A general 10-point checklist for new build AIX servers.
Actual check-point and values may vary. This is just a reference.
Quick Checkpoint:
1. Adjust paging size;
2. Configure NIC/etherchannel;
3. Update /etc/security/limits;
4. Check/configure the dump devices;
5. Create a shutdown wrapper;
6. Setup/modify sudo privilege;
7. Install additional packages (SAN, EMC, HDS, etc.)
8. Setup NIS client (if required)
9. Mirror rootvg and verify rootvg mirroring
10. Fine tune kernel memory settings (vmo)
1. Increase paging space size as appropriate:
# mkps –a –n –sXX rootvg
Update the system settings:
# chdev -l aio0 -a minservers='250' -a maxservers='500'
# chdev -l aio0 -a maxreqs=8192 –a autoconfig='available'
# chdev -l sys0 -a cpuguard=enable -a autorestart=true
# chdev -l sys0 -a iostat=true
# chdev -l sys0 -a maxuproc=500
2. Configure NIC adapter and create etherchannel:
Remove and recreate the interface used to build the OS:
# ifconfig enX down detach
# rmdev –dl enX
# cfgmgr -v
Check each NIC adapter's media speed:
# lsdev -Cc adapter | awk '{print $1}' | grep ent | while read i
do
echo "################## $i"
lsattr -El $i -a media_speed
done
Update each NIC adapter's media speed as necessary:
# chdev -l entX -a media_speed=100_Full_Duplex
(For Gigabit Ethernet, use auto_negotiation)
Create the etherchannel interface which should look like:
EtherChannel / Link Aggregation: ent8
Status: Available
Attributes:
adapter_names ent4 EtherChannel Adapters
alt_addr 0x000000000000 Alternate EtherChannel Address
auto_recovery yes Enable automatic recovery after failover
backup_adapter ent6 Adapter used when whole channel fails
hash_mode default Determines how outgoing adapter is chosen
mode standard EtherChannel mode of operation
netaddr 10.150.144.129 Address to ping
noloss_failover yes Enable lossless failover after ping failure
num_retries 2 Times to retry ping before failing
retry_time 5 Wait time (in seconds) between pings
use_alt_addr no Enable Alternate EtherChannel Address
use_jumbo_frame no Enable Gigabit Ethernet Jumbo Frames
Use the etherchannel to set up the server's public network connectivity
3. Update /etc/security/limits:
default:
fsize = -1
core = 2097151
cpu = -1
data = -1
rss = -1
stack = -1
nofiles = 2000
4. Configure the dump device:
# sysdumpdev –K
# sysdumpdev –C
# sysdumpdev -Pp /dev/sysdumpnull
# rmlv hd7
# mklv -y hd7 -a im -t sysdump rootvg 16 <== 4G based on 256 MB PP size # sysdumpdev -Pp /dev/hd7 5. Create the /etc/rc.shutdown script: ##################### Beginning of rc.shutdown ##################### if [ -r /tmp/allowshutdown ];then rm -f /tmp/allowshutdown ps -ef | grep "/opt/VRTSvcs/bin/had" | grep -v grep > /dev/null
if [ $? -eq 0 ];then
echo
echo "WARNING: VCS should be stopped before shutdown is run"
echo
exit 1
fi
echo "Running /etc/rc.shutdown, please wait...."
exec 1>/tmp/shutdown.log 2>&1
date
#
# Add the processes to be shut down in background here
#
# sleep 120
else
echo
banner `hostname`
echo
echo "WARNING: If you really want to shutdown this system"
echo " you must create the file /tmp/allowshutdown"
echo
exit 1
fi
######################## End of rc.shutdown ########################
# chmod 700 /etc/rc.shutdown
6. Setup sudo: edit /etc/sudoers for proper setting
7. Install EMC (optional)
# Install EMC Software and License Key
echo "PP_LPAR_KEY_FIX=1" >> /etc/environment
Install EMC ODM definitions:
# cd /emc_package_home
# installp -agXd. EMC
Install EMC PowerPath:
# installp -agXd. EMCpower
Add EMC PowerPath license key:
# emcpreg -add wxyz-wxyz-wxyz-wxyz-wxyz-wxyz
Install Solution Enabler:
# installp -agXd. EMCsymm
Config sendmail for security
Reboot:
# touch /tmp/allowshutdown
# shsutdown -rF
Add the appropriate netgroups to /etc/passwd
Create the /etc/no_shell file:
##################### Beginning of /etc/no_shell #####################
#!/bin/sh
/bin/cat 1>&2 <
8. Setup NIS client and Test NIS:
Add the following entry to /etc/environment:
# echo "YPBIND_MAXWAIT=10" >> /etc/environment
Create ypservers from
Change the domain name:
(For PROD/DR servers)
# /usr/sbin/chypdom -B prod.us.db.com
(For DEV/UAT servers)
# /usr/sbin/chypdom -B dev.us.db.com
This command updates /etc/rc.nfs:
if [ -x /usr/bin/domainname ]; then
/usr/bin/domainname
fi
Start ypbind:
# /usr/sbin/mkclient -B -S
This command updates /etc/rc.nfs:
if [ -x /usr/lib/netsvc/yp/ypbind ]; then
start ypbind /usr/lib/netsvc/yp/ypbind -ypsetme
/usr/sbin/ypset
fi
Verify that ypbind is running:
# ps -ef | grep ypbind
# ypwhich
# ypwhich -m
# ypcat passwd
Append the following line to /etc/group for NIS group access:
# echo "+:" >> /etc/group
Update host resolution order (if needed):
/etc/netsvc.conf --> hosts=local,bind - OR -
NSORDER=local,bind;export NSORDER
(Default is bind,nis,local)
9. Mirror rootvg
# mirrorvg –S rootvg
# bosboot -ad /dev/ipldevice
# bootlist -m normal hdisk0 hdisk1
10.Tune VMM (vmo, ioo)
vmo -a
vmo -o
For Sybase ASE servers on AIX 5.xL, to ensure the best performance on Sybase, set the following parameters:
maxperf% = 25% (default is 80%)
strict_maxperf = 1
For details on vmo and database performance issue, please refer to this blog article.
