Command and Technical Reference, Volume 2

spacs_cntrl

Purpose

spacs_cntrl - Controls interactive access to SP nodes.

Syntax

spacs_cntrl: [-v -s] [-a] [-d] [-h] [-l] [-f file_name] [ -n netgroup_name]
: {allow | block | deny | unblock} user_name ...

Flags

-d

Specifies debugging mode. Displays additional messages, when available, to trace program flow and system errors.

-f file_name

Specifies the name of a file in which the user names to be allowed or denied access are listed in a column. If no user names are specified on the command line invocation, the -f flag must be the last one used.

-h

Displays the usage message when present on the command line.

-l

Specifies log messages. This flag logs messages to the /var/adm/SPlogs/spacs/spacs.log file. Included are all messages regarding user states that are be displayed if the -v flag is specified, as well as any debug messages if -d is specified. (This is lowercase l, as in list.)

-s

Specifies suppress mode. No error messages displayed. If -l is specified, error messages are sent to log file. |

|-a

|Specifies allow count only mode. In this mode, an allow count is |kept, but a deny count is not. If more deny directives than allow |directives come in, the extra deny directives are discarded, and the next |allow directive will always grant access. This differs from the default |behavior, which keeps track of all deny directives regardless of when they are |received, and will only grant access on an allow directive if there are no |outstanding deny directives.

-v

Specifies verbose mode. A message is displayed for each user, containing the date, time and state of the user. User states resulting from this command include:

Access was removed

Access was allowed

Access removed, user allowed

Access removed, user denied

Access allowed, user allowed

Access allowed, user denied

User name is not valid or is root.

-n netgroup_name

Accepts one NIS netgroup name of a netgroup that contains user names in the user field. Netgroups embedded in a given netgroup name is resolved.

allow

Used by job submission systems. Requests that interactive access be granted to run a parallel job. Result depends on user state.

block

Used by root user to set user state to a known denied state and remove user state information used by job submission systems.

deny

Used by job submission systems. Requests that interactive access be denied after running parallel job. Result depends on user state.

unblock

Used by root user to set user state to a known allowed state and remove user state information used by job submission systems.

Operands

user_name: Specifies the user name for which access is to be allowed or denied. Delineate with a blank space if specifying more than one user name. Any user names listed on the command line must follow all flags, including the -f file_name flag.

Description

The following types of access can be disallowed when spacs_cntrl block or deny is used:

login

rlogin

AIX rsh

AIX rcp

AIX rexec

The spacs_cntrl command does not allow individual types of access to be disallowed.

Duplicate user names are removed from the user list whether entered from the command line or in a file.

If you add a new user to a node for which all users are denied, you must reissue spacs_cntrl to deny the new user as well.

Flags and Logging

Flags specified in combination have the following results:

None: Error messages go to standard output.
-l: Error messages got to standard output and are logged.
-l -s: Error messages go to log only.
-s: Error messages suppressed.
-l -d -v -s: All messages go to log only.
-d -v -s: Messages suppressed.
-d -l: Debug and error messages go to standard output and log.

Use of the verbose flag (-v) causes the command to run longer due to extra processing required to find state information.

Security

You must have root privilege to run this command.

Location

/usr/lpp/ssp/bin/spacs_cntrl

Examples

To block a single user (Betty) on a single parallel node, on that node enter:
```
spacs_cntrl block betty
```
To block users on multiple nodes, enter:
1. Create the block_usr_sample file after adjusting threshold uid.
2. Send file to all nodes in the current system partition. Note this example would require rsh privileges on the nodes.
```
dsh -a rcp  root@mynode:/tmp/usr.input /tmp/usr.input
```
3. Issue the spacs_cntrl command to block users to all the nodes in the current system partition.
```
dsh -a spacs_cntrl -f /tmp/ usr.input block
```

|spadaptr_loc

|Purpose

|spadaptr_loc - Obtains the physical location codes for |SP-configurable adapters. | |

|Syntax

|spadaptr_loc: |[-h] {start_frame start_slot |{node_count | rest} |
|: |-N node_group | -l |node_list} |

|Flags

|-h: |Displays usage information.
|-l node_list: |Specifies a list of nodes to be used for this operation. Either |specify a comma-delimited list of node numbers, or a file containing one line |of data which is a comma-delimited list of node numbers. The file can |also contain comment lines (preceded by a #) and lines that are all white |space. If you use the node_list field, do not use the |start_frame, start_slot, or node_count |fields. This is the lowercase l, as in list.
|-N node_group: |Specifies a node group to be used for this operation. This node |group must be bound to the current system partition.
|rest: |Indicates that, beginning with the node determined by start_frame |and start_slot, all the rest of the nodes should be used for this |operation. |

|Operands

|start_frame

|Specifies the frame number of the first node to be used for this |operation. Specify a value between 1 and 128 inclusive.

|start_slot

|Specifies the slot number of the first node to be used for this |operation. Specify a value between 1 and 16 inclusive.

|Note:: The start_frame and start_slot must resolve to a node in |the current system partition. |

|node_count

|Specifies the number of nodes to be used for this operation. The |node information is added for successive nodes within a frame. If the |count of nodes causes the nodes in a frame to be exhausted the operation |continues in the next sequential frame. Specify a value between 1 and |512 inclusive.

|Note:: The node_count is considered to be within the current system |partition. |

|Description

|Use this command to obtain the physical location codes of SP-configurable |adapters installed on the specified nodes. This command also returns |the hardware Ethernet addresses for all Ethernet adapters.

|Use this command only at installation or when adding new frames or |nodes. The spframe command must be run before this command so |that frame information is already in the System Data Repository (SDR).

|Notes:

|The nodes should be physically powered on (but logically powered off) when |you run this command.
|The LEDs change values while this command is running.
|You should not have a tty open to any of the nodes to be used for this |command.
|This command takes a few minutes to run since it must boot each node to |the Open Firmware prompt in order to perform the operation. The |physical location codes are obtained from the nodes in parallel.
|Any nodes specified will be powered off to acquire the adapter physical |location codes. The nodes remain in the powered off state, even after |the data is returned.
|To avoid possible file system damage, you should always shut down a node |cleanly before powering it off. You can do this by using the |cshutdown command.
|Redirect the output of this command to a file to store the results for |future use. The physical location codes can be used to identify |adapters to the spadaptrs command. The hardware Ethernet |addresses for the |SP Ethernet administrative local area network (LAN) adapters can be placed in the /etc/bootptab.info |file to speed the processing of the sphrdwrad command. |

|You can use the System Management Interface Tool (SMIT) to run the |spadaptr_loc command. To use SMIT, enter:

|smit node_data

|and select the Get Adapter Physical Location Information |option.

|Standard Output

|This command writes informational messages to standard output.

|Standard Error

|This command writes all error messages to standard error.

|Exit Values

|0: |Indicates successful completion of the command.
|1: |Indicates that an error occurred. |

|Security

|You must have root privilege to run this command.

|Restrictions

|The spadaptr_loc command can only be run on the control |workstation.

|Implementation Specifics

|This command is part of the IBM Parallel System Support Programs (PSSP) |Licensed Program (LP) (file set ssp.basic).

|Location

|/usr/lpp/ssp/bin/spadaptr_loc

|Examples

|To obtain the physical location codes of the adapters in four |logical partitions (LPARs) of an IBM pSeries 690 server attached |as frame 2, enter:

|spadaptr_loc 2 1 4

|You should receive output similar to the following:

|Acquiring adapter physical location codes for node 17
|Acquiring adapter physical location codes for node 18
|Acquiring adapter physical location codes for node 19
|Acquiring adapter physical location codes for node 20
|node# adapter_type physical_location_code MAC_address
|----- ------------ ---------------------- ------------
|   17 Ethernet     U1.9-P1-I1/E1          006094E95688
|   18 Ethernet     U1.9-P1-I2/E1          006094E91659
|   19 Ethernet     U1.9-P1-I3/E1          006094E97F1D
|   20 Ethernet     U1.9-P1-I4/E1          006094E97AC4

spadaptrs

Purpose

spadaptrs - Enters configuration data for an additional adapter for a node or series of nodes in the System Data Repository (SDR).

Syntax

|spadaptrs: |[-s {yes | no}] [ |-t {bnc | dix | fiber | NA || tp}]
|: |[-r {4 | 16 | |autosense}] [-d {full | |half | auto}]
|: |[-f {10 | 100 | auto}] |[-a {no | yes}]
|: |[-n {yes | no}] |[-o IP_address]
|: |{-l node_list | -N |node_group | start_frame start_slot {node_count |
|: |rest}} [-P |physical_location_code] [-e |default_route] ...
|: |adapter_name starting_IP_address netmask

Flags

-s yes | no

Indicates whether IP addresses should be skipped, as needed, when assigning IP addresses. If -s no is specified, no skipping occurs; each IP address assigned is equal to the previous address assigned plus one. If -s yes is specified, each IP address assigned is equal to the previous address assigned plus the difference in their respective node numbers. |

|-t bnc | dix | fiber | NA | tp

|Designates the Ethernet type. Use bnc to designate a |thin Ethernet. Use dix to designate a thick Ethernet. |Use fiber to designate a 1000 Base SX network. Use |NA for an integrated Ethernet. Use tp to designate a |twisted pair. The default is tp. When the |-e flag is specified, you cannot specify -t |fiber. |

|-r 4 | 16 | autosense

|Specifies the token-ring network speed. This is required for |tr0 and tr1 token-ring adapters. Specify 4 |for 4Mb per second, 16 for 16Mb per second, and autosense |for adapters that automatically choose the network speed. |

|-d full | half | auto

|Specifies the communication transfer as one way (half) or two way |(full). The default is auto. |

|-f 10 | 100 | auto

|Specifies Ethernet speed in megabits (Mb/s). Specify 10 |for 10Mb per second or 100 for 100Mb per second. The default |is auto.

-a no | yes

Indicates whether you want Address Resolution Protocol (ARP) to be used for the switch. If you want to assign IP addresses freely, as for other adapters, you must specify yes. If you specify -a no, you must not specify -n no. Do not use this flag unless you are specifying IP addresses for the css adapter. If you do not specify -a, the default is yes. On an SP Switch2 system, the only valid value for ARP is yes. |

|-n yes | no

|This flag can only be used when defining css adapters. If you |specify -n yes, you must not specify -s yes, and |you must specify every node in the system using start_frame start_slot |node_count (you cannot use -l node_list). |The default for -n is no for SP Switch2 systems and |yes for all other systems.

-o ip_list

Specifies a list of additional IP addresses associated with this adapter. The ip_list is a comma delimited list of dotted decimal IP addresses. This flag is used in an HACMP environment only.

-l node_list

Specifies a list of nodes to be used for this operation. Either specify a comma-delimited list of node numbers, or a file containing one line of data which is a comma-delimited list of node numbers. The file can also contain comment lines (preceded by a #) and lines that are all white space. If you use the node_list field, do not use the start_frame, start_slot, or node_count fields. (This is lowercase l, as in list.)

-N node_group

Specifies a node group to be used for this operation. This node group must be bound to the current system partition. |

|-P physical_location_code

|Specifies the physical location of the adapter as defined by the hardware |publications for the node or as returned by the spadaptr_loc |command. If this flag is used, the adapter_name operand must |contain the adapter type. The -P flag can only be used |for the IBM

pSeries 690 server. It cannot be used for |switch adapters. |

|-e default_route

|Specifies that this adapter is the SP Ethernet administrative local area |network (LAN) adapter for the node. The default_route |indicates the route over which the node communicates with its boot/install |server (for example, install, customize, and so on). Only one adapter |can be specified as the SP Ethernet administrative LAN adapter for a |node. The -e flag can only be used with Ethernet |adapters. If you are using this flag for a node other than the p690 |server, the adapter_name must be en0. When the |-e flag is specified, you cannot specify -t |fiber.

|The default route that you enter is not the same as the default |route on the node. The route that you enter goes in the SDR Node |Class. The default route must be a valid SP Ethernet administrative LAN |adapter path to the node's boot/install server and the control |workstation.

|The default route on the node is the route it will use for its network |communications if there is no specific route to the destination. During |the boot process, this is set to the default route in the SDR. It can |be changed later on in the boot process or after the node is running, but |should not be changed permanently in the SDR. For FDDI, token ring, or |other Ethernet adapters, create the route in |firstboot.cust. In order for the route to remain set |after customization, also set the route up in /etc/inittab after the |line that runs rc.sp. For the switch, set the route up |in /etc/inittab after the line that runs |rc.switch.

Operands

start_frame

Specifies the frame number of the first node to be used for this operation. Specify a value between 1 and 128 inclusive.

start_slot

Specifies the slot number of the first node to be used for this operation. Specify a value between 1 and 16 inclusive.

Note:: The start_frame and start_slot must resolve to a node in the current system partition.

|node_count

|Specifies the number of nodes to be used for this operation. The |information is added sequentially to nodes in slots within a frame and, if the |slots in a frame are exhausted, to slots in the next sequential frame. |Specify a value between 1 and 512 inclusive. If rest is |specified, all the nodes from start_frame start_slot to the end of |your system are used.

|Note:: The node_count is considered to be within the current system |partition. |

|adapter_name

|Specifies the name of the adapter or the adapter type. If the |-P flag is not used, the adapter name must be specified and |this operand will take the form of enn (ethernet), |fin (fiddi), trn (token ring), or |cssn (switch), where n is the logical device number |assigned to the adapter by AIX. If the -P flag is used, |the adapter type must be specified and this operand will take the simple form |of en (ethernet), fi (fddi), or tr (token |ring).

|Note:: This command cannot be used for aggregate IP (ml) adapters; use |the spaggip command instead. |

|starting_IP_address

|Specifies the IP address or host name of the first node in this |operation. IP addresses of subsequent nodes are created by incrementing |the IP address for each node, depending on how the -s flag is |set. Specify a valid IP address or host name.

|Ensure that the combination of the starting IP address, the node count |operand, and the -s flag do not result in the incrementing of |the IP address to an IP address that is not valid.

|Each IP address used in the operation must be resolved by the host |command on the control workstation.

|Notes:

|When adding SP switch adapters for the SP Switch with the |-n flag set to yes, be sure to specify the IP address |for the lowest node number for the starting_IP_address |operand. The IP address for the lowest node number may not necessarily |be the lowest IP address in the range of IP addresses assigned to the |adapters.
|For SP switch adapters, the IP addresses must not conflict with the IP |addresses of any other existing adapters. For all other adapter types, |their IP addresses must not conflict with the IP addresses of any other |existing SP switch adapters for the SP Switch or aggregate IP (ml) |adapters. |

|Each IP address used in the command must be resolvable by the host |command on the control workstation.

netmask

Specifies the netmask for the network on which the adapter resides. Specify a valid IP address.

Description

|Execute this command during installation of the SP to identify the |IP addresses, netmasks, and default routes associated with node |adapters. This command is also used to identify the node Ethernet |adapters that are connected to your SP Ethernet administrative local area |network (LAN). If all your IP addresses are in the same block, run this |command once. If you have "holes" in your IP addressing scheme, |run this command once for each block of addresses you want to |assign.

|Only one adapter can be specified as the SP Ethernet administrative |LAN adapter for a node. If you already have an SP Ethernet |administrative LAN adapter identified and you specify a new adapter with the |-e flag, the SP Ethernet administrative LAN indicator will |change from the old adapter to the new adapter.

Note:: |Changing the SP Ethernet administrative LAN adapter to a different |Ethernet adapter for a node will require you to completely reinstall the |node. You cannot simply customize the node in order for these changes |to take effect. |

You must obtain authorization using Kerberos 4 or DCE, according to the trusted services authentication methods setting. Refer to the chapter on security in PSSP: Administration Guide.

You can use the System Management Interface Tool (SMIT) to run the spadaptrs command. To use SMIT, enter:

smit node_data

and select the Additional Adapter Information option.

Notes:

This command should be run only on the control workstation. You must be logged into the control workstation as root to execute this command.
After running this command, you must issue the syspar_ctrl -r command to refresh system partition-sensitive subsystems in each system partition where node customization was performed. Subsystems like hats, hb, and hr need to be refreshed whenever nodes or adapters are added or deleted.
Any changes made will not take effect on the nodes until they are customized.
|All nodes attached to the switch network must be attached to every |switch plane in the system.
|The -P flag can only be specified when configuring |adapters for p690 servers used as either attached servers or clustered |enterprise servers.
|The physical_location_code specified with the |-P flag may be determined in one of the following ways: |
- |Reviewing the hardware publications that you received with your server and |viewing the physical installation location of the adapter in the server
- |Running the spadaptr_loc command, which will list the physical |location codes
- |If AIX is installed and operational on the server, running the AIX |lscfg -vpl command on the server and noting the Physical Location |field of the PLATFORM SPECIFIC output section |
|If the node is not a p690 server used as either an attached server |or clustered enterprise server, the adapter_name must be en0 |when specifying the -e flag.
|In SP Switch2 systems, a node must either be connected to all switch |planes in the system or to none of the switch planes in the system. A |node cannot be connected to just a portion of the switch planes in the |system. If you are adding a node to the switch network of a multiplane |system, you must add a switch adapter in the system through multiple |executions of the spadaptrs command.
This command cannot be used for aggregate IP (ml) adapters; use the spaggip command instead.

Security

You must have root privilege and write access to the SDR to run this command.

Location

/usr/lpp/ssp/bin/spadaptrs

Related Information

Commands: syspar_ctrl

Examples

|If you specify the -s flag to skip IP addresses when |adding SP switch adapters, you must also specify -n no (or on |SP Switch2 systems, you can choose to not specify the -n flag |and use the default value of no) to not use switch numbers for IP |address assignment.
```
|spadaptrs -s yes -n no -a yes 1 1 30 css0 129.33.34.1 255.255.255.0
```
|The following example configures the Gigabit Ethernet adapter as |en1 on node 7:
```
|spadaptrs -t fiber -f auto -d auto -l 7 en1 129.33.34.1 255.255.255.0
```
|The following example configures an Ethernet adapter on node 1 by |specifying its physical location code:
```
|spadaptrs -P P2/E1 -l 1 en 10.0.0.1 255.255.255.0
```
|The following example configure the en1 adapter on node 2 as the SP |Ethernet administrative LAN adapter. The gateway from this node to its |boot/install server is specified as 10.0.0.168.
```
|spadaptrs -e 10.0.0.168 -l 2 en1 10.0.0.2 255.255.255.0
```

|spaggip

|Purpose

|spaggip - Configures the aggregate IP address for the SP |Switch2 virtual device. |

|Syntax

|spaggip: |[-s {yes | no}]
|: |[-u update_interval]
|: |[-c update_threshold]
|: |[-h]
|: |-i adapter_list
|: |{-l node_list | -N |node_group |
|: |start_frame start_slot node_count}
|: |starting_IP_address
|: |netmask |

|Flags

|-s {yes | no}: |Determines whether to skip IP addresses for unused slots. The |default is no.
|-u update_interval: |Specifies the time interval in seconds between the aggregate network route |table refreshes. The value must be between 3 and 10 inclusive. |The default is 3.
|-c update_threshold: |Specifies the number of missed refresh updates before the network |connection is dropped. The value must be between 10 and 400 |inclusive. The default is 10.
|-h: |Specifies that the command should only display valid command |syntax. When this flag is specified, other flags and operands are |ignored.
|-i adapter_list: |Specifies a comma-separated list of adapter names represented by the |aggregate IP address. The adapter_list must be a list of one |or more SP switch adapters for the SP Switch2 already defined in the |SDR.
|-l node_list: |Specifies the nodes using a comma-separated list of node numbers.
|-N node_group: |Specifies the nodes using a node group. |

|Operands

|start_frame

|Specifies the frame number of the first node to be used for this |operation. Specify a value between 1 and 128 inclusive.

|start_slot

|Specifies the slot number of the first node to be used for this |operation. Specify a value between 1 and 16 inclusive.

|Note:: The start_frame and start_slot must resolve to a node in |the current system. |

|node_count

|Specifies the number of nodes to be used for this operation. The |adapters are created for the nodes, beginning with the node that the |starting_frame and starting_slot resolves to, and continuing |sequentially through each node after that one until adapters have been created |for node_count nodes. If node_count nodes spans |multiple frames, when the nodes in a particular frame are exhausted, the |command continues with the first node in the next sequential frame. |Specify a value between 1 and 512 inclusive. If rest is |specified, all of the nodes from start_frame start_slot to |the end of your system are used.

|starting_IP_address

|Specifies the aggregate IP address of the first virtual device. IP |addresses of subsequent nodes are created by incrementing the IP address for |each node. The aggregate IP addresses cannot conflict with the IP |addresses of any other adapter on the system.

|netmask

|Specifies the network mask. |

|Description

|The spaggip command is used to configure an aggregate IP address |which represents one or more SP switch adapters for the SP Switch2 on a node |by providing a single IP address, netmask, and device name for the referenced |adapters. The aggregate IP interface is most effective in multiplane SP |Switch2 systems. Since only one aggregation can be performed on a node, |the device name of this aggregate IP address is implicitly set to |ml0.

|The spaggip command requires that the adapters specified in the |adapter_list be defined in the System Data Repository (SDR). |See also the spadaptrs command.

|The aggregate IP addresses are assigned to all specified nodes in |increasing order. If -s yes is specified, IP addresses |are skipped corresponding to the number of slots occupied by a node.

|Note:: Any changes made will not take effect on the nodes until they are |customized. |

|Files

|None.

|Standard Output

|This command writes informational messages to standard output.

|Standard Error

|This command writes all error messages to standard error.

|Exit Values

|0: |Indicates successful completion of the command.
|1: |Indicates that an error occurred. |

|Security

|You must have root privilege or be a member of the system group to run this |command.

|You must have write access to the SDR to run this command.

|Restrictions

|The switch adapter (or adapters) for the SP Switch2 switch being aggregated |must be defined prior to issuing this command.

|This command can only be issued on the control workstation.

|Implementation Specifics

|This command is part of the IBM Parallel System Support Programs (PSSP) |Licensed Program (LP).

|Prerequisite Information

|Before issuing the spaggip command, the adapters specified in the |adapter_list must first be defined in the SDR. See the |spadaptrs command for an example.

|Location

|/usr/lpp/ssp/bin/spaggip

|Related Information

|Commands: spadaptrs, spdelagg

|Examples

|To define aggregate IP ml0 devices for for 16 nodes in the |system, enter the following command. The IP address for the |ml0 adapter in node 1 in frame 1 is 10.0.0.1 and |the network mask is 255.255.255.0. The IP |addresses for the ml0 adapters for subsequent nodes in the system |depend on the number and size of the nodes in that frame.
```
|spaggip -s yes -i css0,css1 1 1 16 10.0.0.1 255.255.255.0
```
|To add an aggregate IP ml0 device with an IP address of |10.0.0.1 and a network mask of |255.255.255.0 on node 7, enter:
```
|spaggip -i css0,css1 -1 7 10.0.0.1 255.255.255.0
```
|

spapply_config

Purpose

spapply_config - Applies a system partition configuration to the SP system.

Syntax

spapply_config [-h] [-v] [-A] [-F] [-q] config_dir/layout_dir

Flags

-h

Displays usage information. If this command is issued with the -h flag, the syntax description is displayed to standard output and no other action is taken (even if other valid options or operands are entered with the -h flag).

-v

Verifies, but does not apply, the specified configuration layout. With this option, the command:

Checks the contents of each custom file in the specified layout to ensure that the required stanza entries exist
Describes which system partitions would be changed and which would be unchanged by applying the specified configuration layout
Lists all nodes in the changed system partitions which are not shutdown

-A

Archives the System Data Repository (SDR). With this flag, a copy of the SDR prior to applying the configuration is saved using the SDRArchive command.

-F

Corrects recoverable errors encountered in the IBM Virtual Shared Disk subsystem in the application of the specified configuration layout. Irrecoverable errors encountered cause the command to terminate prior to applying the specified layout.

-q

Specifies quiet mode. This option suppresses all status messages as well as the output from most internally called commands. The list of changed and unchanged system partitions, the list of nodes in changed system partitions which are not shutdown, and any warning or error messages are still displayed with this option.

Operands

config_dir: Specifies the directory name for a configuration directory.
layout_dir: Specifies the directory name for a layout directory within the configuration directory.

Description

The command functions in two phases: verification and application. Before applying a new system partition configuration, the administrator should back up the SP system SDR. This can be accomplished by using either the SDRArchive command or by using the -A flag on spapply_config. If your system has an SP switch, the Eunpartition command must be run before applying a new system partition configuration. Otherwise there will be unpredictable results in the new system partitions. Refer to the "Managing system partitions" chapter in PSSP: Administration Guide for additional information.

|The spapply_config command is not valid on a system with an |SP Switch2 switch or on a switchless clustered enterprise server |system.

The layout directory contains one system partition directory for each system partition in the configuration. Each partition directory contains the switch topology file and nodelist file. It also contains the custom file (created and updated by the spcustomize_syspar command). The spapply_config command verifies that these files exist. It also verifies the contents of the custom file. If an error is encountered in this verification phase, the command issues an appropriate message and terminates without attempting to apply a configuration layout that is not valid. As part of its verification phase, this command also calls the verparvsd command to determine the impact on the IBM Virtual Shared Disk subsystem of applying the specified configuration layout. If any errors or warnings are returned from verparvsd, the spapply_config command reports those messages and stops. The -F flag can be used to alter this behavior by correcting recoverable IBM Virtual Shared Disk errors encountered in the analysis of the IBM Virtual Shared Disk subsystem.

As part of its processing, spapply_config displays to standard output the list of changed system partitions and the list of unchanged system partitions. A changed system partition is a currently-defined partition which will be changed in some way by the application of the specified configuration layout. Nodes in changed system partitions should be shutdown prior to applying that configuration. Conversely, an unchanged system partition is a currently-defined partition which will be unchanged by the application of the specified configuration layout. Nodes in unchanged system partitions can remain in operation during the application of this configuration layout. The spapply_config command issues the Eannotator, Eprimary, and Etopology commands as necessary.

The spapply_config command issues status messages which track the progress of operation to standard output. These messages along with the lists of changed and unchanged system partitions can be suppressed by the using the -q flag.

In the event that spapply_config encounters an error during the application phase, a descriptive error message is displayed and the command stops. In this case, it will be necessary to restore the SP SDR and the system partition-sensitive subsystems (for example, hats, hb, and hr) to their previous state by using the sprestore_config command.

Note:: Due to system partitioning changes, your SP_NAME environment variable may no longer be set to a valid system partition name. To get a list of valid system partition names, enter the splst_syspars -n command. Then verify that your SP_NAME environment variable is either unset or set to one of the system partition names in the list.

Files

nodelist: Contains a list of switch node numbers contained in a system partition (used internally, not by end users).
topology: Contains the wiring configuration information for switch-to-switch and node-to-switch cabling in a switch network. This information is used during switch initialization.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run spapply_config using a secure |remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

You must have root privilege and write access to the SDR to run this command.

Location

/usr/lpp/ssp/bin/spapply_config

Related Information

Commands: Eunpartition, SDRArchive, spcustomize_syspar, spdisplay_config, sprestore_config, spverify_config, syspar_ctrl, verparvsd

Files: nodelist, topology

Examples

To apply the system partition configuration represented by the config.4_12/layout.2 layout directory, enter:
```
spapply_config config.4_12/layout.2
```
To check (but not apply) the system partition configuration represented by the config.8_8/layout.1 layout directory, enter:
```
spapply_config -v config.8_8/layout.1
```

spauthconfig

Purpose

spauthconfig - Installs and configures a node based on selected authentication methods. The command (called from /etc/rc.sp and psspfb_script) runs each time a node boots.

Syntax

spauthconfig: [-h] [-I]

Flags

-h: Displays the command syntax.
-I: Used during the initial installation of a node.

Operands

None.

Description

You must run setupdce on the control workstation prior to running spauthconfig on a node. The spauthconfig command installs the DCE LP as a client, if required. The node is added to the cell where the control workstation resides. It runs config.dce -local to configure the local piece of DCE client code. It creates or updates the local authorization files by calling updauthfiles, and sets the authentication methods and SP Trusted Services methods. The command adds an rc.dce entry to the /etc/inttab file so DCE will start on each boot. If DCE is no longer a selected authentication method this entry will be removed (only if the command added the entry). If DCE is selected, create_keyfiles will be run to create any service keyfiles required by the specified node. Prior to running create_keyfiles, this program will copy the spsec_overrides file from the control workstation.

The command may be run manually to update the node to pick up any changes to the authentication configuration that occurred on the control workstation. This command is similar to the process run on the control workstation except this is automated and relies on information in the SDR to control program flow. The ODM will be updated based on authentication methods set in the SDR.

Files

input:

SDR database

ODM database

.rhosts

.klogin

.k5login

output:

Log file created in /var/adm/SPlogs/auth_install/log

SDR database

ODM database

.rhosts

.klogin

.k5login

/etc/inittab

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|RCMD_PGM - remote command method, either rsh or |secrshell
|DSH_REMOTE_CMD - remote command executable
|REMOTE_COPY_CMD - remote copy executable |

|For example, if you want to run spauthconfig using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Exit Values

0: Indicates successful completion of the command.
1: Indicates errors occurred. Review any reported errors either on the console or in the Log file.

Security

Root authority is required to run this command.

Location

/usr/lpp/ssp/bin/spauthconfig

Related Information

Commands: chauthent, chauthts, create_keyfiles , lsauthent, updauthfiles

Files: /etc/inittab

Examples

This command may be run locally by the user, but generally will be run at boot time out of the /etc/rc.sp file. The following example will run the command on the local node:

/usr/lpp/ssp/bin/spauthconfig

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]