flag is used only by the Recoverable Virtual Shared Disk subsystem.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/resumevsd

Related Information

Commands: cfgvsd, ctlvsd, lsvsd, preparevsd, startvsd, stopvsd, suspendvsd, ucfgvsd

Examples

To bring the virtual shared disk vsd1vg1n1 from the suspended state to the active state, enter:

resumevsd vsd1vg1n1

rm_spsec

|Purpose

|rm_spsec - Unconfigures all service principals and keyfiles |on a per node basis. | |

Syntax

|rm_spsec [-h] |[-v] [-r {SP|WS} |[-c]] -t {local|admin} |[-p] [dce_hostname]

Flags

-h

Prints command syntax to standard output.

-v

Prints progress messages to standard output. |

|-r {SP|WS}

|Specifies that the command is being run remotely from the machine being |configured. Valid values are SP or WS. Use |SP to state the target machine is an RS/6000 SP. Use |WS to specify that the target machine is a standalone workstation |(for example, not an RS/6000 SP). If you specify -r, you |must also specify a dce_hostname. The -r flag |is optional. If specified, it must be used with the -t |admin flag. |

|-c

|Specifies that the target dce_hostname is a control |workstation. The -c flag is used with the |-r flag. |

|-t {admin|local}

|admin: |Removes from the DCE registry all SP Trusted Services principals, |accounts, and rpc entries for the specified DCE host name.
|local: |Removes local keyfiles and keytab objects for the local host. |

|-p

|Specifies that the host name parameter is a system partition |name.

Operands

|dce_hostname: |This operand is optional. It is required with -t |admin and the -r flag. The -p flag |signifies that this parameter is to be interpreted as a system partition |name; otherwise it is interpreted as a DCE host name of the control |workstation, node, or standalone workstation being unconfigured.

Description

The rm_spsec command reads from two files, a default file (/usr/lpp/ssp/config/spsec_defaults) and an override file (/spdata/sys1/spsec/spsec_overrides). The two types of configuration removal are admin and local.

The local version of this command must be executed on the host which is to have its definition and use of SP Security Services removed from DCE registry, and must be run prior to running the admin version of the command.

Issuing rm_spsec -t local will delete keytab objects for the current host. Removing keytab objects also removes the keyfiles from the /spdata/sys1/keyfiles directory. The sysctl ACL files will be deleted from the /var/sysctl directory. If this command is run on the control workstation and local is used, the hardmon ACL files will be deleted from the /spdata/sys1/spmon/hmdceacls directory.

The admin version of this command requires cell administration authority and access to the DCE registry. When -t admin is specified, all SP Trusted Services principals (including their entries in any groups and organizations), accounts, rpc entries (including their directories) for the specified DCE host name are removed from the DCE registry.

The -p flag specifies a system partition name for either local or admin. For local, the command must be run on the control workstation because that is where the partition sensitive keyfiles reside).

For syntax errors within either of the input files, an error message is issued and logged and processing halts. All errors are logged to the |/var/adm/SPlogs/auth_install/log and printed to standard output.

|For remote execution, use the -r flag. This |allows an administrator to run this command from another machine on behalf of |a remote SP or standalone workstation. When -r SP is |specified, the SP_NAME environment variable must be set to the short host name |of the SDR daemon on the SP being unconfigured. When -r |WS is specified, the SP_NAME environment variable can specify the short |host name of any working SDR.

|This command requires that the host be previously configured using |the DCE database. (See the config_spsec command.) |Additionally, since this command depends on the two input files listed in the |"Files" section, the administrator must ensure that these files are copied |from the SP control workstation, as that is the location for the master copies |to the local machine. If the remote host name is a control workstation, |in order to remove all principals associated with the control workstation, the |-c flag must be used in conjunction with the -r |flag.

Notes:

|With the exception of non-SP workstations, the SDR must be |configured and running.
Deletion of data from the CDS is a destructive and nonretrievable process. Prior to running this command, IBM suggests backing up any relevant DCE databases.

Files

input:: /usr/lpp/ssp/config/spsec_defaults
/spdata/sys1/spsec/spsec_overrides |
|output:: |Log file created: /var/adm/SPlogs/auth_install/log
|CDS registry and Security Server database updated

Exit Values

0: Indicates successful completion of the command.
1: Indicates that errors occurred during the execution of this program. Review any reported errors either on the console or in the Log file.
Information pertaining to the specific workstation's service principals and account information may remain in the Security registry and the associated keyfiles may remain on the system.

Security

You must have DCE cell administrator authority for removal of admin configuration, and root authority for removal of local configuration.

Location

/usr/lpp/ssp/bin/rm_spsec

Related Information

Commands: config_spsec, create_keyfiles

DCE Administration publications for AIX

Examples

|To remove keytab objects for a specified host or to unconfigure SP |Trusted Services for a specified host on the host being unconfigured, |enter:
```
|rm_spsec -v -t local
```
|Then on the control workstation, log into the DCE cell with an ID that |has cell administration authority, and enter:
```
|rm_spsec -v -t admin mySPnode.abc.com
```
|To remove keytab objects and keyfiles for partition named "mySPlp" |as root user on the control workstation of the partitioned SP, enter:
```
|rm_spsec -v -t local -p mySPlp
```
|Issue the following series of commands to first unconfigure a remote |SP node's Trusted Service principals and accounts, and then to |unconfigure the control workstation:
```
|export SP_NAME=mySPcws
|rm_spsec -v -t admin -c -r SP mySPnode.abc.com
|rm_spsec -v -t admin -c -r SP mySPcws.abc.com
```

rmkp

Purpose

rmkp - Removes Kerberos Version 4 principals.

Syntax

rmkp -h

rmkp [-n] [-v] {name[.instance]|name.|.instance} ...

Flags

-h: Displays usage information.
-n: Suppresses prompting for confirmation.
-v: Specifies verbose mode (displays informational messages).

Operands

{name[.instance]|name.|.instance} ...

Identifies specific principals to remove. When the command is invoked interactively (without the -n flag and not through Sysctl), you can use special notation to select all principals with a particular name or instance that you want to remove. Specify name. to remove all principals with a specific name or .instance to remove all principals with a specific instance.

Note:: The name must be followed by a period and the instance must be preceded by a period.

Description

Use this command to remove principals from the local Kerberos Version 4 database. You will be prompted to confirm each deletion prior to its execution. This command will not remove any of the four principals that were predefined by Kerberos Version 4 when the database was created. Deleted entries are saved in the /var/kerberos/database/rmkp.save.<PID> file, in the readable ASCII format produced by the kdb_util dump command. The rmkp command should normally be used only on the primary server. If there are secondary authentication servers, the push-kprop command is invoked to propagate the change to the other servers. The command can be used to update a secondary server's database, but the changes may be negated by a subsequent update from the primary.

Files

/var/kerberos/database/admin_acl.add: Access control list for kadmin, mkkp, and rmkp.
/var/kerberos/database/principal.*: Kerberos database files.
/var/kerberos/database/rmkp.save.<pid>: File containing removed Kerberos database entries.

Standard Output

When the -v option is omitted, only the prompt for confirmation is written to standard output. When the -v flag is specified, the disposition of each selected principal is indicated by a message, and the name of the file containing the removed entries is printed. The -v flag has no effect on error messages written to standard error.

Exit Values

0

Indicates the successful completion of the command. At least one principal was found that matched the specified names. Whether or not any were removed depends on the responses you entered when prompted. If you entered a principal that does not exist, or if you entered an operand of the form name. or .instance in noninteractive mode, a message is written to standard error and processing continues with any remaining principals.

1

Indicates that an error occurred and no principal was removed. One of the following conditions was detected:

The command was incorrectly specified with no operand or a flag that is not valid.
No principal was found matching the names specified.
The host on which the command was issued is not an authentication server.
The database was changed by another process while this command was executing.
The kdb_util command was unsuccessful.

Security

You must have root privilege and be logged on to a Kerberos Version 4 server host. It can be invoked indirectly as a Sysctl procedure by a Kerberos database administrator who has a valid ticket and is listed in the admin_acl.add file.

Restrictions

When you execute the rmkp command through the Sysctl procedure of the same name, the -n flag is added to your command invocation. This is required because Sysctl does not provide an interactive environment that supports prompting for confirmation. Suppressing confirmation increases the risk of unintentionally removing the wrong principal. In this mode, each principal to be removed must be named explicitly; selection of multiple principals by name or instance alone is not allowed. Since nonroot Kerberos administrators can execute this command only through Sysctl, you must be root on the server to use the special notation for selecting multiple principals.

Location

/usr/kerberos/etc/rmkp

Related Information

Commands: chkp, kadmin , kdb_util, lskp, mkkp , sysctl

Examples

To remove Kerberos principal tempuser, enter:
```
rmkp tempuser
```
You should receive a prompt similar to the following:
```
Confirm removal of principal tempuser? (y or n): y
```

To remove (be given the option to remove) all instances of joe, frank, and the rcmd service principal with instance node 25tr, enter:

rmkp -v joe. frank rcmd.node25tr

You should receive prompts similar to the following:

Confirm removal of principal joe? (y or n): n
joe was not removed
 
Confirm removal of principal joe.admin? (y or n): y
joe.admin was removed
 
Confirm removal of principal frank? (y or n): y
frank was removed
 
Confirm removal of principal rcmd.node25tr? (y or n): y
rcmd.node25tr was removed
Removed entries were saved in /var/kerberos/database/rmkp.save.7942

rvsdrestrict

Purpose

rvsdrestrict - Displays and sets which level of the IBM Recoverable Virtual Shared Disk software is to run when you have a system partition with mixed levels of the PSSP or IBM Recoverable Virtual Shared Disk software.

Syntax

|rvsdrestrict: |{-l | -s RVSD2.1 | |RVSD3.1 | RVSD3.2 | |RVSD3.2.04 | RVSD3.3 |
|: |RVSD3.4 | RESET}} |

Flags

-l: Lists the current rvsd subsystem run level as recorded in the SDR. |
|-s: |Sets the rvsd subsystem run level to RVSD 2.1 or RVSD 3.1 in |the SDR, or resets the rvsd subsystem run level.

Operands

None.

Description

The rvsdrestrict command is used to restrict the level that the IBM Recoverable Virtual Shared Disk software will run at. This command must be used when in a system partition with mixed levels of PSSP and or mixed levels of the IBM Recoverable Virtual Shared Disk software. If a node has a lower level of the IBM Recoverable Virtual Shared Disk software installed than what is set with this command, then the rvsd subsystem will not start on that node.

This command does not dynamically change rvsd subsystem run levels across the SP. An rvsd subsystem instance will only react to this information after being restarted. Thus, if your cluster runs at a given level, and you want to override this level you must stop rvsd subsystem on all nodes, override the level, and restart.

Standard Output

Current rvsd subsystem run level as recorded in the SDR.

Security

You must be in the AIX bin group and have write access to the SDR to run this command.

Location

/usr/lpp/csd/bin/rvsdrestrict

Examples

|If you had nodes with RVSD2.1 and RVSD3.1 in the same |system partition and you wanted them both to run and coexist, you would |issue:
```
|rvsdrestrict -s RVSD2.1
```
|This will force all the rvsd subsystems to run at the functionality level |of RVSD2.1.
|If you had nodes with RVSD2.1 and RVSD3.1 in the same |system partition, but you only wanted the rvsd subsystem to start on nodes |that were capable of running RVSD3.1, you would issue:
```
|rvsdrestrict -s RVSD3.1
```

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]