University of Wisconsin-Madison  My UW
Computing @ UW-Madison

Installing AIX
Tuning AIX
Patching, Fixes, APARs
Tips & Tricks

TSM Clients

IBM pSeries Support
IBM Redbooks
IBM Documentation Library

Back to DoIT

How to Install AIX 5.1 on an IBM pSeries or RS/6000 machine

These are rough guidelines on how to build a reliable, useful pSeries machine. Your mileage may vary. This is just a set of guidelines POST uses, and we thought it might be helpful for others.

It assumes that the server has at least a 4.5GB hard disk, and a CD-ROM.

  1. Install the latest version of AIX 5.1 by booting from the CD. Install the defaults, but overwrite everything, and only include hdisk0 in rootvg.

  2. After installation & reboot, set a root password.

  3. Configure TCP/IP settings to allow proper network usage. If the network is connected, disconnect it to prohibit attacks, etc. until you are ready to patch the machine.

  4. Configure paging space, and accept the defaults up to 2048 MB of paging space. If the default is greater than 2048 MB, change it to 2048 MB. Of course, this is subject to the use of the machine, too. A huge paging space may just waste space.

  5. Exit SMIT and log into the console as root.

  6. mkdir /mnt2; mkdir /mnt3

  7. Increase the size of the default filesystems:

    • / = 262144
    • /var = 262144
    • /tmp = 524288
    • /home = 524288

  8. Create a JFS filesystem of size 1024000 in rootvg mounted at /usr/local.

  9. Connect the network again. Mount Install the following software:

    • AIX Common Desktop Environment (CDE) 1.0 (X11.dt)
    • AIXwindows Motif 1.2 Compatibility Development Toolkit (X11.compat)
    • Accounting Services (bos.acct)
    • All of bos.adt
    • All of bos.perf
    • System Accounting (bos.acct)
    • Filesystem Quota Commands (bos.sysmgt)

  10. Install the VisualAge C++ compilers.

  11. Edit /etc/rc.tcpip and comment out:

    • sendmail
    • snmpd
    • hostmibd
    • dpid2

  12. Edit /etc/security/login.cfg and append "/usr/local/bin/tcsh" to the "shells=" line near the bottom. Also change "maxlogins = 2" to "maxlogins = 32000" (or whatever you're licensed for).

  13. Mount and update the system to the latest patch set/maintenance level. Commit the patches.

  14. Shut down NFS server services ("Communications Applications and Services" -> "NFS" -> "Network File System (NFS)" -> "Configure NFS on This System" -> "Stop NFS") now and at boot time.

  15. Edit /etc/inetd.conf. Comment all services you do not want to run (which is all of them).

  16. Set /etc/motd to be:

    Authorized users only. Actual or attempted unauthorized use of this
    computer system may result in criminal and/or civil prosecution or
    University disciplinary action. We reserve the right to view, monitor,
    and record activity on this system without notice or permission. Any
    information obtained by monitoring, reviewing, or recording is subject
    to review by release to law enforcement organizations in connection
    with the investigation or prosecution of possible criminal
    unauthorized activity on the system in accordance with Federal law,
    State statute and University policy. If you are not an authorized user
    of this system, exit the system at this time.

  17. Change the Ethernet adapters to be fixed at the line speed and duplex you want. Autonegotiation often yields unpredictable results. Set the "RECEIVE buffer pool size" to be 1024 and apply the changes to the database only (they won't take until a reboot).

  18. Reboot the machine.

  19. Create a /cd0 CD-ROM filesystem for easy mounting later.

  20. Install tcsh, SSH, monitor, perl, GNU tar, GNU make, other stuff into /usr/local.

  21. Create an entry in /etc/inittab for local stuff:

    rclocal:2:wait:/usr/local/adm/rc.local > /dev/console 2>&1 # local stuff

  22. Create /usr/local/adm/rc.local if you don't have one. Add the following:

    if [ -f /usr/local/sbin/sshd ]; then
    /usr/local/sbin/sshd; echo 'starting SSH' > /dev/console &

    # RFC1323 support (required to change tcp_sendspace)
    /usr/sbin/no -o rfc1323=1

    # RFC2018 support (selective acknowledgement - required with RFC1323)
    /usr/sbin/no -o sack=1

    # Increase the upper bound on TCP & UDP socket buffers
    /usr/sbin/no -o sb_max=262144

    # TCP send & receive spaces
    /usr/sbin/no -o tcp_sendspace=131072
    /usr/sbin/no -o tcp_recvspace=131072

    # UDP send & receive spaces
    /usr/sbin/no -o udp_sendspace=131072
    /usr/sbin/no -o udp_recvspace=131072

    # Socket queue defense against SYN attacks
    /usr/sbin/no -o clean_partial_conns=1

    # Disable the sending and receiving of redirects
    /usr/sbin/no -o ipignoreredirects=1
    /usr/sbin/no -o ipsendredirects=0

    # Disable the acceptance of source routed packets
    /usr/sbin/no -o ipsrcroutesend=0

    # Do not respond to directed broadcasts
    /usr/sbin/no -o directed_broadcast=0

    # Prevent address mask queries
    /usr/sbin/no -o icmpaddressmask=0

  23. Install ESS drivers & SDD if necessary.

  24. Run "reorgvg rootvg" to put the root volume's LVs into the proper spots on disk.

  25. Mirror the root volume group.

  26. Reboot.

  27. Run burn-in tests.

  28. Install TSM client.

  29. Add to performance monitoring and error reporting systems.



Copyright © 2003 The Board of Regents of the University of Wisconsin System