Hubba's Blog

Apple Mac laptops are beautiful devices but they do cost a lot of money and usually come with very limited disk space which gets eaten up with mostly your photo library if you have an iPhone as well. - This will come and haunt you when you want to perform an update and suddenly your Mac says it does not have enough disk space. - Well here is a simple fix how to solve it.

By default on you Mac you will find it will download all your photos that you take on your other apple devices will download to the Mac in full quality. So first thing you need to do is go into you photo library preferences and change "Download Originals to this Mac" to "Optimize Mac storage"

Now this will not free up space straight away unless you are actually running out of space. - To make this happen keep open your photo library and open up a couple of terminal windows. In one of these windows being in your home directory you can start a job to fill up your available space with "dd if=/dev/zero of=bigfile.tmp". You can use the other window with "df -h ." to watch how your disk space shrinks and also do a "du -sh Pictures" to see how that directory shrinks.

Once you think that you have shrunk your photo library sufficiently you can kill the dd job and remove bigfile.tmp which should then give you sufficient space on your drive to perform your upgrade.

Note: This guide is not aimed as a step by step command reference as systems may be configured in different way - It is more of a reminder of the steps that are involved and it is still a work in progress guide.

One should familiarize themselves with the following articles:

• The AIX migration guide
• Best Practice: Migrating to AIX 7.2

The assumption is that we are working on an AIX server where rootvg is mirrored across hdisk0 and hdisk1. Just to ensure that the boot partitions are up to date it is advisable to execute "bosboot -ad /dev/hdisk0" and the same for hdisk1.

It should be ensured that we have an up to date mksysb or we should create one preferably on a NIM server that we can boot of and recover this image.

We will now have to break the rootvg mirror using "unmirrorvg rootvg hdisk1" which will now free up hdisk1.

Now we can use "alt_disk_copy -d hdisk1" to create an alternative rootdisk copy which is NOT a mirror but a copy in itself. - This will create a copy and set hdisk1 as a bootdisk.

After the copy has completed we can reboot the server and we should now see that hdisk1 has become the active rootvg and hdisk0 is in a volume group called old_rootvg.

While running on this rootvg copy we should upgrade any components that may need to be upgraded as a pre requisite to AIX 7.2 eg Veritas Filesystems if they are in use.

To do the migration to 7.2 we need to boot of the 7.2 boot media from NIM or CD/DVD and the NIM server may need to be prepped for that by adding the NIM client for a bos_install.

Once we are successfully booting of the media (remember the LED lights so you can see the process) we should be prompted on the console to press 1 to recognise that we are on the correct console. We may also be prompted for a language selection.

We should then be dropped into the install menu which by default should have chosen "Migration" rather then "Full install" - This can be checked in the advanced install configuration menu and one should also make sure that the correct disk is selected which in our case should be hdisk1 but the default may go for hdisk0 which we do not want to touch.

After the migration the server should then boot into AIX 7.2 on hdisk1 and once we have confirmed that everything is OK we can remove old_rootvg and fully remirror the disks not forgetting bosboot on all mirrors to make sure the boot sector is populated.

When SSH issues are reported it is all to tempting to jump on a box make changes to the config file to fix the suspected issues and restarting sshd.

This may not always be the best way because:

• Error messages in syslog may be misleading as it is difficult to track down an individual session and debug messages may be filtered out in syslog
• On a busy system other users that still work may get disconnected/locked out while the problem is being worked on
• In the worst case you will get disconnected and will not get back into the system other than via the console

The way to avoid this is to start ssh with the "-d" option which will start sshd in debugging mode and it will listen for one session only. If required multiple -dd (up to three) can be specified to increase the debugging level. Obviously the running ssh session is already listening on port 22 so we do not interfere with that so we need to specify a different port to listen on that is not in use with the -p option. For security reasons build into sshd you must run sshd with the full path of where it is installed.

# /usr/sbin/sshd -ddd -p 2222
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 595
debug2: parse_server_config: config /etc/ssh/sshd_config len 595
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:82 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:96 setting UsePAM yes
debug3: /etc/ssh/sshd_config:99 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:108 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:131 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:138 setting PermitRootLogin without-password
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.

Now the user can connect to that port with something like "ssh -p 2222 user@host" which will then give us detailed information of what is happening with that connection.

To make changes to the config file and to debug/test these changes it is best to make a copy of the existing config file and edit this file instead so we copy the config with something like:

# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.TEST

Then we can start a session using this config file with:

# /usr/sbin/sshd -ddd -p 2222 -f /etc/ssh/sshd_config.TEST
debug2: load_server_config: filename /etc/ssh/sshd_config.TEST

Once confident that our changes are safe and they will not break anything else we can copy the changes to the real config file and restart the main ssh daemon on the system.

We recently where locked out of an old HMC that is no longer supported but had problems with an LPAR attached to it which we are trying to get rid off so IBM where not very helpful to get us into it so I found the below procedure somewhere on the internet and now tested it on V7R7.9.0 before I will do on the real system by installing the HMC code on a VMware system - for that some hacks that are described at http://omnitech.net/reference/2013/05/01/installing-hmc-in-virtualbox/ where necessary I have lost the link to the procedure below so I am putting it here in case somebody else needs it. I did not actually have to follow the full procedure as init=/bin/rcpwsh prompted me to change the hscroot password rather than dropping me into a shell and then continued to fully boot at which stage I could just could log straight back in.

Anybody familiar with Linux will probably be familar with this procedure as it works on most linux distributions with init=/bin/bash. In case of the HMC I just was not sure how locked down these devices where and would I be challanged with encrypted filesystems and stuff like that....

Here we go:

1) Power off the HMC.

2) Power on the HMC, and as soon as the Loading grub message is displayed

quickly press the F1 key to get into grub.

The Grub menu will show one line with the text hmc.

3) On the Grub menu, select e for edit. The next GRUB screen is displayed with two lines:

root (hd0,0)

kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off

Note: The root device can vary by model: hda2 C03, C04, CR2, and hdc2 for CR3.

4) Move the cursor down to the line starting with kernel. Select e for edit.

Move the cursor to the right and append the following to the end of the string:

V5.1.0 to V6.1.1: init=/bin/bash

V6.1.2 and later: init=/bin/rcpwsh

The final string will vary slightly by version and model:

kernel (hd0,1)/boot/bzImage ro root=/dev/hda2 vga=0x317 apm=power-off init=/bin/rcpwsh

Press the Enter key to save the changes.

5) Press b to boot the changed selection.

This will boot to a bash shell on older HMC's - On newer HMC's this willl prompt you for a new hscroot password after the kernel is loaded and after changing the password it will continue to boot so you can skip the next steps until step 9. You may want to choose a simple password as the keyboard mapping may not match your locale if you are outside the US.

6) Verify root is mounted read/write. If not you may need to rmount it with

mount -o remount,rw /dev/hda2 /

Note: The root device can vary by model: hda2 C03, C04; hdc2 for CR2,CR3; sda2 for CR4.

7) Reset root and hscroot passwords. Run the following commands to reset the passwords. The command will prompt the user to enter the new password and a confirmation password. Any warning concerning the password being too simplistic can be ignored.

Reset root password:

/usr/bin/passwd

Reset hscroot password:

/usr/bin/passwd hscroot

8.) Reboot the HMC (left ctl+left alt+del).

9) Log on as hscroot.

10) Immediately after logon, use the Web-based System Manager (HMC GUI) or the chhmcusr

Hmm - just clicking around the links I noticed I have a Windows category which is completely empty - Well not sure why I even created a Windows category as I do very little with Windows so that is why it would be empty. Only thing is I do with Windows is that I run a samba server in my house as an old NT domain controller and even that is now becoming redundant since Windows 10 does not work with that and I hardly ever use Windows 10 since I have an Apple Mac book.

On Linux I have been using tput to produce colours in my output but then I noticed the other day that this does not actually seem to work on Solaris but I am not sure why so I had to resort to the old fashioned way of using escape sequences. This works perfectly fine in Linux:

#!/bin/bash
GREEN=$(tput setaf 2)
RED=$(tput setaf 1)
YELLOW=$(tput setaf 3)
NOCOL=$(tput sgr0)

echo "This works in Linux...."
echo "This is ${GREEN} Green${NOCOL} in Green"
echo "This is ${RED} Red${NOCOL} in Red"
echo "This is ${YELLOW} Yellow${NOCOL} in Yellow"
echo ""

So on Solaris this would be done like this (And this also works on Linux):

#!/bin/bash
GREEN="\033[0;32m"
RED="\033[0;31m"
YELLOW="\033[0;33m"
NOCOL="\033[0m"

echo "This works in Linux and Solaris...."
echo -e "This is ${GREEN} Green${NOCOL} in Green"
echo -e "This is ${RED} Red${NOCOL} in Red"
echo -e "This is ${YELLOW} Yellow${NOCOL} in Yellow"

So I guess I am going to have to stick to the second method to make my stuff work across platforms - From the script bits above you can see that a font effect is turned on with a code and you will have you will have to use a reset code "\033[0m" to turn it back off. The \033 ANSI escape sequence has a lot of codes to go in hand with it to do all sort of clever effects.

    echo -e "\033[31;1;4mHello\033[0m"

This example above has a comma separated list of codes so you got 31 for red, 1 for bold and 4 for underline and all this is cleared again with 0

This is a table that lists all the effect codes:

Code	Effect	Note
0	Reset / Normal	all attributes off
1	Bold or increased intensity
2	Faint (decreased intensity)	Not widely supported.
3	Italic	Not widely supported. Sometimes treated as inverse.
4	Underline
5	Slow Blink	less than 150 per minute
6	Rapid Blink	MS-DOS ANSI.SYS; 150+ per minute; not widely supported
7	[[reverse video]]	swap foreground and background colors
8	Conceal	Not widely supported.
9	Crossed-out	Characters legible, but marked for deletion. Not widely supported.
10	Primary(default) font
11–19	Alternate font	Select alternate font n-10
20	Fraktur	hardly ever supported
21	Bold off or Double Underline	Bold off not widely supported; double underline hardly ever supported.
22	Normal color or intensity	Neither bold nor faint
23	Not italic, not Fraktur
24	Underline off	Not singly or doubly underlined
25	Blink off
27	Inverse off
28	Reveal	conceal off
29	Not crossed out
30–37	Set foreground color	See color table below
38	Set foreground color	Next arguments are 5;<n> or 2;<r>;<g>;<b>, see below
39	Default foreground color	implementation defined (according to standard)
40–47	Set background color	See color table below
48	Set background color	Next arguments are 5;<n> or 2;<r>;<g>;<b>, see below
49	Default background color	implementation defined (according to standard)
51	Framed
52	Encircled
53	Overlined
54	Not framed or encircled
55	Not overlined
60	ideogram underline	hardly ever supported
61	ideogram double underline	hardly ever supported
62	ideogram overline	hardly ever supported
63	ideogram double overline	hardly ever supported
64	ideogram stress marking	hardly ever supported
65	ideogram attributes off	reset the effects of all of 60-64
90–97	Set bright foreground color	aixterm (not in standard)
100–107	Set bright background color	aixterm (not in standard)

The table below lists the basic 8bit color table which should be sufficient for most cases - there are plenty of other sources to give you 256 colours but in most cases that would not be required

While searching for some specific information on AIX today I came across a really good site which I thought I bookmark here as it contains lots of useful information: - https://aix4admins.blogspot.com/

I hope it will help others as well.

I have recently been experimenting with some stuff that needed quite a bit of storage but was not throughput intensive so I thought I use some old drives I had lying around with some USB to SATA adapters. It was working like a charm until I discovered that the application was complaining about latency which I eventually pinned down to the drives spinning down if not used for a few minutes. So any time I wanted to read data in short moments but stretched apart for a few minutes I had a delay while the drive was spinning up of about 5 to 10 seconds.

Normally I disable this in the BIOS for all drives because I don't think it actually is very healthy for the drive constantly spinning up and down but that is another debate...

It turned out that the disks actually have a kind of a BIOS setting on their own that is used when they are on USB or not controlled via some other way. - The tools that will be of help here are smartctl, hdparm and sdparm. Unfortunately there is no telling of which tools will work best in your scenario since some of the tools work differently on different models of drives and even more so if they are hanging of USB.

In some cases sdparm is your friend:

sdparm --all /dev/sda | grep STANDBY
  STANDBY_Y     0  [cha: n, def:  0, sav:  0]
  STANDBY       1  [cha: y, def:  1, sav:  0]

The above has power saving enabled - to disable this we can do:

sdparm --clear=STANDBY /dev/sda

Which should set the previous to:

sdparm --all /dev/sda | grep STANDBY
      STANDBY_Y     0 [cha: n, def: 0, sav: 0]
      STANDBY       0 [cha: y, def: 1, sav: 0]

I have also seen in some cases a STANDBY_Z variable that was set to 1 and clearing that did the trick.

The more elegant way is using hdparm but it would not work on all of my drives

 hdparm -B /dev/sdb
   /dev/sdb:
   APM_level = 128

The lower the number of APM_level is the more aggressive is the power management vs I/O numbers below 128 permit spin down and any higher numbers up to 254 prevent spin down - 255 will disable Power Management:

hdparm -B255 /dev/sdb
/dev/sdb:
 setting Advanced Power Management level to disabled
SG_IO: bad/missing sense data, sb[]:  70 00 01 00 00 00 00 0a 00 00 00 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
APM_level = off

There is also an hdparm -C and -S option - The -C is used to query the APM_level and -S 0 should diable power saving which did not work for me though - although take a look at the man page with the -Z option for Seagate drives.

I could not get smartcl to work reliably on my USB converter so I can not comment on the usage much as smartctl -g apm on any of my devices would just return unavailable.

On AIX the serial number of the system can be retrieved multible ways. - "lsconf | head" will get you the serial number and you can grep it out of that output but actually this is quite an expensive call to make if you are doing this across a large estate to populate your inventory database. lsconf will actually go down and probe the hardware for things and will be quite in efficiant.

The serial number is actually stored on the local filesystem in the ODM which is the system registry for an AIX system and it is much more efficient to retrieve it from there using "odmget CuAt | grep -p systemid"

The command you are looking for is "lsrsrc IBM.MCP".

- Note the above command is lsrsrc NOT lssrc!

This will return a bunch of information - The bits you are looking for is "KeyToken" which is the HMC hostname and "HMCIPAddr" which is the public IP address of the HMC. "HMCAddIPs" is the private IP that is talking to the pSeries frame.

There may more than one resource listing these if there are two HMC's that are connected.