Abstract
This document describes the process of installing the IBM AIX 7.3 Unix operating system on the IBM Power platform. We’ll also cover patching/updating the latest Fix Packs (TL and SP), along with installing the AIX Toolbox of open source applications.
I like AIX because it is interesting and different from Linux and BSD – not because it is better. At one time it was, especially on the Power platform. Much like Solaris on SPARC was awesome before Oracle murdered it.
smit is so great to work with – on par with YaST on openSUSE. Definitely spend some time learning its intricacies and capabilities!
Sadly, as IBM continues to eliminate development resources dedicated to AIX, and retreats on previous commitments to OpenPOWER, it will quickly become dusty and inefficient abandonware. Let’s have fun with it while it still has some strong breaths left in it.
Test Platform:
- IBM POWER S824 (8286-42A)
- Power8 (2x) 3.72GHz (8 Cores Each) CPUs
- 128GB RAM / 600GB SAS RAID10
- IBM AIX 7.3 TL1 SP3
I considered removing the section for installing updates, which IBM used to let you download for free. Now that they want to keep AIX a secret, that’s not possible. So we’ll just install the latest ISO and updates we can find on the Internet and hope there are no massive holes. If you can’t find the latest updates, I’d advise against exposing this system to the world, as it is unsupported in every way. However, I invite some risks and seek intellectual exercises. Take a chance!
If you are lucky enough to have access to current support contract, all you need is an account and system serial number to access the Fix Central bits (here). If not, again, since IBM is not about to let you download AIX for educational or development purposes (or even reasonably pay for), just hunt down the torrent scenes, and surprisingly – archive.org. Releases see daylight occasionally.
Install and Setup the Operating Environment
Disk (RAID) Configuration
IBM Power Systems do RAID a little differently if you’re used to Dell PERC or other hardware/software implementations. Also, I’m not using an HMC for managing my systems, so the IBM Standalone Diagnostics CD is needed to setup your disks. This is a great guide to get you started:
Hardware RAID configuration on the IBM Power platform
O/S Installation
As I mentioned above, if you don’t have a support contract, do a torrent or web search for something like, oh… I don’t know… the following file name:
AIX_v7.3_Install_7300-01-03-2346_DVD_1_of_2_022024_LCD8298200.iso
Write it to a DVD-R or USB drive. Stick it in the server, and boot. When you see the boot options screen, hurry up and mash the number 1. You don’t have a lot of time to choose, and this will bring you to the SMS Menu. If you’re using an HMC, then this process is different, and you’re on your own. I tore down my HMC years ago 🙂
NOTE: I have an IBM GXT145 PCIe Video/Graphics Card (10N7756), so I can connect a keyboard/video/mouse directly to the server. If you do this, be sure to use only the USB 3.0 ports… the 2.0 ports on the back (Un-P1-C1-T2 and Un-P1-C1-T3) supply no power. My KVM (Raritan) only works on USB ports that give a little current to work with.
The first menu screen should ask you to continue to password entry (3). This is the SP (Service Processor) admin password you hopefully set the first time you started this system up. Go there, do that, and then select (5) to select boot options, and then (1) to select the boot device. Hunt and peck for your media, choose it, then (2) Normal Boot Mode, then (1) for Yes, you’re sure you want to exit/continue booting. At the IBM splash screen, you wait for a few days and then the AIX installation options should appear.
When prompted, F1
to continue, then select your language.
Enter 2
On the “Installation and Maintenance” menu, pay attention to the “System Setting” (1) option. If you have an existing AIX installation, it will default to “Preservation.” We want to start from scratch, so be sure to change that to “New and Complete Overwrite.”
Then select (4) for “More Options (Software install options).” This is my configuration:
I’ve enabled ftp/telnet not because they’re awesome, but because we need an FTP client to get some files later. If you have an SFTP server you can use, we can fetch the AIX Toolbox installation script and use that protocol to move it to this system (I’ll detail that method as well later).
You also have the option of which Edition to install, the choices being Standard or Enterprise. I’m just using Standard.
O/S / Networking Configuration
Once you are done that part, the system will reboot and you should be presented with the “Installation Assistant” menu (after accepting the licenses and setting the terminal type). Here you can set the root password and IP information.
If you don’t get this screen (or you hit the wrong keys and it disappears!), just login as root, set the password, and setup networking by hacking it old school style (mktcpip
). Substitute your specific settings:
# mktcpip -h hostname -a ip_address -m netmask -i en0 -n dns_server -d domain -g gateway_ip -s
Of course, if you like menus, you can use smitty mktcpip
.
Also, for the root account. AIX defaults to a password expiration after a certain amount of time (I don’t recall the specifics). If this happens, it is a real hassle to get back into your system. For my needs, I disable forcing password changes because it really doesn’t better your security posture – just a GRC checkbox. Here’s how you do that:
# chuser expires=0 root
Disk and Partition Management
AIX uses LVM by default for disk partitioning, which I personally find annoying. This site has a great overview of commands available to perform common tasks within an LVM environment. Here we’ll just fatten up a few directories, for general O/S functionality and source/binary bits.
# chfs -a size=+40G /var
# chfs -a size=+40G /opt
# chfs -a size=+40G /usr
# chfs -a size=+20G /tmp
Oh, and here is a tip: The AIX version of df
can take the -m
flag to display space in megabytes and -g
for gigabytes.
Let’s add a user:
# mkuser id='1000' beaker
# passwd beaker
# chuser expires=0 beaker
# pwdadm -f NOCHECK beaker
(otherwise, you still have to change the password you set upon first login)
Another thing we want to fix is the ability to use files greater than 2GB in size. AIX is very stingy when it comes to setting limits on things like file size for users. Which, as a security professional, I can appreciate. But as a lazy user with a development system, I like to remove. So we need to edit the /etc/security/limits
file default
stanza so fsize = 2097151
is fsize = -1
(unlimited). Log out and then back in for this to take effect.
Update to Latest Technology Level (TL) and Service Pack (SP)
As of this writing, the latest TL for AIX 7.3 is 2 (November 2023) and SP is 2 (June 2024) – “7300-02-02-2420“. You can download them (or newer ones if available) from IBM here. Note that for this guide, we installed TL1 SP3 (the only ISO I have). If you have the latest TL ISO, you only need to update the SP.
Check the prerequisite requirements for each Fix Pack, and ensure those are installed first. For this effort, we will install the 7300-02 TL first, and then the 7300-02-02-2420 SP second.
There are two ways to do this, depending on whether you’ve downloaded the TL/SP updates as ISOs or individual file sets.
Option 1 – Mount TL/SP ISO Images
- Copy TL and SP ISO files to the AIX system to be updated (via SFTP, FTP, USB… whatever). I use the
/tmp
folder – so if you do as well, make sure it is big enough for these two archives (which are about 9GB together). - Make mount targets in
/mnt
for these ISO files:mkdir /mnt/TL
mkdir /mnt/SP
- Mount .ISO files to targets:
loopmount -i /tmp/TL_7300-02.iso -m /mnt/TL -o "-V cdrfs -o ro"
loopmount -i /tmp/SP_7300-02-02-2420.iso -m /mnt/SP -o "-V cdrfs -o ro"
Option 2 – Copy File Sets to Local Drive
IBM recommends creating a separate file system for /usr/sys/inst.images
for the following reasons:
- Downloaded fix packages require a significant amount of disk space
- By creating a separate file system, you prevent the expansion of the /usr file system
Instead of creating a separate filesystem, we’ll just expand the /usr
one to be large enough for this task. TL 7300-02 is about 4GB and SP 7300-02-02-2420 is about 5GB. So let’s bump it up by 20GB just to be safe:
# chfs -a size=+20G /usr
For the updates, I generally keep them all in one big bzip2 archive, like so (using GNU tar on a Linux box):
beaker@saturn AIX_7.3_Fix_Packs]$ ls
SP_7300-02-02-2420 TL_7300-02
beaker@saturn AIX_7.3_Fix_Packs]$ tar -cjvf aix-7.3-updates.tar.bz2 *
Now let’s extract them. Since we don’t have GNU tar on this system, we can’t extract and decompress .tar.bz2 files in one step. So we have to be a little more clunky about it. This is just how I do it. You will probably have a different way of getting the Fix Packs on your system:
# cd /usr/sys/inst.images
# bunzip2 *
# tar xvf *
Fix Pack Installations
Now that all the .bff files are in the /usr/sys/inst.images/TL_7300-02
/ /usr/sys/inst.images/SP_7300-02-02-2420
directories, OR mounted to /mnt/TL
//mnt/SP
, let’s get in there and do the TL first (if you need to). These examples will use the ISO mount method. Adjust if you’re using the local file system.
# cd /mnt/TL
To install all updates from this package that apply to the installed filesets on your system, use the following command.
# smit update_all
The “INPUT device / directory” should be .
(then hit enter). Also change the “ACCEPT new license agreements variable” to yes (then hit enter).
When everything is done (it will take a while!), you will be presented with a vague “COMMAND STATUS” page with various Fn options. F10 will get you out. If you’re using an xterm window like me, Esc-0 is a better choice. F10 can do weird things with shortcuts (unless you disable them).
Reboot the system (maybe… I don’t think you have to, but best be safe).
After rebooting, enter the following to verify your new TL:
# oslevel -s
7300-02-02-2420
If the TL or SP Version Doesn’t Return the One We Installed…
…well, AIX is a picky little nobhead. And if one or two LPPs (Licensed Program Products) are back-leveled, it will show some older numbers. And sometimes, like in this case, it shows a more recent one because of recent SPs in the TL pack. Don’t think too hard about this – you will go mad.
You might have to run smitty update_all
a second time to update bos.aso
and mcr.rte
. Until this is done, the oslevel -s
command might not indicate the correct level.
Now we have to install the latest Service Pack (SP).
# cd /mnt/SP
NOTE: /usr/sys/inst.images/SP_7300-02-02-2420
if using local file system.
Then do just like we did for the TL:
# smit update_all
The “INPUT device / directory” should be .
(then hit enter). Also change the “ACCEPT new license agreements variable” to yes (then hit enter).
When everything is done (it will take a while!), you will be presented with a vague “COMMAND STATUS” page with various Fn options. F10 will get you out. If you’re using an xterm window like me, Esc-0 is a better choice. F10 can do weird things with shortcuts (unless you disable them).
Once it is all done, check the level again:
# oslevel -s
7300-02-02-2420
We got lucky! However, you might need to run smitty update_all
another time or two to ensure all updates are applied.
Clean House
If using ISO method:
# loopumount -l loop0 -m /mnt/TL /mnt/SP
# rm /tmp/*.iso
If using local file system method:
# cd /usr/sys/inst.images
# rm -rf *
And for good measure:
# reboot
Install DNF for AIX (AIX Toolbox) and Configure Environment
Make sure you have enough disk space for this stuff. I use /usr/src
for all… well, sources, /opt
for AIX Toolbox binaries (like /opt/freeware
and other applications), and /usr/local/bin
for compiled local binaries. Check out the top of this guide for more information on how to expand LVMs.
Get dnf_aixtoolbox.sh
Installation Script
If you didn’t install the FTP client, and have a system to use as an SFTP file server, fetch this script and put it in the /usr/src/dnf
folder (you’ll need to create that) and skip this FTP part for the OpenSSL/OpenSSH section.
Oh! If your FTP session hangs when attempting to GET
a file, chances are the reason is passive mode. So don’t forget the -p
and -s
flags when connecting (IBM requires SSL/TLS for FTP connections now)!
# cd /usr/src
# mkdir dnf
# cd dnf
# ftp -p -s public.dhe.ibm.com
Connected to blah blah blah...
Name: anonymous
Password: anonymous
ftp> cd /aix/freeSoftware/aixtoolbox/ezinstall/ppc
ftp> get dnf_aixtoolbox.sh
ftp> quit
221 Goodbye.
OPTIONAL: OpenSSL and OpenSSH
Before 7.3 TL1, you would inevitably get “nothing provides libcrypto.a(libcrypto.so.1.1)“, “nothing provides libssl.a(libssl.so.1.1)“, and “Please install openssl 1.1.x and higher version” errors in the next section. That’s because the crypto libraries included with AIX 7.3 TL0 were rather outdated. It should work now, but you may want to update them regardless. To do that, we need to grab the latest bits from IBM’s website. I’m sorry – it’s a sucky method, but the only way since they are IBM packaged and not the unmolested GNU releases..
Here’s a decent guide: https://www.ibm.com/support/pages/node/720655
NOTE: There is no OpenSSL v2.x – it was kicked over the cliff in favor of v3.x. So be sure to get the latest v3.x release available!
Run Installation Script
# chmod +x dnf_aixtoolbox.sh
# ./dnf_aixtoolbox.sh -d
("-d" installs/configures DNF without YUM, which is deprecated)
That’s it! By default three IBM repos are enabled for RPM packages in /opt/freeware/etc/dnf/dnf.conf
. You will be prompted to update your DNF repository, but dnf
is not in your PATH yet, so we’ll run it with the full path now and then in the next section fix that.
# /opt/freeware/bin/dnf update
There might be a lot. Smack the Y key and hit enter.
Configure PATH and Shell Environment
Anytime we enter a command, we want to use the application it references in the following order:
- Locally Compiled Software
- AIX (GNU) Toolbox
- AIX Default Application
To do this, we need to set the user’s PATH to look in /usr/local/bin
and /opt/freeware/bin
before /usr/bin
.
For the root
user, edit the /etc/environment
file so that the PATH line looks like this (grown-ups can leave out the Java references – eww):
PATH=/usr/local/bin:/opt/freeware/bin:/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java8_64/jre/bin:/usr/java8_64/bin
For system users, edit the user’s .profile
file so that the PATH line looks like this (or whatever you like – I like using the system PATH and just adding a local directory pointer):
PATH=$PATH:.
I like bash
way more than ksh
. To make this your default shell, first install it:
# /opt/freeware/bin/dnf install bash
Then edit the /etc/passwd
file so that the shell listed for your user (and root!) is /opt/freeware/bin/bash
instead of /usr/bin/ksh
.
Date/Time and Time Zone
It’d be nice to have the clock stay accurate… or at least start accurate. Add an NTP server to the /etc/ntp.conf
file:
# echo "server time.nist.gov" >> /etc/ntp.conf
NTP doesn’t like big time gaps, so if you’re still set to epoch or something, manually set the date/time first (and the time zone, if you didn’t do it at initial setup):
# smitty chtz_date
And to make it easy, just run the following and select BOTH
to start the NTP client now and at boot time:
# smitty xntpd
I’ve always had to edit the /etc/ntp.conf
file to remove the broadcastclient
directive. Otherwise, the service dies shortly after initiation. Here’s a quick way to do that:
# /opt/freeware/bin/sed --in-place '/broadcastclient/d' /etc/ntp.conf
You can check the status with this command:
Bad
# lssrc -s xntpd
Subsystem Group yes PID Status
xntpd tcpip inoperative
Good
# lssrc -s xntpd
Subsystem Group PID Status
xntpd tcpip 6095902 active
Install Important Stuff
Helpful utilities! And while we’re here, let’s get GNU Tar. It’s much better. Oh, and GNU Wget!
# /opt/freeware/bin/dnf install tar wget grep sed
For all this to take affect without rebooting, log out completely and then back in to the system. Actually, if your time and/or time zone was off, you should reboot after fixing it. Otherwise, some processes started before the change will remain out of sync. Anyway, welcome to your new AIX environment!
Helpful Links
- IBM Documentation: Installing the Base Operating System (AIX 7.3)
- IBM Documentation: Logical Volume Manager
- Unix Mantra: AIX LVM Cheat Sheet
- IBM Support: Mounting an ISO image in AIX
- IBM Support: Get Started with the AIX Toolbox for Open Source Software
- IBM Community: DNF is now available on AIX Toolbox
- IBM Support: Downloading and Installing or Upgrading OpenSSL and OpenSSH
- IBM Documentation: mktcpip Command
- IBM Documentation: smitty Command
- IBM Documentation: limits File
- IBM Documentation: date Command
- IBM Documentation: ntp.conf File
- IBM Developer Article: IBM AIX commands you should not leave home without (old, but still quite useful)
Random Notes
Want to know more about your system? nmon
is your friend. Run it without any arguments and you can learn some things about your hardware/OS (prtconf
will give you even more info, however). While it is running, smash c
to see CPU utilization, m
for memory, n
for network, d
for disk, etc.
# nmon
│ TOPAS_NMON │
│ 64 - CPUs currently │
│ 64 - CPUs configured │
│ 3724 - MHz CPU clock rate (press 'r' for current MHz) │
│ PowerPC_POWER8 - Processor │
│ 64 bit - Hardware │
│ 64 bit - Kernel │
│ 1,21-30E8W - Logical Partition │
│ 7.3.1.4 TL01 - AIX Kernel Version │
│ hyperion - Hostname │
│ hyperion - Node/WPAR Name │
│ 2130E8W - Serial Number │
│ IBM,8286-42A - Machine Type