1. mv: 0653-405 ./smit_result/smit.log and smit_result/smit.log are identical.
2. lsps –a输出结果各项意思
Page Space Physical Volume Volume Group Size %Used Active Auto Type
hd6 hdisk0 rootvg 2048MB 3 yes yes lv
3. something about boot
系统启动是否自动加载
- sa1 命令 /var/adm/sa 写数据
- /etc/syslog.conf
- bosboot,bootlist
The bootlist command allows the user to display and alter the list of possible
boot devices from which the system may be booted. When the system is booted, it
will scan the devices in the list and attempt to boot from the first device it
finds containing a boot image.
The bosboot command creates a boot file (boot image) from a RAM (Random Access
Memory) disk file system and a kernel. This boot image is transferred to a
particular media that the ROS boot code recognizes. When the machine is powered
on or rebooted, the ROS boot code loads the boot image from the media into
memory. ROS then transfers control to the loaded images kernel.
bootlist -m normal –o 显示boot顺序,不请空列表
bootlist -m normal hdisk1 hdisk0重配置boot 顺序
一般在bosboot创建image之后重新修改 bootlist
# bosboot –ad /dev/hdisk0
# bosboot –ad hdisk0
# bootlist -m normal -o
hdisk0 blv=hd5
hdisk1
只是创建bootlist,但未在另一块盘上创建boot image
所以hdisk0如果有问题,hdisk1也不起作用
4. HMC 配置信息
http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp?topic=/iphcg/lssysconn.htm
5. 显示设备详细配置信息
$ lscfg -vl ent0
6. 从CDROM拷贝IMAGE到硬盘
smitty bffcreate 以备份格式创建安装映像
7. # lsuser -a ALL 只显示所有用户名
8. AIX Sea device about virtualization
9. 增加或缩小paging space
add
# chps -s 17 hd6
remove
# chps -d 17 hd6
shrinkps: Temporary paging space paging00 created.
shrinkps: Dump device moved to temporary paging space.
shrinkps: New boot image created with temporary paging space.
shrinkps: Paging space hd6 removed.
shrinkps: Paging space hd6 recreated with new size.
shrinkps: New boot image created with resized paging space.
shrinkps: Resized and original paging space characteristics differ,
check the lslv command output.
10. Some tips
- Change vg name
umount fs >Vary off vg > export vg> import newvg > mount fs
- Create log and assign log to filesystem
mklv –t jfslog –y name vg number
chfs –a log= filesystem
log need to be formatted by logform.
- 1~9 文件,删除除1以外所有文件 rm [!1]
11. migratepv
Moves allocated physical partitions from one physical volume to one or more other physical volumes. 磁盘对考
cplv
mklvcopy -k
rmlvcopy
splitlvcopy
12. 小型机丢包50%处理
ping 9.149.142.13 50% loss
ping 9.149.142.1 正常
ping 9.149.142.12 ping 9.149.142.11 同网段机器正常
traceroute 正常
怀疑服务器配置:
还有就是同一网段的ip ,两个网卡配同一网段的ip
网络环境 包括交换机类型与网卡类型
情况一不存在
情况二
采用 lsattr –El ent0 和其他正常机器比较
$ lsattr -El ent0
alt_addr 0x000000000000 Alternate ethernet address True
busintr 2117 Bus interrupt level False
busmem 0xe8080000 Bus memory address False
chksum_offload yes Enable hardware transmit and receive checksum True
copy_bytes 2048 Copy packet if this many or less bytes True
delay_open no Enable delay of open until link state is known True
flow_ctrl yes Enable Transmit and Receive Flow Control True
intr_priority 3 Interrupt priority False
intr_rate 10000 Max rate of interrupts generated by adapter True
jumbo_frames no Transmit jumbo frames True
large_send yes Enable hardware TX TCP resegmentation True
media_speed Auto_Negotiation Media speed True
rom_mem 0xe8040000 ROM memory address False
rx_hog 1000 Max rcv buffers processed per rcv interrupt True
rxbuf_pool_sz 2048 Rcv buffer pool, make 2X rxdesc_que_sz True
rxdesc_que_sz 1024 Rcv descriptor queue size True
slih_hog 10 Max Interrupt events processed per interrupt True
tx_que_sz 8192 Software transmit queue size True
txdesc_que_sz 512 TX descriptor queue size True
use_alt_addr no Enable alternate ethernet address True
media_speed Auto_Negotiation Media speed
如此配置是正确的,如选择1000以太网和交换机配合有问题
smitty chdev 修改配置
需要先shutdown en0
ifconfig en0 down
然后通过HMC 串口连接修改
smitty chdev 修改media_speed Auto_Negotiation Media speed
ifconfig en0 detach清空设置
ifconfig en0 up
smitty mktcpip (此和chinet区别就是会修改hostname)
启用网卡,丢包消失
13. 终端问题
串口 是 tty
显卡 是 lft
telnet 终端为 pty 即伪终端
$ lscfg -vp
pty0 Available Asynchronous Pseudo-Terminal
BSD伪终端
$ ls -l pty*|wc -l
16
伪终端
$ smit pty 可以修改伪终端的最大数目
/dev/pts 目录显示伪终端
14. about Device
lsdev -P|wc –l 预定义设备
lsdev -C|wc –l 现有设备
热插拔设备
1 连接
2 cfgmgr 或 重启(cfgmgr)
非热插拔设备
1 关机
2 连接
prtconf
lscfg -vp
testforme $ matthew > lsattr -El inet0 网络虚拟设备
true 可改变 false 不可改变
chdev 或 smit改变
rmdev –l available -> define
rmdev –dl completely remove
删除后在/dev下找不到b, c开头的设备名
- 设备管理
rmdev –l device 将设备变为Defined
rmdev –dl device 将设备彻底删除
cfgmgr将设备变为Availables
# cfgmgr -i hdisk3 配置单个设备
定义设备
1. To define (but not configure) a 4.0 GB 4mm Tape Drive tape drive connected
to the SCSI adapter scsi0 and using SCSI ID 5 and LUN of 0, type:
mkdev -d -c tape -t4mm2gb -s scsi -p scsi0 -w 5,0
The system displays a message similar to the following:
rmt4 defined
对设备的操作通过/dev下面的设备文件操作
磁带操作
tctl –f /dev/rmt0 rewind 倒带
tctl –f /dev/rmt0 offline 弹出仓
tcopy /dev/rmt0 0 磁带上的空间
打印机
lp -d lp0 file
lpstat
软盘
dd raw device操作
或者
bos.dos.utils
dosdir
dosread
doswrite
光驱
插入光盘
mount –rv cdrfs /dev/cd0 /cdrom
或者建立cdrom文件系统 smit cdrfs
然后直接 mount /cdrom
15. 察看未加入卷组的盘
getconf DISK_SIZE /dev/hdisk1
testforme $ matthew > getconf DISK_SIZE /dev/hdisk1
70006
16. AIX OS & software install
Install AIX OS
hostname environment configuration
user/group
create filesystem
维护级别
instfix –i|grep ML
testforme $ matthew > instfix -i|grep ML
All filesets for 5.2.0.0_AIX_ML were found.
All filesets for 5200-01_AIX_ML were found.
All filesets for 5200-02_AIX_ML were found.
All filesets for 5200-03_AIX_ML were found.
All filesets for 5200-04_AIX_ML were found.
Not all filesets for 5200-05_AIX_ML were found.
Not all filesets for 5200-06_AIX_ML were found.
Not all filesets for 5200-07_AIX_ML were found.
Not all filesets for 5200-08_AIX_ML were found.
Not all filesets for 5200-09_AIX_ML were found.
Not all filesets for 5200-10_AIX_ML were found.
哪些文件包没有安装
oslevel –rl 5200-05
testforme $ matthew > oslevel -r
5200-04
testforme $ matthew > oslevel -rl 5200-05
Fileset Actual Level Recommended ML
-----------------------------------------------------------------------------
rsct.basic.hacmp 2.3.4.0 2.3.5.0
rsct.basic.rte 2.3.4.0 2.3.5.0
rsct.basic.sp 2.3.4.0 2.3.5.0
rsct.compat.basic.hacmp 2.3.4.0 2.3.5.0
rsct.compat.basic.rte 2.3.4.0 2.3.5.0
rsct.compat.basic.sp 2.3.4.0 2.3.5.0
rsct.compat.clients.hacmp 2.3.4.0 2.3.5.0
rsct.compat.clients.rte 2.3.4.0 2.3.5.0
rsct.compat.clients.sp 2.3.4.0 2.3.5.0
mksysb
1 rootvg 已经mount得文件系统,不备份raw,
2 备份到的磁带,cd,可以启动
savevg
非rootvg卷组,不能启动
非rootvg卷组,已经mount得文件系统
backup
restore
tar
5.1 大小2G以内
5.3 大小8G以内
pax 大小没有限制
dd
唯一备份raw
17. 打开关闭smt
#smtctl -m off now
smtctl: SMT is now disabled. It will persist across reboots if
you run the bosboot command before the next reboot.
#bindprocessor -q
The available processors are: 0 1 2 3
#smtctl -m on now
smtctl: SMT is now enabled. It will persist across reboots if
you run the bosboot command before the next reboot.
#bindprocessor -q
The available processors are: 0 1 2 3 4 5 6 7
18. Rsh & Rcp
远程主机9.149.142.13 /etc/hosts.equiv文件中
配置9.149.142.11 cn208822
然后在9.149.142.11 上
执行rsh 9.149.142.13 -l username command 即可
如果username = root还需要在9.149.142.13 /.rhosts配置
9.149.142.11 cn208822
则在9.149.142.11 上用cn208822
可以执行rsh 9.149.142.13 -l root command
- ready PCI
drslot Command
Purpose
Manages a dynamically reconfigurable slot, such as, a hot plug slot.
19. 解决/etc/profile出错,所有命令不可使用
只能在path下找相关命令 /usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java131/jre/bin:/usr/java131/bin
只能使用绝对路径
/usr/sbin/shutdown –Fr关闭系统
使用HMC进入SMS,通过网络使用NIM server的boot.image进入系统修复
选择维护模式
fsck –y 修复系统
mount filesystem
如修复不成功,则选择重新安装
- Tivoli
lsuser ALL|awk -F 'gecos' '{print $2}'|awk -F '=' '{print $2}'|awk -F ';' '{print $1}'|grep -v ^$
20. mksysb
mksysb备份到磁盘和磁带不同,磁带可以直接恢复,而磁盘需要引导,如用nim spot, 磁盘的mksysb数据可以直接恢复文件
mksysb也可以备份到刻录光盘
nohup mksysb -e -v -i -X /mnt/`uname -n`_mksysb_`date +"%Y%m%d"` >/mnt/mksysb_out_`date +"%Y%m%d"` 2>/mnt/mksysb_err_`date +"%Y%m%d"` &
21. nim 安装系统问题
hdisk0-4 应该是在hmc中配的slot顺序而定?
为什么一开始缺省的是hdisk4?
22. 安装linux包
1.从Linux Application Toolbox CD安装Redhat Package Manager - rpm.rte
2.安装RPM格式软件#rpm -ivh fileset_name
3.检查按装结果#rpm -q fileset_name
CASE : 解决三个库文件找不到的情况:
安装VNC rpm,报错
# rpm -ivh vnc-3.3.3r2-6.aix5.1.ppc.rpm
error: failed dependencies:
libX11.a(shr4.o) is needed by vnc-3.3.3r2-6
libXext.a(shr.o) is needed by vnc-3.3.3r2-6
libXt.a(shr4.o) is needed by vnc-3.3.3r2-6
但是在/usr/lpp/X11/lib/R6 明明发现这三个库文件
在/usr/lib下也有相应的符号链接,如
lrwxrwxrwx 1 bin bin 28 Jul 03 03:59 libX11.a -> /usr/lpp/X11/lib/R6/libX11.a
网上搜索以下方案解决问题
After you have installed the libraries, run the following command. The command enables the rpm command to recognize that the libraries have been installed.
# /usr/sbin/updtvpkg
该命令的介绍
http://www.coolcommands.com/index.php?option=com_cc&task=display&id=789
updtvpkg - how to update the AIX-rpm virtual package in IBM AIX
Description
AIX-rpm is a "virtual" package which reflects what has been installed on the system by installp. It is created by the /usr/sbin/updtvpkg script. when the rpm.rte is installed, and can be run anytime the administrator chooses (usually after installing something with installp that is required to satisfy some dependency by an RPM package).
Since AIX-rpm has to have some sort of version number, it simply reflects the level of bos.rte on the system where /usr/sbin/updtvpkg is being run. It's just informational - nothing should be checking the level of AIX-rpm. I suppose that I could have chosen a date as the versioning system, but that's not that meaningful either (the levels of AIX-rpm on different systems can't really be compared very deeply - a later version doesn't indicate anything other than it was created on a system with a later version of bos.rte installed).
So - how to update the level of AIX-rpm? Update bos.rte via your AIX media and then run /usr/sbin/updtvpkg. You really shouldn't do that unless you need to othrewise update the system.
AIX doesn't just automatically run /usr/sbin/updtvpkg every time that something gets installed or deinstalled because on some slower systems with lots of software installed, /usr/sbin/updtvpkg can take a LONG time.
If you want to run the command manually:
# /usr/sbin/updtvpkg
If you get an error similar to "cannot read header at 20760 for lookup"when running updtvpkg, run a rpm rebuilddb like so:
# rpm --rebuilddb
Once you run updtvpkg, you can run a rpm -qa to see your new AIX-rpm package.
Example
/usr/sbin/updtvpkg
23. dd创建一个大文件
dd if=/dev/zero f=/tmp/testfile count=19200 bs=64k
该命令也可以转换,拷贝文件,适用于裸设备
24. VNC SERVER安装
首先确定AIX X11的组件已经全部安装
# rpm -ivh vnc-3.3.3r2-6.aix5.1.ppc.rpm
# ls -l /usr/bin/X11/vncserver
lrwxrwxrwx 1 root system 38 Jul 03 21:43 /usr/bin/X11/vncserver -> ../../../../opt/freeware/bin/vncserver
# /usr/bin/X11/vncserver
You will require a password to access your desktops.
Password: 123456
Verify: 123456
1356-364 xauth: creating new authority file //.Xauthority
New 'X' desktop is testm:1
Creating default startup script. //.vnc/xstartup
Starting applications specified in //.vnc/xstartup
Log file is //.vnc/testm:1.log
# cd //.vnc
# ls
passwd testm:1.log testm:1.pid xstartup
# vi xstartup
加入
# This line gives you a CDE desktop when you sign on to VNC
/usr/dt/bin/dtsession &
/usr/dt/bin
重启:
vncserver -kill :1
vncserver
用VNC viewer登陆
10.31.205.33:1
运行xclock测试, 搞定
用不同的用户启动VNC,可以用不同的用户访问VNC,例如用oracle用户启动,则用oracle用户访问VNC
25. 处理启动0557 错误, rootvg corruption
create boot image for a client,需要用以下方法,以免直接安装系统
smit nim
Perform. NIM Software Installation and Maintenance Tasks
Install and Update Software
Install the Base Operating System on Standalone Clients
spot
LPP_SOURCE
FORCE PUSH the installation? [no]
Initiate reboot and installation now? [no]
ACCEPT new license agreements? [yes]
ACCEPT new license agreements? [yes]
set network start 网络启动
3 maintainance model
1 access rootvg
2 before mounting system
fsck -f /
fsck -f /usr
fsck -f /var
exit
df -g to make sure all the filesystem can be mounted correctly
create BLV:
bootlist -m normal -o
/usr/sbin/bosboot -ad /dev/ipldevice
shutdown
set scsi start 磁盘启动
26. remove scsi and ethernet
U7879.001.DQDTPCH 17 T6 PCI 10/100/1000Mbps Ethernet UTP 2-port Unassigned Unassigned
2 way to see MAC address:
lscfg -vl
netstat -ai
删除ethernet card,需要删除ent and pci
rmdev -dl ent1
rmdev -dl pci10
remove 一个scsi IO:
需要remove以下设备
hdisk4 Available 0H-08-00-4,0 16 Bit LVD SCSI Disk Drive
hdisk5 Available 0H-08-00-5,0 16 Bit LVD SCSI Disk Drive
scsi1 Available 0H-08-00 PCI-X Ultra320 SCSI Adapter bus
ses1 Available 0H-08-00-15,0 SCSI Enclosure Services Device
sisscsia1 Available 0H-08 PCI-X Ultra320 SCSI Adapter
pci16 Available 0C-10 PCI Bus
27. upgrade a new OS
Download TL from IBM website
Use apply , NOT commit
smit update_all
nohup installp -agXY -d '/data_backup/AIX5.3_TL07' all &
before install
# lppchk -v
# instfix -i|grep ML
All filesets for 5.3.0.0_AIX_ML were found.
All filesets for 5300-01_AIX_ML were found.
All filesets for 5300-02_AIX_ML were found.
All filesets for 5300-03_AIX_ML were found.
All filesets for 5300-04_AIX_ML were found.
All filesets for 5300-05_AIX_ML were found.
# oslevel -s
5300-07-07-0846
After Install
# lppchk -v
# instfix -i|grep ML
All filesets for 5.3.0.0_AIX_ML were found.
All filesets for 5300-01_AIX_ML were found.
All filesets for 5300-02_AIX_ML were found.
All filesets for 5300-03_AIX_ML were found.
All filesets for 5300-04_AIX_ML were found.
All filesets for 5300-05_AIX_ML were found.
# oslevel -s
5300-07-07-0846
modify when system is ok
/etc/profile
export PS1="`hostname`:\$PWD>"
set -o vi
28. Open ssh
install openssl
RPM about openssl
sg2as059:/>rpm -qa | egrep '(openssl|openssh|prng)'
openssl-0.9.7g-1
openssl-devel-0.9.7g-1
openssl-doc-0.9.7g-1
rpm -ivh openssl-0.9.7l-1.aix5.1.ppc.rpm
rpm -ivh openssl-devel-0.9.7l-1.aix5.1.ppc.rpm
rpm -ivh openssl-doc-0.9.7l-1.aix5.1.ppc.rpm
AIX file set about openssl
openssl-0.9.8j
install openssh
4.7 version
Modify X11 forwarding
/etc/ssh/sshd_config
change
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
restart sshd subsystem
29. some job for new OS
Modify /etc/security/limits to -1 for ftp file limits
change filesystem size , for example /tmp
install oracle fileset
30. Create Virtual SCSI
Add disk to VIO server
cfgmgr
Add a Scalable Volume Group
create virtual scsi
On VIO server
dynamic create
edit profile create
vioserver 1 103 103 required
vioserver 2 203 203 required
vioserver 1 104 104 required for database temp vscsi not apply in profile
cfgdev
mklv -lv root_jptest clientvg5 40G
mklv -lv root_jptest clientvg5 40G
mklv -lv data_jptest clientvg5 40G for database temp
mkvdev -vdev root_jptest -vadapter vhost13 -dev vroot_jptest
mkvdev -vdev root_jptest -vadapter vhost12 -dev vroot_jptest
mkvdev -vdev data_jptest -vadapter vhost14 -dev vdata_jptest
On Lpar
add vscsi to client lpar , PAY ATTENTION TO the ID (same as the vioserver defined client id )
31. https Certification
Graphical Tools for certification , but has 1023 bug
sg2as155:/etc/ssh>which certmgr
/usr/sbin/certmgr
Openssl method to generate the key :
/opt/freeware/bin/openssl
Will generate a private key and a request
Example:
sg2as060.sg2.michelin.com:/opt/freeware/bin>./openssl req -newkey rsa:1024 -keyout sg2as060_key.pem -out sg2as060_req.pem
Generating a 1024 bit RSA private key
........++++++
.....................................................................++++++
writing new private key to 'sg2as060_key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
phrase is too short, needs to be at least 4 chars
Enter PEM pass phrase:1234
Verifying - Enter PEM pass phrase:1234
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SG
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Michelin
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:sg2as060.sg2.michelin.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Test the request :
sg2as060.sg2.michelin.com:/opt/freeware/bin>./openssl req -in sg2as060_req.pem -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=SG, ST=Some-State, O=Michelin, CN=sg2as060.sg2.michelin.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ae:e3:9d:e2:b5:d7:f0:23:cc:c2:ce:bc:35:56:
4f:ae:c9:71:bc:2f:7b:0b:4a:6e:46:87:ee:f2:47:
b8:86:56:7a:d9:85:2b:6c:f8:5b:f0:19:09:58:7c:
63:c9:77:3a:a6:20:01:e0:47:cb:8c:97:27:3b:37:
8f:ac:cf:3b:77:f0:de:6d:bf:f7:f1:d9:50:a5:1e:
dc:47:74:c4:10:26:f0:4c:e9:aa:bd:e9:e3:80:ce:
e3:55:ca:96:4f:04:e5:66:4c:33:e2:47:b9:d9:5f:
52:db:f7:49:76:38:2c:c8:d3:1a:3f:09:6c:0e:71:
fd:e5:97:fc:56:49:62:a7:9d
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
6d:a9:20:c5:88:76:f4:40:28:c4:01:d7:0a:a2:9d:5a:c8:bf:
e1:c7:2e:7f:ae:cf:33:d5:df:27:18:17:e1:f5:64:a8:7b:0b:
1a:4f:81:69:01:f9:8b:a3:25:29:ce:f8:ab:77:2c:7f:a8:a4:
4a:0f:73:c8:5e:c6:eb:b0:16:1c:15:79:07:0a:0e:0f:f2:bb:
60:2f:f5:d7:4d:d7:9c:00:b1:85:94:37:8e:37:26:b3:91:aa:
27:5a:b5:f3:fd:f4:37:bc:9f:93:10:91:48:e2:63:70:72:20:
8a:07:84:aa:83:11:df:73:01:8a:15:79:b3:11:75:44:4a:be:
ff:95
-----BEGIN CERTIFICATE REQUEST-----
MIIBmTCCAQICAQAwWTELMAkGA1UEBhMCU0cxEzARBgNVBAgTClNvbWUtU3RhdGUx
ETAPBgNVBAoTCE1pY2hlbGluMSIwIAYDVQQDExlzZzJhczA2MC5zZzIubWljaGVs
aW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu453itdfwI8zCzrw1
Vk+uyXG8L3sLSm5Gh+7yR7iGVnrZhSts+FvwGQlYfGPJdzqmIAHgR8uMlyc7N4+s
zzt38N5tv/fx2VClHtxHdMQQJvBM6aq96eOAzuNVypZPBOVmTDPiR7nZX1Lb90l2
OCzI0xo/CWwOcf3ll/xWSWKnnQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAbakg
xYh29EAoxAHXCqKdWsi/4ccuf67PM9XfJxgX4fVkqHsLGk+BaQH5i6MlKc74q3cs
f6ikSg9zyF7G67AWHBV5BwoOD/K7YC/1103XnACxhZQ3jjcms5GqJ1q18/30N7yf
kxCRSOJjcHIgigeEqoMR33MBihV5sxF1REq+/5U=
-----END CERTIFICATE REQUEST-----
/usr/bin/openssl pkcs12 -export -inkey sg2as060_key.pem -in sg2as060_sg2_michelin_com.pem -out sg2as060_key.p12
sg2as060.sg2.michelin.com:/usr/java14/jre/lib/security>ls -lrt
total 104
-r--r--r-- 1 bin bin 21653 Mar 19 2004 cacerts
-r--r--r-- 1 bin bin 6594 Jul 2 2004 java.security
-r--r--r-- 1 bin bin 2653 Jul 2 2004 java.policy
-r-xr-xr-x 1 bin bin 2683 Apr 3 20:12 local_policy.jar.20090403
-r-xr-xr-x 1 bin bin 2201 Apr 3 20:12 US_export_policy.jar.20090403
-r-xr-xr-x 1 bin bin 3726 Apr 3 20:14 local_policy.jar
-r-xr-xr-x 1 bin bin 3715 Apr 3 20:14 US_export_policy.jar
1 Open ikeyman
2 signer Certificates import Authority Root Certification
3 generate PKCS#12 Certification
4 import PKCS#12 Certification
check authority
/usr/bin/openssl x509 -noout -in sg2as060_sg2_michelin_com.pem -issuer
| Migrate OpenSSL certificates from the Apache HTTP Server to the IBM HTTP Server KDB file |
|
32. Enable SSL login on Server
SSH login without password
Your aim
You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
b@B's password:
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password:
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B hostname
B
Example:
ssh hp02582@sg2as060 mkdir -p /home/hp02582/.ssh
cat id_rsa.pub | ssh hp02582@sg2as060 'cat >> /home/hp02582/.ssh/authorized_keys'
change password remotely
echo "hp02582:abcd1234"| ssh sg2as060 sudo chpasswd
ssh sg2as060 sudo chpasswd < /home/hp02542/passfile
./talk2me server.sg.lst "sudo chpasswd < /home/hp02542/passfile"
echo "hp02582:abcd1234"| ssh $ip_address sudo chpasswd
./batch_change_password server.sg.lst
sg2as089 has no account
./talk2me server.sg.lst "mkdir -p /home/hp02582/.ssh"
cat .ssh/id_rsa.pub | ssh $ip_address 'cat >> /home/hp02582/.ssh/authorized_keys'
ssh sg2as055 mkdir -p /home/hp02582/.ssh
sg2as055:/home>sudo su -
hp02582 is not in the sudoers file. This incident will be reported.
33. showmount
showmount 命令显示 Host 参数指定的机器上已远程安装文件系统的所有客户机的列表。Host 参数上的 mountd 守护程序维护这些信息。/etc/rmtab 文件保存这些信息以防服务器崩溃。Host 参数的缺省值是由 hostname 命令返回的值。
如果客户机崩溃,在客户机重新引导并启动 umount-a 命令之前,将不会从列表中除去其条目。
showmount 命令返回 mountd 守护程序维护的信息。因为 NFS V4 不使用 mount 守护程序,所以 showmount 将不返回关于 V4 安装的信息。
| -a | 以 HostName :Directory 格式显示所有远程客户机安装,其中 HostName 是客户机的名称,Directory 是远程安装的目录路径名。 |
| 仅列出客户机远程安装的目录。 | |
| 显示导出目录的列表。 |
34. crontab date
40 16 * * * mv /home/hp02582/get_process.log /home/hp02582/get_process.log.`date +"\%Y\%m\%d"`
35. tar file too large
tar can only deal with file smaller than 8G
file larger than 8G , we can use pax
pax使用方法:
备份:pax -wvf /dev/rmt0
查看备份文件列表:pax -vf /dev/rmt0
解备份:pax -rvf /dev/rmt0 -----可以随意解哪个都行,空为全部
复制:pax -rw
向磁带后追加:pax -avf /dev/rmt0
处理大文件(超过8GB):pax -x pax -wvf /dev/rmt0
不方便之处:分卷、不存在的目录不能恢复、存在的目录自动覆盖。
36. Reset logon
chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s hp02582
37. mksysb
nohup mksysb -e -v -i -X /mnt/`uname -n`_mksysb_`date +"%Y%m%d"` >/mnt/mksysb_out_`date +"%Y%m%d"` 2>/mnt/mksysb_err_`date +"%Y%m%d"` &
nohup /usr/bin/restvg -q -f/data_backup/sg2as155.datavg hdisk2 > /tmp/rest_data.out 2>/tmp/rest_data.err &
38. ftp file
date > ftplog.out.20090903
ftp -n -v 10.68.32.51 << EOF >> ftplog.out.20090903
user anonymous
bin
cd /upload/SFA
ls -l
get cbb_ort_v2[1].0.1.d.zip
bye
EOF
date >> ftplog.out.20090903
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/24403358/viewspace-670508/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/24403358/viewspace-670508/
1709
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
