IBM AIX
AIX,是IBM專有UNIX作業系統的商標名。名稱來自先進互動執行系統(英語:Advanced Interactive executive,縮寫為)。最初的名稱來自英語:Advanced IBM Unix,但或許這個名字沒有得到法律部門的允許,因此更改為"Advanced Interactive eXecutive"。
- Migrate System Accounts to another Server
- AIX 管理技巧
- AIX VM with qemu
- Learning
- AIX VM with virt-manager
Migrate System Accounts to another Server
Cloning AIX users and groups between servers
# one-liner to generate the commands to clone groups
lsgroup -c -a id ALL | grep -v ^# | awk -F: '{print "mkgroup id=" $2, $1}'
# one-liner to generate the commnads to clone users
lsuser -c -a id pgrp groups home shell gecos ALL | grep -v ^# | awk -F: '{print "useradd -m -u", $2, "-g", $3, "-G", $4, "-c \"" $7 "\" -d ", $5, $1}'
Copying AIX password hashes between servers
# grep -p root /etc/security/passwd
root:
password = 2zfymAdUyNdA.
lastupdate = 1360555127
echo 'root:2zfymAdUyNdA.' | chpasswd -ec
gen_reset_password.sh:
#!/usr/bin/ksh
for user in `lsuser -a ALL`; do
[ -n "$1" -a "$user" != "$1" ] && continue
if grep -p ^${user}: /etc/security/passwd | grep -q "password = "; then
hash=`grep -p ^${user}: /etc/security/passwd | grep "password = " | awk -F " = " '{print $2}'`
echo "echo '${user}:${hash}' | chpasswd -ec"
fi
done
# ./gen_reset_password.sh
echo 'root:2zfymAdUyNdA.' | chpasswd -ec
echo 'daemon:*' | chpasswd -ec
echo 'bin:*' | chpasswd -ec
echo 'sys:*' | chpasswd -ec
echo 'adm:*' | chpasswd -ec
echo 'uucp:*' | chpasswd -ec
echo 'guest:*' | chpasswd -ec
echo 'nobody:*' | chpasswd -ec
echo 'lpd:*' | chpasswd -ec
echo 'testusr1:MRGY5M7l56OTA' | chpasswd -ec
echo 'testusr2:skG.DjnbSmVaA' | chpasswd -ec
echo 'testusr3:EdRZo9SPb1Jig' | chpasswd -ec
echo 'testusr4:hk3qpcroid1qg' | chpasswd -ec
echo 'testusr5:1XaeSLhwCv19s' | chpasswd -ec
AIX 管理技巧
Install package lsof
Where to download the lsof, bind, rsyslog, openssh, openssl, etc packages?
lsof_4.892.tar
tar xf lsof_4.892.tar
cd lsof_4.892
installp -acgXYd . lsof.base lsof.license lsof.man.en_US
lsof -v
tar xf lsof_4.892.tar
cd lsof_4.892
smitty installp
# Install Software
# INPUT device / directory for software [.] << Input a dot
# SOFTWARE to install [_all_latest] << Esc + 4, Esc + 7
# ACCEPT new license agreements? yes
User & Group
# Create a new user
mkuser admin="false" pgrp="staff" gecos="Test User" test3
mkuser admin="false" pgrp="staff" groups="sshusers" gecos="Test User" test3
# Remove a user
rmuser -p <user-name>
Network
Check the interface
lsdev -Cc if
lsdev -Cc adapter
lscfg -vpl ent0
lsattr -El ent0
lsattr -El en0
Set the network
# Set the ip/netmask/gateway
/usr/sbin/mktcpip -h'aixvm' -a'192.168.99.100' -m'255.255.255.0' -i'en0' -g'192.168.99.1' -A'no' -t'N/A'
# Set the DNS server addr
echo "nameserver 1.1.1.1" > /etc/resolv.conf
LVM
PV
# Add a disk hdisk3 to a PV
## NOTE: 新 disk 要加入 PV 成功後,執行 lspv 才會有 pv-id
cfgmgr
chdev -l hdisk3 -a pv=yes
lspv
# Remove a PV from a disk hdisk3
## If done, the pv-id appears 'none'
chdev -l hdisk3 -a pv=clear
lspv
VG
# Create VG with 128M(PP size)
mkvg -y <vg-name> -s 128 hdisk1 hidisk2
# Add PVs hdisk3, hdisk4 to specific VG
extendvg <vg-name> hdisk3 hdisk4
# Remove a VG with PVs hdisk3, hdisk4
reducevg <vg-name> hdisk3 hdisk4
LV
# Create LV with 5G
## mklv -y <lv-name> -t jfs2 <vg-name> [LP-number|GB-size]
/usr/sbin/mklv -y'siview_lv' -tjfs2 smapvg 80
/usr/sbin/mklv -y'siview_lv' -tjfs2 smapvg 10G
# Remove a LV
rmlv <lv-name>
Filesystem
# Create a filesystem with /data
## -A: Whether the filesystem is mounted at each system restart.
## crfs -v jfs2 -A yes -d <lv-name> -m <mount-point> -a logname=INLINE
/usr/sbin/crfs -v 'jfs2' -A'yes' -d'siview_lv' -m'/home/siview' -a logname=INLINE
mount /home/siview
# Extend the size of 1024MB for specified filesystem
chfs -a size=+1024M /home
## Alternatively, resizing to specified number
chfs -a size=2048M /home
# Remove a filesystem
## Check if the mount-point has been closed/syncd
lslv -l <vg-name>
rmfs <mount-point>
資安相關指令
# Login Failed
who /etc/security/failedlogin | tail -50
# Check the number of previous unsucessful logins for the account to confirm it is blocked
lsuser -a account_locked unsuccessful_login_count {ALL|user_name}
# Reset unsucessful login counter
chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s {user_name}
# Unlock the locked account
chuser account_locked=false {user_name}
# Lock account
chuser account_locked=true {user_name}
# List the locked accounts
lsuser ALL | sed -n '/account_locked=true/p' | sed '/sshd/d' | awk '{print $1}'
登入失敗後自動鎖定
- 可指定帳號或全域設定
- 注意:retry 的次數是累計制,登入成功一次,計數不會歸零
- 解鎖方式是歸零登入失敗的計數
chuser loginretries=5 <username>
lsuser -a loginretries <username>
監控 errpt
Sample #1
#!/usr/bin/env bash
#
# $0 = errptcheck_v3.sh
#
# Created: 05/16/2005 A-lang Hsu.
# Updated:
# - v4, 11/19/2015 A-Lang
# - v5, 11/17/2020 A-Lang
#
#
# This script will check the error log
# for new entries. Upon finding them, it will send an email to
# administrators containing a message indicating the change
# in errlog status, as well as the offending lines.
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/es/sbin/cluster/utilities
tmpfile="errptcheck.$$"
trap "rm -f $tmpfile" EXIT
today="$(date +'%Y-%m-%d')"
nowtime="$(date +'%T')"
# Excluded identifier id
# 573790AA - The default log file has been changed.
# A3B02BE6 - sddsrv CAN'T WRITE ITS LOG FILE
#
#EXCLUDE_ID=" \
#573790AA \
#A3B02BE6 \
#"
EXCLUDE_ID=""
#
if $(which get_local_nodename >/dev/null 2>&1); then
my_hostname=`hostname`#`get_local_nodename`
else
my_hostname=`hostname`
fi
mail_subject="Warning:Hardware/Software error notification for host $my_hostname"
mail_to="alang@mycom.com"
#ec=`errpt -dH,S,U,O | grep -v "IDENTIFIER TIMESTAMP" | wc -l`
ERRGREP=""
n=0
for i in $EXCLUDE_ID;do
n=$(($n+1))
if [ "$n" -eq 1 ];then
ERRGREP="$i"
else
ERRGREP="$ERRGREP|$i"
fi
done
if [ -z "$ERRGREP" ]; then
ec=`errpt -dH,S,U,O | grep -v "IDENTIFIER TIMESTAMP" | wc -l`
else
ec=`errpt -dH,S,U,O | grep -v "IDENTIFIER TIMESTAMP" | grep -vE "$ERRGREP" | wc -l`
fi
if [ "$ec" -ne "0" ] ; then
ec=`echo $ec | bc`
cat <<EOF > $tmpfile
##############################################################
This message was generated automatically by host ${my_hostname}.
Please don't reply to this message.
##############################################################
The checked time is ${today} ${nowtime}
${ec} new errors have been found on $my_hostname.
EOF
errlogl=`errpt -dH,S,U,O -a`
cat <<EOF >> $tmpfile
Errlog details below:
${errlogl}
EOF
mail -s "$mail_subject" "$mail_to" < $tmpfile;
cat $tmpfile
fi
Sample #2
#! /bin/ksh
#
# $0 = errmon.sh
#
# Written 11/3/1998 Bill Verzal.
#
# This script will run every [interval] and check the error log
# for new entries. Upon finding them, it will send an email to
# administrators containing a message indicating the change
# in errlog status, as well as the offending lines.
#
if [ "$1" = "-v" ] ; then
set -x
fi
lc="NULL"
tc="$lc"
# lc="last count"
# tc="this count"
#interval=900
interval=300
# Divide interval by 60 to get number of minutes.
me="$0 - Hardware error monitoring"
myname=`hostname`
args="$*"
#mailto="root"
mailto="alert"
true=0
false=1
boj=`date`
echo "$me started.\nThis message goes to $mailto." | mail -s "Errlog monitoring for $myname" $mailto
logger "$0 started"
while [ "$true" != "$false" ] ; do
tc=`errpt -dH,S,U,O | wc -l`
if [ "$lc" = "NULL" ] ; then
lc="$tc"
fi
if [ "$lc" -ne "$tc" ] ; then
foo=`echo "$tc-$lc"|bc`
msg="$foo new errors have been found on $myname"
page_msg="$foo new errors have been found on $myname"
errlogl=`errpt -dH,S,U,O -a`
if [ "$tc" -eq "0" ] ; then
msg="$msg\n Errlog was cleared"
else
logger $msg
msg=" $msg \n Errlog details below:\n $errlogl \n"
echo "$msg" | mail -s "Errlog status change on host $myname" $mailto
fi
fi
lc="$tc"
sleep $interval
done
解封 HMC root
Restrictd users to switch to root
# Create a group sysadm
mkgroup sysadm
# Add the user1 that is allowed to su to root into the group sysadm
chgrpmem -m + user1 sysadm
lsgroup sysadm
chsec -f /etc/security/user -s root -a sugroups=sysadm
# Reset to the default, sugroups=ALL
# Alternatively
smitty user
# Change / Show Characteristics of a User
# User Name [root]
# SU GROUPS [sysadm]
Restricted Shell
針對指定帳號限制登入後的預設 Shell 環境的執行權限
教學:
Defaul Shell:
# Change the default shell for the user to the restricted shell such as rksh or Rsh.
chuser shell=/usr/bin/rksh <user-name>
# OR
chsh <user-name> /usr/bin/rksh
.profile:
# Add the commands that are allowd to run by the user into the directory.
mkdir /usr/bin/restricted
cd /usr/bin/restricted
ln -s /usr/bin/date date
# Create a .profile in the user's home directory and set the PATH environment variable to
# a directory containing all of the commands you want the user to be able to run
export PATH=/usr/bin/restricted
Core dump
# 解析 core file
dbx -C ./core
(dbx) corefile
(dbx) dump
(dbx) quit
System dump
errpt:
67145A39 0413095315 U S SYSDUMP SYSTEM DUMP
Copy the dump from the dump device to a file using the savecore
command:
savecore .
Yes, the period is necessary. It indicates you want the dump copied to your current directory
savecore will copy the dump to your current directory, and name it:
vmcore.0.BZ
Uncompress the dump using the dmpuncompress command:
dmpuncompress vmcore.0.BZ
Lastly, format the dump:
/usr/lib/ras/dmprtns/dmpfmt -c vmcore.0
Reading a Dump
kdb vmcore.0 vmunix.0
系統效能
Memory - svmon
# For a summary of the top 15 processes using memory on the system
svmon -Pt15 | perl -e 'while(<>){print if($.==2||$&&&!$s++);$.=0 if(/^-+$/)}'
-------------------------------------------------------------------------------
Pid Command Inuse Pin Pgsp Virtual 64-bit Mthrd 16MB
18547096 db2sysc 3956861 12944 282407 4007901 Y Y N
19333470 db2sysc 690873 12944 26772 688572 Y Y N
19726694 db2sysc 271696 12944 6198 287133 Y Y N
13500914 db2sysc 263458 12943 18957 285159 Y Y N
1966448 shlap64 109377 12900 3432 122071 Y N N
13631924 db2vend 105589 12900 597 115784 Y N N
19005734 db2sysc 105082 12902 409 114965 Y Y N
20709798 db2sysc 105071 12900 409 114953 Y N N
20119938 db2sysc 105071 12900 409 114953 Y N N
20185458 db2sysc 105071 12900 408 114953 Y N N
15597848 db2vend 104222 12900 1771 115608 Y N N
21430722 db2sysc 103728 12900 1576 114777 Y N N
21037528 db2sysc 103724 12902 1576 114773 Y Y N
14025064 db2sysc 103696 12900 1608 114777 Y N N
18350424 db2sysc 103696 12900 1608 114777 Y N N
Sar
如果出現 sar: 0551-201 Cannot open /var/adm/sa/sa09,修復請執行 sar -o /var/adm/sa/sa09 10
# CPU
sar -u 2 10
# Mmeory
sar -r 2 10
# I/O
sar -b 2 10
iostat
iostat 2 10
Perl 應用
快速檢查特定模組安裝
perl -e "use LWP::UserAgent;"
perl -e "use DBI;"
HTTP GET request
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
my $server_endpoint = "http://192.168.1.1:8000/service";
# set custom HTTP request header fields
my $req = HTTP::Request->new(GET => $server_endpoint);
$req->header('content-type' => 'application/json');
$req->header('x-auth-token' => 'kfksj48sdfj4jd9d');
my $resp = $ua->request($req);
if ($resp->is_success) {
my $message = $resp->decoded_content;
print "Received reply: $messagen";
}
else {
print "HTTP GET error code: ", $resp->code, "n";
print "HTTP GET error message: ", $resp->message, "n";
}
HTTP POST request
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
my $server_endpoint = "http://192.168.1.1:8000/service";
# set custom HTTP request header fields
my $req = HTTP::Request->new(POST => $server_endpoint);
$req->header('content-type' => 'application/json');
$req->header('x-auth-token' => 'kfksj48sdfj4jd9d');
# add POST data to HTTP request body
my $post_data = '{ "name": "Dan", "address": "NY" }';
$req->content($post_data);
my $resp = $ua->request($req);
if ($resp->is_success) {
my $message = $resp->decoded_content;
print "Received reply: $messagen";
}
else {
print "HTTP POST error code: ", $resp->code, "n";
print "HTTP POST error message: ", $resp->message, "n";
}
NFS
Can't mount remotely Linux host on AIX
Try to run the following commands on your AIX.
nfso -o nfs_use_reserved_ports=1
nfso -o portcheck=1
AIX Toolbox
- AIX Toolbox for Open Source Software : Downloads alpha (ibm.com)
- Configuring YUM and creating local repositories on IBM AIX - IBM Developer
- Tips for Installing Python or other AIX Toolbox for Open Source Software
AIX VM with qemu
Introduction
What can it be used for?
- AIX Training and Practice
- Testing/Developing Environment for AIX
- Cybersecurity Lab for AIX
- Running AIX on your laptop for whatever you want to accomplish
Prerequisities:
- QEMU Install
- aix_7200-04-00-1937_1of2_112019.iso
- Fedora 40 Linux Install (Recommended)
QEMU commands
PowerPC System Board-specific
qemu-system-ppc64 --machine help
cobra@fedora-vm:~$ qemu-system-ppc64 --version
QEMU emulator version 8.2.6 (qemu-8.2.6-3.fc40)
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers
這版的 QEMU 已經修復了 ps, crontab, cron, java 指令問題。
Install AIX from CD-ROM
Create a VM disk
mkdir aix72VM
cd aix72VM
qemu-img create -f qcow2 hdisk0.qcow2 20G
注意: AIX 版本必須 7200-03-00 以後版本才有支援。
aix_7200-04-00-1937_1of2_112019.iso
cd aix72VM
mv aix_7200-04-00-1937_1of2_112019.iso AIX72.iso
Boot from cd-rom
cd aix72VM
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial stdio \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=drive-virtio-disk0 \
-cdrom $PWD/AIX72.iso \
-prom-env "boot-command=boot cdrom:" \
-prom-env "input-device=/vdevice/vty@71000000" \
-prom-env "output-device=/vdevice/vty@71000000"
Type 1 and press Enter
Press Enter
Type 2
Type 4
Type 5
Type 0
Press Enter to install AIX
看到這畫面時,表示 AIX 作業系統已經完成安裝。
輸入 Ctrl + C 離開
Fix boot issue
Boot from cd-rom
cd aix72VM
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial stdio \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=drive-virtio-disk0 \
-cdrom $PWD/AIX72.iso \
-prom-env "boot-command=boot cdrom:" \
-prom-env "input-device=/vdevice/vty@71000000" \
-prom-env "output-device=/vdevice/vty@71000000"
Type 1 and press Enter
Press Enter
Type 3
Type 0
Type 1
Type 1
輸入修復開機指令
Fix boot issue
cd /sbin/helpers/jfs2
mv fsck64 fsck64.old
ln -s fsck fsck64
mv logredo64 logredo64.old
ln -s logredo logredo64
sync;sync;
halt
First boot from hdisk
cd aix72VM
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial stdio \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=drive-virtio-disk0 \
-cdrom $PWD/AIX72.iso \
-prom-env "boot-command=boot hdisk:" \
-prom-env "input-device=/vdevice/vty@71000000" \
-prom-env "output-device=/vdevice/vty@71000000"
Type vt100
Select: Accept License Agreements
Tips: 如果這裡的畫面出現沒有對齊的情況,且影響到後續的操作。按下 Ctrl + C 先中斷離開,將終端機的字形調更小,然後再重新執行步驟。
Select: Accept Software Maintenance Terms and Conditions
Select: Set root Password
Tip: 設定完密碼後,最後要選擇 Task Completed - Exit to Login。如果略過這,下次在開啟系統時,初始化的步驟仍會再出現。
用剛剛設定的 root 帳密登入
Post-tasks
- Disable some problematic services
rmitab diagd
rmitab rcnfs
rmitab aso
rmitab clcomd
rmitab pfcdaemon
stopsrc -s clcomd
stopsrc -s pfcdaemon
- Network setup
On Linux)
net_tap.sh:
BRIDGE=virbr0
NETWORK=192.168.99.0
NETMASK=255.255.255.0
GATEWAY=192.168.99.1
DHCPRANGE=192.168.99.2,192.168.99.50
TAP=tap0
sudo ip link add $BRIDGE type bridge
sudo ip link set dev $BRIDGE up
sudo ip addr add dev $BRIDGE $GATEWAY/$NETMASK
sudo ip tuntap add $TAP mode tap
sudo ip link set $TAP master $BRIDGE
sudo ip link set up dev $TAP
# Uncomment the following lines to enable the DHCP server
#dns_cmd=(
# dnsmasq
# --strict-order
# --except-interface=lo
# --interface=$BRIDGE
# --listen-address=$GATEWAY
# --bind-interfaces
# --dhcp-range=$DHCPRANGE
# --conf-file=""
# --pid-file=/var/run/qemu-dnsmasq-$BRIDGE.pid
# --dhcp-leasefile=/var/run/qemu-dnsmasq-$BRIDGE.leases
# --dhcp-no-override
#)
#echo ${dns_cmd[@]} | sudo bash
Run net_tap.sh
bash net_tap.sh
Allow access to internet
sudo firewall-cmd --permanent --zone=public --add-interface=tap0
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --reload
Boot with network interface tap0
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial mon:stdio \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=drive-virtio-disk0 \
-cdrom $PWD/AIX72.iso \
-net nic -net tap,script=no,ifname=tap0 \
-prom-env "boot-command=boot disk:" \
-nographic
On AIX)
# Check the network interface
lsdev -Cc if
lsdev -Cc adapter
# Set the ip
chdev -l en0 -a netaddr=192.168.99.100 -a netmask=255.255.255.0 -a state=up
route add 0 192.168.99.1
# Alternatively, using the following command instead
/usr/sbin/mktcpip -h'aixvm' -a'192.168.99.100' -m'255.255.255.0' -i'en0' -g'192.168.99.1' -A'no' -t'N/A'
echo "nameserver 1.1.1.1" > /etc/resolv.conf
- Increase the filesystem size
lsdev -Cc disk
lscfg -vl hdisk0
chfs -a size=+1024M /home
chfs -a size=+2048M /opt
chfs -a size=+512M /tmp
chfs -a size=+2048M /usr
chfs -a size=+1024M /var
- Install OpenSSH
mount -v cdrfs -o ro /dev/cd0 /mnt
mkdir /tmp/ssh_install
cd /mnt/installp/ppc
cp openssh* /tmp/ssh_install
cd /tmp/ssh_install
installp -acgXYd . openssh.base openssh.license openssh.man.en_US openssh.msg.en_US
lssrc -s sshd
- Fix the RPM issue
error: cannot open Packages index using db4 - Invalid argument (22)
error: cannot open Packages database in /opt/freeware/packages
error: db4 error(22) from dbenv->open: Invalid argument
Solution: fixrpm.sh
#!/usr/bin/ksh
cd /opt/freeware
rm -f *.rpm.packages.tar
tar -chvf `date +"%d%m%Y"`.rpm.packages.tar packages
rm -f /opt/freeware/packages/__*
/usr/bin/rpm --rebuilddb
exit 0
Edit /etc/initab, insert the line after the rctcpip
rctcpip:23456789:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons
fixrpm:23456789:once:/fixrpm.sh > /dev/null 2>&1 # Added by Alang
- Install AIX Toolbox
Download the files
- dnf_aixtoolbox.sh : https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/dnf_aixtoolbox.sh
- openssl-1.1.2.2000.tar.Z : https://www.ibm.com/resources/mrs/assets?source=aixbp&S_PKG=openssl
cd /home/worktmp
uncompress openssl-1.1.2.2000.tar.Z
tar -xvf openssl-1.1.2.2000.tar
cd openssl-1.1.2.2000
installp -qaXFY -d . openssl.base openssl.license openssl.man.en_US
openssl version
cd /home/worktmp
rpm --rebuilddb
ksh dnf_aixtoolbox.sh -y
/opt/freeware/bin/dnf update
/opt/freeware/bin/dnf install bash
- Optional tasks
> Custom the prompt, create the profile /.profile
PS1="`whoami`@`hostname -s`:"'${PWD##*/}> '
> Timezone
smitty > System Environments > Change/Show Date and Time > Change Time Zone Using System
echo $TZ
> The ordering of certain name resolution services
修復 ping 本地主機名時會回應遲鈍問題。
Edit: /etc/netsvc.conf
hosts = local, bind4
> Set the environment variables
Edit: /etc/environment
# Fix for not properly displaying with smitty on the tmux
TERM=xterm
其他管理工作
- 掛載 CD ISO 檔
修改qemu 啟動參數 -cdrom /path/to/your-cd.iso
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial mon:stdio \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device virtio-scsi-pci,id=scsi \
-device scsi-hd,drive=drive-virtio-disk0 \
-cdrom $PWD/AIX72.iso \
-net nic -net tap,script=no,ifname=tap0 \
-prom-env "boot-command=boot disk:" \
-nographic
AIX 掛載指令
mount -v cdrfs -o ro /dev/cd0 /mnt
- 增加第2顆虛擬硬碟
在 Linux 主機:新增 5G 虛擬磁碟 hdisk1.qcow2
cd aix72VM
qemu-img create -f qcow2 hdisk1.qcow2 5G
修改啟動指令,新增兩行參數
-drive file=hdisk1.qcow2,if=none,id=drive-virtio-disk1 \
-device scsi-hd,drive=drive-virtio-disk1 \
完整啟動參數
qemu-system-ppc64 -cpu POWER8 \
-machine pseries -m 4096 -serial mon:stdio \
-cdrom $PWD/AIX72.iso \
-device virtio-scsi-pci,id=scsi \
-drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 \
-device scsi-hd,drive=drive-virtio-disk0 \
-drive file=hdisk1.qcow2,if=none,id=drive-virtio-disk1 \
-device scsi-hd,drive=drive-virtio-disk1 \
-net nic -net tap,script=no,ifname=tap0 \
-prom-env "boot-command=boot disk:" \
-nographic -smp 2
在 AIX 主機:檢視硬碟 hdisk1
root@aixvm:> lspv
hdisk0 00000000375ffb46 rootvg active
hdisk1 none None
root@aixvm:> lsdev -Cc disk
hdisk0 Available 00-10 MPIO Other Virtio SCSI Disk Drive
hdisk1 Available 00-10 MPIO Other Virtio SCSI Disk Drive
root@aixvm:> lscfg -vpl hdisk1
hdisk1 qemu_virtio-scsi-pci:0000:00:02.0-LW_0 MPIO Other Virtio SCSI Disk Drive
Manufacturer................QEMU
Machine Type and Model......QEMU HARDDISK
Part Number.................
ROS Level and ID............322E352B
Serial Number...............
EC Level....................
FRU Number..................
Device Specific.(Z0)........00000512FA000012
Device Specific.(Z1)........
Device Specific.(Z2)........
Device Specific.(Z3)........
Device Specific.(Z4)........
Device Specific.(Z5)........
Device Specific.(Z6)........
PLATFORM SPECIFIC
Name: disk
Node: disk
Device Type: block
- 增加 vCPU
預設 QEMU 只有 1 vCPU,要改善 AIX 的效能,可以視硬體等級增加更多 vCPU。
qemu-system-ppc64
啟動參數加上
-nographic -smp 2,sockets=2,cores=1,threads=1
- 增加虛擬網卡裝置
qemu-system-ppc64
啟動參數設置兩個虛擬網卡
-net nic \
-net nic \
-net tap,script=no,ifname=tap0 \
如果要榜定 mac addr.
-net nic,macaddr=56:44:45:30:31:31 \
-net nic,macaddr=56:44:45:30:31:32 \
-net tap,script=no,ifname=tap0 \
References
- AIX on qemu-system-ppc64
- Run AIX 7.2 on x86 with QEMU – Kwakou SysAdmin
- Qemu模拟器运行AIX 7.2 系统 - 运维小菜鸟 - 博客园 (cnblogs.com)
- Run your AIX VM on x86 using KVM and QEMU (ibm.com)
- qemu7模拟安装aix72,详细过程,附带镜像_aix 7.2版本qcow2格式镜像下载-CSDN博客
- 遷移現有 AIX 7.2 系統至 QEMU VM
- AIX 7.2 虚拟机安装 - 杰哥的{运维,编程,调板子}小笔记 (jia.je)
- AIX for System Administrators: DEVOPS - QEMU (aix4admins.blogspot.com)
- YT: AIX 7.2 installation in QEMU - YouTube
- YT: Install AIX on QEMU using virsh and virt-manager tools - YouTube
- YT: Updates on Install AIX and run PowerHA using virsh and virt-manager - YouTube
- libvirt: QEMU command-line passthrough
Learning
Tutorials
- YT: Aix administration - YouTube
- YT: online AIX training for beginners - YouTube
- YT: AIX in Focus - YouTube
- YT: IBM AIX - YouTube
AIX VM with virt-manager
技巧
- AIX系統的虛擬磁碟 hdisk0 ,裝置類型必須是 SCSI 磁碟,並且使用指令先建立
qemu-img create -f qcow2 hdisk0.qcow2 20G
,磁碟大小可自行調整。 - 修改 xml 檔時,可以在 virt-manager 介面上操作,或者以指令模式替代。指令是
virsh edit <vm-name>
。
XML
- 修改 iso 檔路徑
- XML 檔增加第一行
<domain type=....>
與<qemu:comandline> .... </qemu:commandline>
<domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
...
<devices>
...
</devices>
<qemu:commandline>
<qemu:arg value='-prom-env'/>
<qemu:arg value='boot-command=boot cdrom:'/>
<qemu:arg value='-cdrom'/>
<qemu:arg value='/home/cobra/aix72VM2/AIX72.iso'/>
</qemu:commandline>
</domain>