IBM Books

Command and Technical Reference, Volume 2

spseccfg

Purpose

spseccfg - Displays host configuration information related to Security Services.

Syntax

spseccfg [-h | target_host]

Flags

-h
Specifies that the command syntax is to be listed.

Operands

target_host
The hostname or IP address of the host whose host configuration data is requested. When target_host is omitted, the information displayed is for the local host.

Description

The spseccfg command obtains the DCE-hostname that was assigned when DCE was configured on the target host and the system partition name. It prints each name to standard output as a separate line.

Standard Output

The first line of output is the DCE-hostname, if DCE is installed and configured, otherwise an empty line.

If the host is an SP node, the second line of output is the system partition name. If the host is the control workstation, It is the default system partition name. Otherwise, for an independent workstation, it is the (short) local hostname.

Standard Error

Output consists of error messages, when the command cannot complete successfully.

Exit Values

0
Indicates the successful completion of the command.

1
Indicates that an error occurred.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).

Prerequisite Information

The chapters on security in the PSSP: Administration Guide.

Location

/usr/lpp/ssp/bin/spseccfg

Examples

  1. To display the configuration information for the local host, enter: 
    $spseccfg
 
hosts/sp3.xyz.com
sp3
  2. To display the configuration information for the host at address 120.14.89.10, enter: 
    $spseccfg 120.14.89.10
 
hosts/p16n9
p16part3

spsetauth

Purpose

spsetauth - Sets the authentication methods to be installed on the control workstation and in the partition.

Syntax

|
|spsetauth
|-p partition name [-h] |{-d} {[dce] [k4] |[std] | [none]} |
| 
|{-i} {[dce] [k4] |[std]}

Flags

-p partition name
Specifies the partition name for a system partition object.

-h
Presents syntax to standard output.

-d
Specifies authentication set up.

-i
Specifies install set up.

Operands

|Are a set of authentication methods to be set in the system |partition object in the System Data Repository (SDR). Specifies an |available authentication method. When you specify multiple |authentication methods, they must be specified in the order shown, which is |the order of precedence in their use by remote commands.

|You must specify at least one of the following authentication |methods or none. none can only be specified with the |-d flag. A secure remote command must be enabled before |you select none.

|dce
|Specifies that Kerberos 5 using DCE credentials will be made active for |this system partition.

|k4
|Specifies that the Kerberos 4 authentication method will be made active |for this system partition. This method is required if nodes in the |system partition are running PSSP 3.1 or earlier.

|std
|Specifies that the standard AIX authentication method will be made active |for this system partition. If specified, this method must be last (the |lowest priority).

|none
|Implies that no authorization method is enabled. Setting |none will result in no root PSSP entries being put in the |.rhost, .k5login, and .klogin |files for the system partition. none cannot be combined with |any other method and is only valid with the -d flag. A |secure remote command must be enabled on the system before none is |selected. You can only specify none if all of your nodes |in the system partition are at PSSP 3.4 or later.

Description

This command only runs on the control workstation and is used per system partition. The -i flag updates or sets the auth_install attribute in the SDR. This defines the set of authentication capabilities for the node. Standard AIX is assumed since this is part of base AIX. |The -i flag does not allow the none |option.

The -d flag updates or sets the auth_root_rcmd attribute in the SDR. This defines which |authorization methods are used for root access to remote commands. |Both the -i and -d flags check that |the methods selected do not conflict with authentication methods enabled or |used in the system. Once the values are verified, checked, and updated in the SDR, the appropriate authentication files are created or copied via updauthfiles.

|If -d dce is selected, both config_spsec and |create_keyfiles must be run before running |spsetauth.

|If the -d flag is selected, the none option |is allowed. The none option cannot be combined with any other |authentication method.

If std is selected, it is set last as an authentication or authorization method. If dce is selected, it is set first to ensure a proper priority of methods.

Standard Output

Log file created in /var/adm/SPlogs/auth_install/log

Exit Values

0
Indicates the command completed successfully.

1
Indicates the command was unsuccessful. Errors are printed to /var/adm/SPlogs/auth_install/log and standard output.

Errors must be corrected and the command executed again before proceeding to any further configuration or installation steps.

Security

You must have root privilege and write access to the SDR to run this command.

Location

/usr/lpp/ssp/bin/spsetauth

Related Information

Commands: updauthfiles

Examples

  1. To set partition "par_1" to have Kerberos V4 as an installed authentication method, enter: 
    /usr/lpp/ssp/bin/spsetauth -i -p par_1 k4
  2. To set partition "par_2"' to have DCE, Kerberos V4, and Standard AIX as the set of authentication methods, enter: 
    /usr/lpp/ssp/bin/spsetauth -d -p par_2 dce k4 std
  3. |To set partition "par_2"' to have "none," that is no |selected authorization methods for AIX remote commands, enter: 
    |/usr/lpp/ssp/bin/spsetauth -d -p par_2 none

spsitenv

Purpose

spsitenv - Enters configuration parameters used by SP installation and system management scripts into the System Data Repository (SDR).

Syntax

spsitenv
[acct_master = accounting_master]
 
[admin_locale = SP_admin_locale]
 
[amd_config = true | false]
 
[cw_lppsource_name = lppsource_name]
 
[dsh_remote_cmd = <executable location | "">]
 
[filecoll_config = true | false]
 
[homedir_path = home_directory_path]
 
[homedir_server = home_directory_server_host_name]
 
[install_image = default_network_install_image_name]
 
[ntp_config = consensus | internet | none | timemaster]
 
[ntp_server = ntp_server_host_name ...]
 
[ntp_version = 3 | 1]
 
[passwd_file = passwd_file_path]
 
[passwd_file_loc = passwd_file_server_host_name]
 
[rcmd_pgm = rsh | secrshell]
 
[remote_copy_cmd = <executable location | "">]
 
[remove_image = true | false]
 
[restrict_root_rcmd = true | false]
 
[SDR_ASCII_only = true | false]
 
[SP_type_model = SP_machine_type_model_number]
 
[SP_serial_number = SP_machine_serial_number]
 
[spacct_actnode_thresh = sp_accounting_active_node_threshold]
 
[spacct_enable = false | true]
 
[spacct_excluse_enable = false | true]
 
[supfilesrv_port = port]
 
[supman_uid = supman_uid]
 
[usermgmt_config = false | true]

Flags

acct_master
Indicates which node is the accounting master, where crunacct runs. The initial value is accounting_master=0, specifying the control workstation.

admin_locale
Indicates the administrative locale for your SP system. If the SP_administrative_locale is not installed on your control workstation, the command will not be successful. The administrative locale is used to determine valid SDR data when SDR_ASCII_only is false. It may also be used by SP products that must restrict locale operations to a specific locale. See your specific SP product documentation for such uses. The initial value of admin_locale is the value stored in the LANG stanza in the /etc/environment file at the time PSSP is installed on your control workstation.

amd_config
Indicates whether the automounter function should be configured and supported by the SP. Specify true if you want to have the automounter configured and the automounter daemon started on your SP. Automounter entries are created for your home directories if usermgmt_config is also true. Specify false if you do not want to have the SP manage the automounter. The initial value of amd_config is true.

cw_lppsource_name
Indicates the LP source name to use when installing the NIM file sets on the control workstation. The name you specify must correspond to an LP source directory on the control workstation. The directory must be named /spdata/sys1/install/LPP_source_name/lppsource, where LPP_source_name is the name that you have assigned to the LP source. The default value is default.

You must ensure that the AIX level on the LP source (indicated by the cw_lppsource_name) matches the AIX level installed on your control workstation.

dsh_remote_cmd
The default is null (""). It can be set to the full path name of the executable to be used for remote commands issued by dsh.

filecoll_config
Indicates whether the SP file collection management code should be installed.

Specify true if the code is to be installed. Specify false if the code is not to be installed. The initial value is true.

homedir_path
Specify an absolute path name for home_directory_path if you want to use a path other than the initial value of the control workstation path. The initial value is /home/cw, where cw is the host name of the control workstation.

homedir_server
Indicates where user home directories physically reside. Specify a valid host name or IP address for home_directory_server_host_name if you want to use a server other than the initial value of the control workstation host name.

The initial value is the host name of the control workstation.

install_image
Indicates the location of the default network install image for your SP system. default_network_install_image_name should point to the install image which is used for a node if that node's install image field is not set. This should be a file in /spdata/sys1/install/images.

ntp_config
See ntp_server.

ntp_server
Indicates your choice for running NTP in your SP. To use your site's NTP time server, specify ntp_config=timemaster and specify the host name of your NTP time server with the ntp_server parameter.

To use an Internet NTP time server, your control workstation must be connected to the Internet. Specify ntp_config=internet and specify the full host name of an Internet time server with the ntp_server parameter.

To cause the control workstation and file servers to generate a consensus time based on their own date settings, specify ntp_config=consensus and specify ntp_server=''.

If you do not want to run NTP on the SP, specify ntp_config=none and ntp_server=''.

The initial value of ntp_config is consensus and the initial value of ntp_server is ''. If ntp_config is specified as either timemaster or internet, the ntp_server value must be a valid host name.

ntp_version
Indicates which version of NTP you are running. The initial value is 3.

passwd_file
Indicates the path of the password file where new user entries are placed. The initial value is /etc/passwd. If you change the value of passwd_file from /etc/passwd and are using NIS, be sure to modify your NIS Makefile to build the password map from the new password file.

This field is meaningful only if usermgmt_config=true.

passwd_file_loc
Specifies the host name of the machine where your password file resides. The initial value of passwd_file_loc is the control workstation. The value of the passwd_file_loc cannot be one of the nodes in the SP system. |

|rcmd_pgm
|The default is rsh. If set to secrshell, the PSSP |code (via dsh) will be using the secure remote command and secure |remote copy functions defined by the dsh_remote_cmd and |dsh_remote_copy parameters. If null, the default is |/bin/ssh and /bin/scp. To set to secrshell, |restrict_root_rcmd must be true.

remote_copy_cmd
The default is null (""). It can be set to the full path name of the executable to be used for remote copy commands in the PSSP code. |

|restrict_root_rcmd
|Indicates whether you are running in the more secure restricted root |remote command environment. The default is false.

remove_image
Indicates whether install images are to be removed from the boot servers after an install has been completed.

Specify remove_image=true if the images are to be removed.

Specify remove_image=false if the images are not to be removed.

The initial value is false.

SDR_ASCII_only
Indicates whether ASCII data only may be written to the SDR. ASCII data is defined as all characters within the range '00'x to '7F'x. Specify true if you want the SDR to contain only ASCII data. If you specify true and the SDR currently contains non-ASCII data, a warning message will be displayed, but the action will still be performed. Specify false if you want to allow non-ASCII data to be written to the SDR. If you specify false and the SP system contains nodes that have PSSP 3.1 or older releases installed, the command will not be successful. If you have successfully set SDR_ASCII_only to false, all data written to the SDR adheres to the following rules:

The initial value of SDR_ASCII_only is true. |

|SP_type_model
|Specifies the machine type model number for the SP system. |

|SP_serial_number
|Specifies the machine serial number for the SP system.

spacct_actnode_thresh
Indicates the percentage of nodes for which accounting data must be present in order for crunacct to continue processing that day. The initial value is 80.

spacct_enable
Indicates whether accounting is enabled or disabled on all nodes that have an accounting enabled attribute set to default. The initial value is false, disabling accounting.

spacct_excluse_enable
Indicates if accounting start and end job records are generated for jobs having exclusive use of the node. A value of true indicates that exclusive use accounting is enabled and start and end job records are generated. A value of false indicates that exclusive use accounting is not enabled and start and end job records are not generated.

The initial value is false.

supman_uid
Specifies the uid for the file collection daemon. It is meaningful only if filecoll_config=true is specified. The initial value is ''. If you are using login control, make this uid lower than the threshold ID you set in the block_usr_sample script.

usermgmt_config
Indicates whether SP user management scripts should be integrated into your system.

Specify usermgmt=true if you want to have the SP User Management scripts in the Security & Users SMIT menu. Specify usermgmt=false to remove the scripts from the SMIT menu.

The initial value is true.

Operands

None.

Description

Use this command during installation of the SP or at a later time to identify SP configuration parameters in use at your location.

You can use the System Management Interface Tool (SMIT) to run the spsitenv command. To use SMIT, enter: 

smit enter_data

and select the Site Environment Information option.

You cannot use SMIT if you are using AFS authentication services.

Note:
Any changes made will not take effect on the nodes until they are customized.

Security

You must have root privilege and write access to the SDR to run this command.

This command should be run only on the control workstation.

Location

/usr/lpp/ssp/bin/spsitenv

Examples

  1. The following example enters site environment parameters into the System Data Repository. The NTP configuration is consensus and the file collection management code is to be installed: 
    spsitenv ntp_config=consensus filecoll_config=true
  2. |The following example enables the restricted root remote command |environment and enables a secure remote command environment: 
    |spsitenv restrict_root_rcmd=true
|         rcmd_pgm=secrshell
|         dsh_remote_cmd=/bin/ssh
|         remote_copy_cmd=/bin/scp

spsvrmgr

Purpose

spsvrmgr - Controls software level and state of the supervisor applications.

Syntax

spsvrmgr
[-G] [ -f file_name]
 
[[-q rc | msg] |
 
[-r status | action] |
 
[-m status | action] | [-u]] [ slot_spec | all]

Flags

-G
Specifies Global mode. With this flag, commands can be sent to any hardware.

-f
Uses file_name as the source of slot ID specifications.

-q rc | msg
Checks the supervisor hardware configuration for supervisors that support microcode download, and that also require an action.

Action checks include:

Install
Indicates that the Supervisor card has no supervisor installed. An install is required.

Upgrade
Indicates that the Supervisor card has a supervisor installed, but it is not at the most current level. An upgrade is required.

Reboot
Indicates that the Supervisor card has a supervisor installed and it is at the most current level, but it is not active. A reboot is required.

Update Media
Indicates that the Supervisor card has a supervisor installed, but the media that is the repository for microcode files does not contain the version that is installed on the card. A media update is required.

If rc is specified with the -q flag, the command will issue a return code indicating whether any of the hardware requires action. A return code of 0 indicates that no action is required. A return code of 2 indicates that at least one supervisor was found that required action.

If msg is specified with the -q flag, the command will issue a message indicating whether any of the hardware requires action. In this case, a return code of 0 is issued unless an error condition occurs.

-r status | action
Checks the supervisor hardware configuration for supervisors that support microcode download and displays status for those supervisors in "report" form.

If status is specified with the -r flag, the status is listed for all of the installed supervisors that support microcode download.

If action is specified with the -r flag, the status is listed for all of the installed supervisors that support microcode download and that also require an action.

In both cases, Status includes:

Frame Number
Indicates the number of the frame.

Slot Number
Indicates a number in the range of 0--17.

Supervisor State
Indicates either Active (supervisor is executing) or Inactive (supervisor is not executing).

Media Versions
Indicates the microcode files that are compatible with the supervisor installed in this frame/slot.

Installed Version
Indicates the microcode file installed as the supervisor.

Required Action
Can be one of the following: None, Install, Upgrade, Reboot, or Update Media.

-m status | action
Checks the supervisor hardware configuration for supervisors that support microcode download and displays status for those supervisors in "matrix" form.

If status is specified with the -m flag, the status is listed for all of the installed supervisors that support microcode download.

If action is specified with the -m flag, the status is listed for all of the installed supervisors that support microcode download and that also require an action.

In both cases, Status includes:

Frame Number
Indicates the number of the frame.

Slot Number
Indicates a number in the range of 0 - 17.

Action Required
Can be either Required or Not Required.
|

|-u
|Installs, upgrades, or reboots the hardware supervisors specified by the |slot_spec option that support microcode download and that also |requires an action.
|Note:
This flag starts an hmcmds process to perform the actual |update. Refer to the hmcmds command specifically the |basecode, microcode, and the boot_supervisor |command options.
Attention

In most cases, the -u flag started processes which will power off the target slots for the duration of the update.

Operands

slot_spec | all
Specifies the addresses of the hardware components.

Description

The design of the SP supervisor control system divides the microcode used in the frame supervisor, node supervisor, and switch supervisor into the following two types:

basecode
Microcode that is loaded at the time of manufacture and gives the card the ability to load application microcode during system operation.

application microcode
Microcode that is loaded via basecode and contains the instruction that is the supervisor application.

The spsvrmgr command controls the software level and state of the supervisor applications that reside on the SP supervisor hardware.

Normally, commands are only sent to the hardware components in the current system partition. A system partition contains only processing nodes. The switches and the frames themselves are not contained in any system partition. To access hardware components not in the current system partition or to any frame or switch, use the -G flag.

The slot_spec option is interpreted as slot ID specifications. A slot ID specification names one or more slots in one or more SP frames and has either of two forms: 

fidlist:sidlist   or   nodlist

where:

fidlist
= fval[,fval,...]

sidlist
= sval[,sval,...]

nodlist
= nval[,nval,...]

The first form specifies frame numbers and slot numbers. The second form specifies node numbers. An fval is a frame number or a range of frame numbers of the form a-b. An sval is a slot number from the set 0 through 17 or a range of slot numbers of the form a-b . An nval is a node number or a range of node numbers of the form a-b.

The relationship of node numbers to frame and slot numbers is shown in the following formula: 

node_number = ((frame_number - 1) x 16) +
slot_number
Note:
Node numbers can only be used to specify slots 1 through 16 of any frame.

Refer to the hmcmds command for examples of the slot_spec.

Optionally, slot ID specifications can be provided in a file rather than as command flags. The file must contain one specification per line. The command requires that slot ID specifications be provided. If the command is to be sent to all SP hardware, the keyword all must be provided in lieu of the slot_spec option. However, the all keyword can only be specified if the -G flag is specified.

Files

The media that is the repository for the application microcode files is the /spdata/sys1/ucode directory structure.

Exit Values

0
Indicates the successful completion of the command.

1
Indicates that the command was unsuccessful. This return value is always accompanied with an error message.

2
Returned only in conjunction with the -q rc flag to indicate that at least one supervisor was found that required action.

Security

Microcode Download Mode: To execute the spsvrmgr command, you must be authorized to access the Hardware Monitor subsystem and must be granted Microcode Update permission, or VFOP permission depending on the SP Trusted Service in use, for the hardware objects (frames, slots) specified in the command. Commands sent to hardware objects for which the user does not have Microcode Update permission are ignored.

Microcode Query Mode: To execute the spsvrmgr command, you must be authorized to access the Hardware Monitor subsystem and must be granted Monitor permission for the hardware objects (frames, slots) specified in the command. State information is not returned for hardware objects for which the user does not have Monitor permission.

Restrictions

IBM suggests that you use this command through the RS/6000 SP Supervisor Manager option of the System Management Interface Tool (SMIT).

To access this command using SMIT, enter: 

smit

and select the RS/6000 SP System Management option, then the RS/6000 SP Supervisor Manager option.

A list of options that correspond to the spsvrmgr command flags will be presented for selection.

You can also directly access this list of options using the following SMIT fast-path command: 

smit supervisor

Implementation Specifics

The spsvrmgr command only interacts with SP supervisor hardware that supports the ability to download application microcode. Commands sent to slots that do not support this ability are ignored.

Location

/usr/lpp/ssp/bin/spsvrmgr

Related Information

Commands: hmcmds, hmdceobj, hmmon

Files: /spdata/sys1/spmon/hmdceacls, /spdata/sys1/spmon/hmacls

Refer to the "Installing and configuring a new RS/6000 system" chapter in PSSP: Installation and Migration Guide.

Examples

  1. To perform a "quick check" of your configuration for supervisor hardware that requires action and to have a message issued, enter: 
    spsvrmgr -G -q msg all

    You should receive output similar to the following: 

    spsvrmgr: At least one occurrence of supervisor hardware was found to
          require attention.
          Enter "smit supervisor" for installation options.
  2. To perform a "quick check" of your configuration for supervisor hardware that requires action and to have a status code returned, enter: 

    spsvrmgr -G -q rc all
echo $?

    Example usage in a script: 

    spsvrmgr -G -q rc all
if [[ $? = 2 ]]
then
    echo "*** Attention*** One or more supervisors require action."
    echo "Enter \"smit supervisor\" for installation options."
fi
  3. To display status information in report form of all hardware that supports microcode download for frame 2, enter: 
    spsvrmgr -G -r status 2:0-17

    You should receive report output similar to the following: 

    spsvrmgr: Frame Slot Supervisor Media        Installed    Required
                     State      Versions     Version      Action
          _____ ____ __________ ____________ ____________ ____________
          2     1    Active     u_10.3a.0609 u_10.3a.060b None
                                u_10.3a.060a
                                u_10.3a.060b
                ____ __________ ____________ ____________ ____________
                5    Active     u_10.3a.0609 u_10.3a.060b None
                                u_10.3a.060a
                                u_10.3a.060b
                ____ __________ ____________ ____________ ____________
                9    Active     u_10.1a.0609 u_10.1a.060b None
                                u_10.1a.060a
                                u_10.1a.060b
                ____ __________ ____________ ____________ ____________
                13   Active     u_10.3a.0609 u_10.3a.060b None
                                u_10.3a.060a
                                u_10.3a.060b
  4. To display status information in matrix form of all hardware that supports microcode download for in your configuration, enter: 
    spsvrmgr -G -r status all

    You should receive matrix output similar to the following: 

    spsvrmgr: Frame       Slots
          _____       _______________________________________________
          1           00 01 05 09 13 17
             (Action)  -  -  -  -  -  -
          _____       _______________________________________________
          2           01 05 09 13
             (Action)  +  +  +  -
           Action Codes:
              +  -- Required
              -  -- Not Required
  5. To display status information in report form of all hardware that supports microcode download and requires an action for frame 1, enter: 
    spsvrmgr -G -r action 1:0-17

    You should receive report output similar to the following: 

    spsvrmgr: Frame Slot Supervisor Media        Installed    Required
                     State      Versions     Version      Action
          _____ ____ __________ ____________ ____________ ____________
          1     1    Active     u_10.3a.0609 u_10.3a.060a Upgrade
                                u_10.3a.060a
                                u_10.3a.060b
                ____ __________ ____________ ____________ ____________
                5    Inactive   u_10.3a.0609 u_10.3a.060b Reboot
                                u_10.3a.060a
                                u_10.3a.060b
                ____ __________ ____________ ____________ ____________
                9    Inactive   u_10.1a.0609 u_10.1a.060b Reboot
                                u_10.1a.060a
                                u_10.1a.060b
  6. To update the hardware that supports microcode download in frame 1 slot 1, enter: 
    spsvrmgr -u 1:1

    You should receive installation output similar to the following: 

    spsvrmgr: Dispatched "microcode" process [24831] for frame 1 slot 1.
          Process will take approximately 12 minutes to complete.
spsvrmgr: Process [24831] for frame 1 slot 1 completed successfully.
  7. To update the hardware that supports microcode download in frame 1 slots 5 and 9, enter: 
    spsvrmgr -u 1:5,9

    You should receive installation output similar to the following: 

    spsvrmgr: Dispatched "boot_supervisor" process [27956]
          for frame 1 slot 5.
          Process will take less than a minute to complete.
spsvrmgr: Dispatched "boot_supervisor" process [23606]
          for frame 1 slot 9.
          Process will take less than a minute to complete.
spsvrmgr: Process [27956] for frame 1 slot 5 completed successfully.
spsvrmgr: Process [23606] for frame 1 slot 9 completed successfully.

spswplane

Purpose

spswplane - Configures the number of switch planes for use on the SP system.

Syntax

spswplane [-h] [-p planes] [-d]

Flags

-h
Displays command syntax. |

|-p planes
|Configures the number of switch planes.

-d
Displays the number of switch planes configured for the SP.

Description

The spswplane command specifies the number of switch planes in the SP system. The command is executed during installation of the SP, and records the requested switch planes number in the System Data Repository (SDR). A check is made of this input value against existing SDR information to verify its validity. The command can also be used after installation to change the number of switch planes in the system, and to display the existing number of switch planes. This command must be run after |spadaptrs has been executed to add SP Ethernet |administrative local area network (LAN) adapters to your nodes and after spadaptrs has been run to set up the proper |SP switch adapters for all nodes for all switch planes.

Note:
|This command is valid only on SP Switch2 systems. |

Standard Output

All informational messages generated are written to standard output (stdout). All error messages are written to standard output.

Standard Error

Output consists of error messages, when the command cannot complete successfully.

Exit Values

0
Indicates successful completion of the command.

1
Indicates that an error occurred.

Security

You must have root privilege or be a member of the AIX system group to run this command.

You must have write access to the SDR to run this command.

Restrictions

This command can only be executed on the control workstation.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) ssp.basic file set.

Location

/usr/lpp/ssp/bin/spswplane

Examples

  1. |To configure two switch planes on your SP system, enter: 
    |spswplane -p 2
  2. |To query the number of configured switch planes on your SP system, |enter: 
    |spswplane -d

spsyspar

Purpose

spsyspar - Directly invokes the System Partitioning Aid Perspective graphical user interface (GUI).

Syntax

spsyspar
[-userProfile name] [-systemProfile name] [ -noProfile]
 
[-backgroundColor colorName]
 
[-foregroundColor colorName] [-fontFamily name]
 
[-fontSize size] [-fontBold] [-fontItalic] [-nosplash] [-h]

Flags

-userProfile name
Upon initialization, loads the specified user profile. If a user profile named "Profile" exists in the user's home directory, it will be loaded by default if the -userProfile flag is not specified.

-systemProfile name
Upon initialization, loads the specified system profile instead of the default system profile. The default system profile is named "Profile."

-noProfile
Upon initialization, does not read either profile.

-backgroundColor colorName
Overrides the background color specified by any profile or default with the specified color. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid color names.

-foregroundColor colorName
Overrides the foreground color specified by any profile or default with the specified color. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid color names.

-fontFamily name
Overrides any font family with the specified font. The list of valid family names is dependent on the X server. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid fonts.

-fontSize size
Overrides any font point size with the specified size. Valid values are 6-30 points.

-fontBold
Sets the font to bold.

-fontItalic
Sets the font to italics.

-nosplash
Does not display the splash screen before the Perspectives main window is displayed.

-h
Displays usage information on the options available for the command.
Note:
Most flags accepted by X will also be recognized. For example, -display displayname.

Operands

None.

Description

Use this command to launch the System Partitioning Aid window of the SP Perspectives GUI. |The spsyspar command is not valid on a system with an SP |Switch2 switch or on a switchless clustered enterprise server |system.

The System Partitioning Aid Perspective is used to view and manage the current system partitioning configuration. This tool can also be used to generate new configurations.

When the command is invoked, preferences which define the look and layout of the System Partitioning Aid window are prioritized in the following order:

|Files

|The users preferences are read from and saved to |$HOME/.spsyspar(User Profile Name). The System |Preferences are read from and saved to |/usr/lpp/ssp/perspectives/profiles/$LANG/.spsyspar(System Profile |name). If a new system partitioning configuration is created, the |following files are created under the layout directory: |layout.desc, nodes.syspar and a system |partition directory for each system partition in the layout. For each |system partition directory, a node list file and topology file are |created.

Security

You must have write access to the SDR to run this command.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Prerequisite Information

For information on using the System Partitioning Aid Perspective and SP Perspectives, see the online help and the "Using SP Perspectives" chapter in the PSSP: Administration Guide.

Refer to the "Managing system partitions" chapter in PSSP: Administration Guide for additional information on the System Partitioning Aid.

See also Appendix A, "The System Partitioning Aid - A Brief Tutorial" in IBM RS/6000 SP: Planning, Volume 2, Control Workstation and Software Environment.

Location

/usr/lpp/ssp/bin/spsyspar

|Related Information

|You can also access the System Partitioning Aid Perspective by using the SP |Perspectives Launch Pad. The perspectives command invokes |the Launch Pad. Other Perspectives windows may be launched by invoking |the following commands: spevent, sphardware , and |spvsd. The sysparaid command provides a command |line interface into the System Partitioning Aid.

Examples

  1. To launch the Partitioning Aid Perspective, enter: 
    spsyspar
  2. To launch the Partitioning Aid Perspective with a pink background regardless of what is provided in the preference files, enter: 
    spsyspar -backgroundColor pink

sptgtprin

Purpose

sptgtprin - Displays the target principal name for a service on an SP host.

Syntax

sptgtprin [-h | default-service-name [target-host]]

Flags

-h
Specifies that the command syntax is to be listed. If you specify this flag, all operands are ignored.

Operands

default-service-name
Specifies the predefined name of a service listed in the security services configuration file.

target-host
Specifies the hostname or IP address of the host for which the principal is required.

Description

The sptgtprin command displays the DCE principal name of the instance of the specified service that runs on a particular SP host. The operand target-host must be a network interface on an SP node or the control workstation. If no host is specified, the principal name is that used by the service on the local host.

Principal names have the form product/DCE-hostname/service, where DCE-hostname is the qualifier that distinguishes the particular instance of the service that runs on the target host.

For services that have multiple instances on the same host, each serving a single system partition, the name displayed by this command is not the true principal name. These service principals are qualified by partition name rather than DCE-hostname. For such services (that have the "p" attribute in the spsec_defaults file), you can construct the true principal name by replacing the DCE-hostname qualifier with the applicable Syspar name.

Standard Output

Output consists of one line containing the DCE principal name, when successful.

Standard Error

Output consists of error messages, when the command cannot complete successfully.

Exit Values

0
Indicates successful completion of the command.

1
Indicates that an error occurred.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).

Prerequisite Information

The chapters on security in PSSP: Administration Guide.

Location

/usr/lpp/ssp/bin/sptgtprin

Examples

Displaying the DCE principal name used by the Hardware Monitor daemon that runs on the control workstation, whose hostname is spcw.xyz.com, and whose DCE_hostname is spcw: 

$sptgtprin ssp/hardmon spcw.xyz.com
ssp/spcw/hardmon

spunmirrorvg

Purpose

spunmirrorvg - Initiates unmirroring on a node or a set of nodes.

Syntax

spunmirrorvg {start_frame start_slot {node_count | rest} | -l node_list}

Flags

-l node_list
Specifies a list of nodes for this operation. This list can be a single numeric node number, or a list of numeric node numbers separated by commas.

Operands

|start_frame
|Specifies the frame number of the first node to be used for this |operation. Specify a value between 1 and 128 inclusive. |

|start_slot
|Specifies the slot number of the first node to be used for this |operation. Specify a value between 1 and 16 inclusive.
|Note:
The start_frame and start_slot must resolve to a node in |the current system partition. |

node_count
Specifies the number of nodes to be used for this operation. The node information is added for successive nodes within a frame. If the count of nodes causes the nodes in a frame to be exhausted, the operation continues for nodes in the next sequential frame. Specify a value between 1 and 1024 inclusive. If rest is specified, all the nodes from start_frame start_slot to the end of your system are used.
Note:
The node_count is considered to be within the current system partition.

Description

The spunmirrorvg command uses information found in the Volume_Group object to initiate unmirroring on a node or a list of nodes. If the number of desired copies is already achieved (the number of copies of a volume group equals the "copies" attribute in the Volume_Group object) the command exits. If the number is not yet achieved, spunmirrorvg will invoke the AIX unmirror command to reduce the number of copies. If unmirrorvg is successful, the volume group is reduced by any physical volumes that are part of the volume group, that are not listed in the pv_list attribute. If there are non-empty logical volumes on the physical volumes, the volume group will not be reduced by the physical volume. If reducing the volume group is unsuccessful, the command exits with an error. Quorum is set based on the value of the "quorum" attribute for the volume group in the Volume_Group object. If the state of quorum changes, a message is sent that the node requires rebooting. spunmirrorvg also issues the bosboot command to rebuild the bootable image, and the bootlist command, to remove any physical volumes from the bootlist that no longer contain bootable logical volumes.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |

|For example, if you want to run spunmirrorvg using a secure remote |method, enter: 

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Exit Values

0
Indicates the successful completion of the command.

1
Indicates that a recoverable error occurred, some changes may have succeeded.

2
Indicates that an irrecoverable error occurred and no changes were made.

Security

|You must have root privilege and a valid Kerberos ticket to run this |command, or be running with the AIX remote commands enabled.

Files

Log file created on node which contains AIX error messages if an error occurs during unmirroring: /var/adm/SPlogs/sysman/unmirror.out

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Location

/usr/lpp/ssp/bin/spunmirrorvg

Related Information

Commands: spchvgobj, spmirrorvg

Examples

  1. To initiate unmirroring on a node, enter: 
    spunmirrorvg  -l 1
  2. To initiate unmirroring on a list of nodes, enter: 
    spunmirrorvg  -l 1,2,3

spverify_config

Purpose

spverify_config - Verifies the active system partition configuration information for the SP system.

Syntax

spverify_config

Flags

None.

Operands

None.

Description

The spverify_config command is valid only on systems with no switch or with an SP switch. |The command is not valid on a system with an SP Switch2 switch or on |a switchless clustered enterprise server system.

This command is run by the spapply_config command after the System Data Repository (SDR) is updated. It can also be run by an administrator to verify that the SDR information is consistent (such as, after a system outage or a problem with the SDR). (This verification is only performed on a system which was partitioned beyond the initial single partition created at initial installation.)

Exit Values

0
Indicates that the SDR and corresponding layout directory are in agreement.

1
Indicates differences were found.

2
Indicates a usage error.

Security

You must have root privilege to run this command.

Location

/usr/lpp/ssp/bin/spverify_config

Related Information

Commands: spapply_config, spcustomize_syspar, spdisplay_config

Files: nodelist, topology

Examples

To verify that the information in the SDR matches the customization information previously supplied by the user, enter: 

spverify_config

spvsd

Purpose

spvsd - Directly launches the IBM Virtual Shared Disk Perspective graphical user interface (GUI).

Syntax

spvsd
[-userProfile name] [-systemProfile name] [ -noProfile]
 
[-backgroundColor colorName]
 
[-foregroundColor colorName] [-fontFamily name]
 
[-fontSize size] [-fontBold] [-fontItalic] [-nosplash] [ -h]
 

Flags

-userProfile name
Upon initialization, loads the specified user profile. If a user profile named "Profile" exists in the user's home directory, it will be loaded by default if the -userProfile flag is not specified.

-systemProfile name
Upon initialization, loads the specified system profile instead of the default system profile. The default system profile is named "Profile."

-noProfile
Upon initialization, does not read either profile.

-backgroundColor colorName
Overrides the background color specified by any profile or default with the specified color. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid color names.

-foregroundColor colorName
Overrides the foreground color specified by any profile or default with the specified color. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid color names.

-fontFamily name
Overrides any font family with the specified font. The list of valid family names is dependent on the X server. Refer to Appendix A, "Perspectives Colors and Fonts" in PSSP: Command and Technical Reference for a list of valid fonts.

-fontSize size
Overrides any font point size with the specified size. Valid values are 6-30 points.

-fontBold
Sets the font to bold.

-fontItalic
Sets the font to italics.

-nosplash
Does not display the splash screen before the Perspectives main window is displayed.

-h
Displays usage information on the options available for the command.
Note:
Most flags accepted by X will also be recognized. For example, -display displayname.

Operands

None.

Description

Use this command to launch the IBM Virtual Shared Disk Perspective. This Perspective allows the user to view and control the IBM Virtual Shared Disk subsystem.

By default, when the window is brought up, it displays:

The IBM VSDs or IBM HSDs pane must be added for viewing.

The current system partition is indicated by a lightning bolt in the control workstation and system partitions pane. The Nodes pane displays all nodes in the current system partition. Other panes display virtual shared disks and hashed shared disks. You can control which panes are displayed by using the Add Pane and Delete Pane tool bar icons.

When the command is invoked, preferences that define the look and layout of the spvsd window are prioritized in the following order:

Files

The Users Preferences are read from and saved to $HOME/.spvsd(User Profile Name). The System Preferences are read from and saved to /usr/lpp/ssp/perspectives/profiles/$LANG/.spvsd(System Profile name).

The spvsd application resource file: /usr/lpp/ssp/perspectives/app-defaults/$LANG/Spvsd.

Security

Any user can run the spvsd command, although many actions in the VSD perspective require specific access to SP subsystems. The access depends on the type of security mechanism your SP system is using.

The minimum user requirements is Event Manager access in at least one partition. If this criteria is not met, the VSD perspective displays a message and exits. See the chapter on security in PSSP: Administration Guide for more information.

The following access is required to have complete use of the VSD perspective:

SDR write
To designate a node as VSD node, and to remove VSD node designation.

Hardware Monitor "VFOP"
To power on, power off and reset nodes.

Hardware Monitor serial
To network boot nodes and open a tty window to a node.

Hardware Monitor monitor
To display the LCD and LED of nodes.

Event Management
To monitor objects in a pane, display dynamic attributes in object notebooks, and track SDR and VSD subsystem changes. |

|PSSP cshutdown and cstartup command access
|To shutdown or start up nodes using the cshutdown or |cstartup commands.

CWS root commands
To fence or unfence nodes. |

|AIX remote commands
|To run commands on nodes.

VSD access
To create and remove VSDs and HSDs; and to configure HSDs and remove configuration for HSDs.

Root Privilege
To define and remove VSDs and HSDs; and to configure VSDs and remove configuration for VSDs.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).

Prerequisite Information

For information on using the IBM Virtual Shared Disk Perspective and SP Perspectives, see the online help and the "Using SP Perspectives" chapter in PSSP: Administration Guide. For information about the IBM Virtual Shared Disk subsystem, see PSSP: Managing Shared Disks.

Location

/usr/lpp/ssp/bin/spvsd

|Related Information

|You can access the IBM Virtual Shared Disk Perspective by using the SP |Perspectives Launch Pad. The perspectives command invokes |the Launch Pad. Other Perspectives windows may be launched by invoking |the following commands: spevent, sphardware, and |spsyspar.

|PSSP: Managing Shared Disks

Examples

  1. To invoke the spvsd window, enter: 
    spvsd
  2. To force spvsd to display bold text regardless of what is set in the preference files, enter: 
    spvsd -fontBold

st_clean_table

Purpose

st_clean_table - Forces the unload of the job switch resource table for a specified window on the specified node.

Syntax

st_clean_table {-h | -? | node_name} [ -w window_id] [ -a adapter] [-k]

Flags

-h
Prints out a short description of all of the flags.

-?
Prints out the usage statement.

-a
Specifies the adapter upon which the window to be cleaned resides. The default is css0.

-w window_id
Specifies the window ID for which the unload and cleanup will be done. If no window ID or -1 is specified, then the default window will be unloaded.

-k
Stops any job that is currently using the switch table on that node_name and unloads the table. The -k flag has the same function as the ST_ALWAYS_KILL option of the swtbl_clean_table API.

Operands

node_name
Specifies the name of the node upon which the switch table window will be unloaded.

Description

Use this command to override user ID (uid) checking and to unload the job switch resource table window on the node specified. The JSRT Services should be used for non-reserved windows.

Normal unloading of the job switch resource table by the swtbl_unload_table API checks that the user ID (uid) of the unload matches the uid specified during the load. The st_clean_table command ignores this check and allows the administrator to unload the window from a node. It is intended to be used for error recovery and not for normal unloading. Use this command when a parallel job has left a process in use and the window did not unload with the swtbl_unload_table API. If -k is not specified and a job is using the switch table, the unload will not be performed. The default window is defined within the st_client.h file. A single job switch resource table may contain more than one window. This command needs to be issued for every window within the table. Use the st_status command to obtain the current state of the windows. Additional error and information may be found in the /var/adm/SPlogs/st/st_log file. Additional debug information will be recorded in the log by setting the SWTBLAPIERRORMSGS environment variable to yes.

Files

/usr/lpp/ssp/include/st_client.h
Path name of the client header file.

/usr/lpp/ssp/lib/libswitchtbl.a
Path name of the shared library containing APIs.

Standard Output

After the job switch resource table window is successfully unloaded, the status should be ST_SWITCH_NOT_LOADED.

Exit Values

0
Indicates the successful completion of the command.

nonzero
Indicates that an error occurred.

Security

You must have appropriate access to the switch table to run this command.

If DCE security checking is being used, you must have the DCE credentials of the switchtbld-clean group in order to run this command. If DCE security checking is not being used, you must have root privilege to run this command.

Location

/usr/lpp/ssp/bin/st_clean_table

Related Information

See the chgcss command for information about RESERVED windows.

Commands: st_status

Examples

To stop the process currently using window 1 on adapter css0, and unload the window from k10n10, enter: 

st_clean_table -w 1 -a css0 -k k10n10

This produces the result: 

Node k10N10 adapter css0 window 1 has been unloaded

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]