In AIX 6.1 and AIX 7.1, workload partitions (WPARs) add an additional operating systemsoftware-based layer for the virtualization of operating environments. Each WPAR can hostapplications and isolate them from applications executing within other WPARs. This capabilitycan be used on any server platform capable of running AIX6, including POWER4, POWER5,POWER5+™, POWER6, and POWER7™.
WPARs are a bold new innovation, implemented within AIX 6.1. It allows administrators to virtualize their operating system, which allows for fewer operating system images on your IBM System p™ partitioned server. Prior to WPARs, you would need to create a new Logical Partition (LPAR) for each new “isolated” environment. This is no longer necessary (with AIX 6.1 only), as there are many circumstances when one can get along fine with multiple WPARs within one LPAR. Why is this important? Every LPAR requires its own operating system image and a certain number of physical resources. While you can virtualize many of these resources, there are still some physical resources that must be allocated to the system. Furthermore, you need to install patches and technology upgrades to each LPAR. Each LPAR requires its own archiving strategy and DR strategy. It also takes some time to create an LPAR; you also need to do this outside of AIX, through a Hardware Management Console (HMC) or the Integrated Virtualization Manager (IVM).
There are two types of WPARs:
1.System WPARs
A system WPAR is similar to a typical AIX environment. Each System WPAR has dedicated writable file systems, although it can share the global environment /usr and /opt file systems in read only mode. When a system WPAR is started, an init process is created for this WPAR, which in turns spawns other processes and daemons. For example, a system WPAR contains an inetd daemon to allow complete networking capacity, making it possible to remotely log in to a system WPAR. It also runs a cron daemon, so that execution of processes can be
scheduled.
2.Application WPARs
If an application or group of applications can be started with one command of the AIX command-line interface, it is a candidate to be hosted by an application WPAR. This command is passed as an argument to the WPARexec command that will create an application WPAR. As soon as the passed command exits, the workload partition is terminated. An application partition shares the file system of the global environment. It does not own any dedicated storage. An application partition can run daemons. But application partitions will not run
any of the system service daemons, such as inetd, srcmstr, and so forth. It is not possible to remotely log in to an application partition or remotely execute an action into an application WPAR.
Comparing WPARs with LPARs:
WPAR (Workload Partitioning)
As noted earlier, you do not need access to the HMC or IVM to create WPARs as you do for LPARs. WPARs are lightweight and quicker to install, because they share many of the file systems and resources of the global AIXsystem in which they reside. While using an LPAR requires you to install an entire operating system, creation of system WPARs only installs private copies of a few file systems, and application WPARs share even more of the global system’s resources. As a result, a WPAR can be created in just a few minutes without installation media. Ongoing administration and maintenance of WPARs should be simpler—fewer AIX licenses might be required, and you don’t have to install fixes and updates on so many virtual systems. There is a command for synchronizing the filesets of a WPAR with the corresponding filesets on the global system, so you have the choice of propagating AIXfixes to WPARs or continuing to run with the current versions of system files.
While LPARs offer a significantly higher degree of workload isolation, WPARs might provide “good enough” isolation for your particular workloads, especially temporary ones such as development or test environments. Similarly, withLPARs, you can achieve a greater degree of control over the usage of resources—by allocating entire processors or precise fractions of processors to an LPAR, for example. With WPARs, you don’t have such fine control over resource allocations, but you can allocate target shares or percentages of CPU utilization to a WPAR (if have used the AIXWorkload Manager, you will find the share and percentage resource allocation scheme familiar). Similar differences exist for the allocation of memory, number of processes, and other resources.
Define a WPAR
Log in as root on your AIX 6 system, and run the following command: mkWPAR –n myWPAR
That is all you need to do to create a system WPAR whose name is myWPAR. After pressing the Enter key, a long series of messages display on the console that look very similar to those you see during a typical AIX installation. After a few minutes, a message displays, followed by a command prompt indicating that the WPAR creation is complete. To verify that your WPAR was created, run the following command to list all defined WPARs: lsWPAR
Listing 1 displays a table showing the WPAR named myWPAR that you just created. The D in the State field means the WPAR is Defined; it exists, but it has not been started. It has a type of S —that is, it’s a system WPAR, because the mkWPAR command creates system WPARs by default. Also by default, the hostname is the same as the WPARname, and the base directory for all the WPAR’s filesets is located at /WPARs/.
Listing 1. lsWPAR command output
# lsWPAR
Name State Type Hostname Directory
myWPAR D S myWPAR /WPARs/myWPAR
To start your new WPAR and log in, run the following command: startWPAR myWPAR
Running the lsWPAR command again indicates that state of the WPAR changed from D to A (for Active).
You have not defined network information for this WPAR, so unless the name you picked for your WPAR already resolves to a valid network address, you probably won’t be able to do any kind of network login yet. Since you are still on the system console, do a console login to the new WPAR: clogin myWPAR
The AIX welcome message and command prompt displays. You have created, started, and logged in to your firstWPAR! Run the hostname command to confirm this.
From this point, you can run most AIX commands, define other users, and do most anything you would do with a fullAIX system.
Once you have logged into the WPAR, there is one important point to remember: From the WPAR, you have no access to the global system or to any other WPAR. So some familiar commands or SMIT menus will not work as they usually do, or they might be missing altogether. For example, if you enter the hostname command, it returns the name of the WPAR and not the hostname of the global AIX system. So for now, let’s leave the WPAR, and return to the global AIX environment by typing the exit command. Then to stop the WPAR, just type:
stopWPAR myWPAR
Using SMIT to change WPAR properties
How about using SMIT to define an IP address for the new WPAR? Of course, you can also do this using the command line, since SMIT is just a command processor. On the global AIX command line, type smit to display the initial SMIT menu. You’ll see a new menu choice, Workload Partition Administration.
After selecting Workload Partition Administration, you’ll see three choices:
1. List All Workload Partitions
2. Administer SYSTEM Workload Partitions
3. Administer APPLICATION Workload Partitions
The first choice, List All Workload Partitions, executes the lsWPAR command to show all defined WPARs on your system. Choose Administrator SYSTEM Workload Partitions to work with the WPAR you defined earlier. This selection displays the following sub-menu:
List System Workload Partitions
Create a System Workload Partition or Specification File
Start / Stop / Reboot a System Workload Partition
System Workload Partition Software Maintenance
Change / Show System Workload Partition Characteristics
Remove a System Workload Partition
System Workload Partition Backup Manager
You do not need to create a WPAR, so select Change / Show System Workload Partition Characteristics, which results in the following submenu:
Change / Show General Characteristics
Change / Show Network Interfaces
Change / Show File Systems
The first choice, Change / Show General Characteristics, displays an input panel that lets you view or change the basic WPAR properties, such as the WPAR name, hostname, start options, and more advanced settings, including resource controls and SECURITY SETTINGS. You set out to work with network settings, so select Change / Show Network Interfaces, which results in the following data entry fields: [Entry Fields]
* Workload Partition Name []
+ Network INTERFACE
+
* Internet ADDRESS (dotted decimal) []
Network MASK []
Type or select the WPAR name in the Workload Partition Name field.
In the Network INTERFACE field press F4 or Esc+4 to show the list of available network interfaces. Select the one that you want to use, then enter a valid IP address and network mask in the remaining fields
If you plan to define a bunch of WPARs, you’ll need to secure in advance a group of available hostnames and IP addresses in your network.
After completing the panel for adding a network interface, you can start the WPAR, either by using SMIT menus, or issuing the startWPAR command from the command line. After the WPAR has started, you should be able to log in remotely using telnet. Don’t forget to set a root password and any other security measures that you normally take when setting up a new AIX system. You might also want to add a line to the /etc/hosts file on the global system containing the hostname and IP address of the new WPAR.
Now that you can log in to your new system WPAR, either from the system console or remotely, you can do many of the things you would do with any new AIX system: create users, create new file systems, or install software. Regarding software installation, you might use NIM to perform network installs. Or, you can add a CD-ROM file system to the WPAR, which enables you to use a CD-ROM attached to the physical server to install software on theWPAR.
Creating and using application WPARs
Creating an application WPAR is similar to creating a system WPAR. However, instead of the mkWPAR command, you use theWPARexec command, which not only creates the WPAR, but it also starts the application inside it. As previously noted, an application WPAR only exists so long as the application process is running. Once the process terminates, the WPAR is stopped and cleaned up.
To create an (somewhat trivial) application WPAR named myWPAR that will sleep for 100 seconds, enter the command:
WPARexec –n myappWPAR /usr/bin/sleep 100 &
After pressing Enter, several messages display indicating that the WPAR is starting and that file systems are being mounted. If you type the lsWPAR command, the following displays:
# lsWPAR
Name State Type Hostname Directory
myappWPAR A A myappWPAR /
#
This information indicates that a WPAR named myappWPAR exists, that it is in an active state, and that it is an Application WPAR. After 100 seconds, a message displays that the system is shutting down all WPAR processes. Enter lsWPAR again to verify that the WPAR no longer exists.
WPAR Manager
IBM Workload Partitions Manager for AIX (WPAR Manager) is a platform management solution that provides a centralized point of control for managing workload partitions across a collection of managed systems running AIX 6.1. The managed systems might all be LPARs on a single physical server, or they might be located on multiple physical servers. Using WPAR Manager, you can monitor the health and status of multiple WPARs on multiple managed AIXsystems. You can also perform all the basic WPAR life cycle operations—including create, view and manage properties, start, stop, and delete.
WPAR Manager also supports relocation of WPARs between systems in a collection of managed servers. WPARManager supports two kinds of relocation:
Manual relocation—This type of relocation is initiated by the user.
Policy-based relocation—This type of relocation is initiated by WPAR Manager in response to workload conditions defined in a relocation policy.
WPAR Manager is not part of AIX—it’s a separately purchased licensed program (Program number 5756-WPM). But, if you are working with an AIX 6 image that you downloaded during the Open Beta program, you might have the early version of WPAR Manager that was shipped with the beta. This article only touches on the main capabilities of WPARManager. A later article will present a more detailed description of how it works and how to use it.
Starting a WPAR & Logging WPAR:
Starting a WPAR. This could not be simpler:
At the command line type “startWPAR wp13”
At the WPAR Manager, select the WPAR in the defined state then Actions and start
Starting a WPAR takes only a few seconds
Logging into a WPAR
cloginWPAR_NAME
From the global area
WARNING any process started from a clogin will NOT survive a checkpoint and restart. This is regardless of any attempts to disconnect the processes created from the terminal session like UNIX daemon processes try to do.
Recommend – only ever use clogin to repair a broken network otherwise you risk forgetting and your important services halting on you first Relocate. Been there – it was mystifying, painful and wasted half a day.
See the example below:
telnet
Just as you would access a regular copy of AIX you ca
Personally, I use the excellent and freely available tool called PuTTY from my Windows XP based PC. Most of the screen captures here are taken from PuTTY. VNC
Again just like a regular copy of AIX, VNC can be installed and used to gain graphical X Windows access to your machine.
I have not tried it personally, but I assume SSL and ssh will work fine too once set up.
WPAR views of the filesystems
# df – m
Here you can see the WPAR can only list the filesystems that it has – this is good for security. We can also see that the private filesystems (/, /home, /var and /tmp) are read/write but the file systems shared from the global AIX are read-only. This makes it very simple to make a tool or command available to all WPARs on the system – i.e. put the file in the global filesystem that is shared like /usr/local/bin and it becomes available to all WPARs.
WPAR view of the network
# ifconfig -a
en0: flags=5e080863,c0
inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
tcp_sendspace 131072 tcp_recvspace 65536
lo0: flags=e08084b
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
Here you can see the the WPAR is only aware of this network connection and so it can’t get access to the global network or the network of other WPAR. This is good for security.
Compare global and WPAR view of disks and paging space
lsps -a command can be executed from root as well as WPAR to get information of paging space of global paging space & WPAR global paging space.
Here we see that the global AIX as real disks and paging space but the WPAR has neither.
This can confuse some tools – how can a system run with no disks??? Well the WPAR does have filesystems but no direct access to the disks – this means a WPAR systems administrator can’t create logical volumes nor filesystems. this is a two edged sword
The disk management must be done at the global AIX level and then a new filesystem added to a WPAR = OK we can live with that as the global AIX is in charge of real resources.
This stops WPAR system administrators from messing up the machine configuration.
From Global view
we can run
#topas — to see global performance .
#topas -@ WPAR_NAME
Console login to WPAR:
par47p682e_pub[/] > lsWPAR
Name State Type Hostname Directory
MyTestWPAR1 A S MyTestWPAR1 /WPARs/MyTestWPAR1
MyTestWPAR2 A S MyTestWPAR2 /WPARs/MyTestWPAR2
TestWPAR3 A S TestWPAR3 /WPARs/TestWPAR4
LPAR47p682e_pub[/] > clogin MyTestWPAR4
*******************************************************************************
* *
* *
* Welcome to AIX Version 6.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to *
* this release of the AIX Operating System. *
* *
* *
*******************************************************************************
#
You can also connect to WPAR via ssh. It will have its own user id for authentication.
lsvg, lspv commands wont work as all filesystem alocated to WPAR has been created in AIX 6. global environment.
# df -k
Filesystem 1024-blocks Free %Used Iused %Iused Mounted on
/dev/fslv12 131072 104404 21% 2109 9% /
/dev/fslv13 131072 128640 2% 7 1% /home
/opt 262144 119808 55% 3048 11% /opt
/proc – - – - – /proc
/dev/fslv14 131072 128424 3% 9 1% /tmp
/usr 3538944 158320 96% 91414 69% /usr
/dev/fslv15 131072 116816 11% 372 2% /var
To do changes in above mentioned file system . We need to do in global environment. Not frow WPAR. All system adminstartion task of increasing , decreasing, adding, deleting File system are to be done from AIX global environment
Starting & Stopping WPAR Command Output:
NOTE :- All IP shown in the command has been altered as displaying IP on net is invitation to problem.
To reboot test WPAR 2 command is
/usr/bin/stopWPAR -r MyTestWPAR2 Flag r stands for reboot.
output
Stopping workload partition MyTestWPAR2
stopWPAR: 0960-261 Waiting up to 600 seconds for workload partition to halt.
Stopping workload partition MyTestWPAR2.
Stopping workload partition subsystem cor_MyTestWPAR2.
0513-044 The cor_MyTestWPAR2 Subsystem was requested to stop.
stopWPAR: 0960-261 Waiting up to 600 seconds for workload partition to halt.
Shutting down all workload partition processes.
Unmounting all workload partition file systems.
Starting workload partition MyTestWPAR2.
Mounting all workload partition file systems.
Loading workload partition.
Exporting workload partition devices.
Starting workload partition subsystem cor_MyTestWPAR2.
0513-059 The cor_MyTestWPAR2 Subsystem has been started. Subsystem PID is 696392.
Verifying workload partition startup.
To stop WPAR MyTestWPAR2
/usr/sbin/stopWPAR MyTestWPAR2
output
Stopping workload partition MyTestWPAR2.
stopWPAR: 0960-261 Waiting up to 600 seconds for workload partition to halt.
Stopping workload partition MyTestWPAR2.
Stopping workload partition subsystem cor_MyTestWPAR2.
0513-044 The cor_MyTestWPAR2 Subsystem was requested to stop.
stopWPAR: 0960-261 Waiting up to 600 seconds for workload partition to halt.
Shutting down all workload partition processes.
Unmounting all workload partition file systems.
All file systems related to testWPAR 2 will be unmounted.
LPAR47p682e_pub[/] > df -g
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/hd4 0.12 0.02 87% 8105 63% /
/dev/hd2 3.38 0.15 96% 91414 69% /usr
/dev/hd9var 0.25 0.24 6% 477 1% /var
/dev/hd3 0.25 0.25 1% 53 1% /tmp
/dev/hd1 0.12 0.12 1% 8 1% /home
/dev/hd11admin 0.12 0.12 1% 5 1% /admin
/proc – - – - – /proc
/dev/hd10opt 0.25 0.11 55% 3048 11% /opt
p650:/stage/middleware 73.94 13.38 82% 37383 2% /stage/middleware
192.168.1.12:/userdata/20005533 10.00 9.92 1% 19 1% /home/u0005533
/dev/fslv00 0.12 0.10 21% 2106 9% /WPARs/MyTestWPAR1
/dev/fslv01 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR1/home
/dev/fslv02 0.25 0.11 56% 3048 11% /WPARs/MyTestWPAR1/opt
/proc – - – - – /WPARs/MyTestWPAR1/proc
/dev/fslv03 0.12 0.12 3% 13 1% /WPARs/MyTestWPAR1/tmp
/dev/fslv04 3.38 0.14 96% 91483 71% /WPARs/MyTestWPAR1/usr
/dev/fslv05 0.12 0.11 10% 371 2% /WPARs/MyTestWPAR1/var
LPAR47p682e_pub[/] >
We will not able to ping that TestWPAR 172.29.138.23
LPAR47p682e_pub[/] > ping 172.29.138.23
PING 172.29.138.23: (172.29.138.23): 56 data bytes
Alias IP 172.29.138.23 will be removed from en0 network adapter….
LPAR47p682e_pub[/] > ifconfig -a
en1: flags=1e080863,480
inet 10.153.3.101 netmask 0xffff0000 broadcast 10.153.255.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
en0: flags=1e080863,480
inet 172.29.138.149 netmask 0xffffc000 broadcast 172.29.191.255
inet 172.29.138.203 netmask 0xffffc000 broadcast 172.29.191.255
tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
lo0: flags=e08084b
inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
inet6 ::1/0
tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
LPAR47p682e_pub[/] >
LPAR47p682e_pub[/] > lsWPAR
Name State Type Hostname Directory
———————————————————-
MyTestWPAR1 A S MyTestWPAR1 /WPARs/MyTestWPAR1
MyTestWPAR2 D S MyTestWPAR2 /WPARs/MyTestWPAR2 —- >
D state stands for partition is not activated.
To start WPAR
To start WPAR TestWPAR2
LPAR47p682e_pub[/] > startWPAR MyTestWPAR2
Starting workload partition MyTestWPAR2.
Mounting all workload partition file systems.
Loading workload partition.
Exporting workload partition devices.
Starting workload partition subsystem cor_MyTestWPAR2.
0513-059 The cor_MyTestWPAR2 Subsystem has been started. Subsystem PID is 291026.
Verifying workload partition startup.
Filesystem for testWPAR2 is now in mounted state.
LPAR47p682e_pub[/] > df -g
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/hd4 0.12 0.02 87% 8105 63% /
/dev/hd2 3.38 0.15 96% 91414 69% /usr
/dev/hd9var 0.25 0.24 6% 477 1% /var
/dev/hd3 0.25 0.25 1% 53 1% /tmp
/dev/hd1 0.12 0.12 1% 8 1% /home
/dev/hd11admin 0.12 0.12 1% 5 1% /admin
/proc – - – - – /proc
/dev/hd10opt 0.25 0.11 55% 3048 11% /opt
p650:/stage/middleware 73.94 13.38 82% 37383 2% /stage/middleware
192.168.1.12:/userdata/20005533 10.00 9.92 1% 19 1% /home/u0005533
/dev/fslv00 0.12 0.10 21% 2106 9% /WPARs/MyTestWPAR1
/dev/fslv01 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR1/home
/dev/fslv02 0.25 0.11 56% 3048 11% /WPARs/MyTestWPAR1/opt
/proc – - – - – /WPARs/MyTestWPAR1/proc
/dev/fslv03 0.12 0.12 3% 13 1% /WPARs/MyTestWPAR1/tmp
/dev/fslv04 3.38 0.14 96% 91483 71% /WPARs/MyTestWPAR1/usr
/dev/fslv05 0.12 0.11 10% 371 2% /WPARs/MyTestWPAR1/var
/dev/fslv06 0.12 0.10 21% 2107 9% /WPARs/MyTestWPAR2
/dev/fslv07 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR2/home
/dev/fslv08 0.25 0.11 56% 3048 11% /WPARs/MyTestWPAR2/opt
/proc – - – - – /WPARs/MyTestWPAR2/proc
/dev/fslv09 0.12 0.12 3% 10 1% /WPARs/MyTestWPAR2/tmp
/dev/fslv10 3.38 0.14 96% 91483 71% /WPARs/MyTestWPAR2/usr
/dev/fslv11 0.12 0.11 11% 373 2% /WPARs/MyTestWPAR2/var
LPAR47p682e_pub[/] >
To maintain software for sytem WPAR with Global AIX
syncWPAR [ [-a] [-i] | [-F] [-r] ] [-p] [-v] [-X]
{ -A | -f WPARNamesFile | WPARName }
Flags:
-a = Perform additional installation only.
-i = Only update installp filesets.
-F = Force copy RPM files.
-r = Only update RPM files.
-p = Preview operation. Do not actually perform the synchronization.
-v = Verbose mode.
-X = Expand file system space if possible.
-A = Apply operation to all corrals.
-f = Specifies a file containing a list of workload partitions.
Note : – If system WPAR has /usr private file system for WPAR. Synchronisation will Fail …
Listing WPAR Command Output:
Server consist of three Test WPAR
To list All WPAR lsWPAR comamnd is used.
LPAR47p682e_pub[/] > lsWPAR –help
Usage:
Tabular: lsWPAR [-D | -M | -N] [-a fieldname[,...]]
[-q] [-s state] [-t type] [WPARname ...]
Paragraph: lsWPAR {-G | -L | -R | -S | -T}
[-s state] [-t type] [WPARname ...]
Delimited: lsWPAR {-c | -d delim} [-a fieldname[,...] |
-G | {-D|-M|-N} [-a fieldName[,...]] | -R | -S | -T]
[-q] [-s state] [-t type] [WPARname ...]
Flags:
-a = Comma-separated list of field names to print.
-c = Colon delimited output (equivalent to -d:).
-d = Output delimited by specified delimiter.
-D = Print DEVICE EXPORTS.
-G = Print general information (paragraph format).
-L = Long format.
-M = File systems or file system dependencies.
-N = Print network information.
-q = Suppress output header.
-R = Print resource information (paragraph format).
-S = Print security information (paragraph format).
-s = Only print information about workload partitions in a
given state. Valid states are D (Defined), L (Loaded),
A (Active), F (Frozen), P (Paused), T (Transitional)
and B (Broken).
-T = Print operation information.
-t = Only print information about workload partitions of a given type. Valid
types are S (System), A (Application) and C (Checkpointable).
To have detail inormation of WPAR Use -L flag
LPAR47p682e_pub[/] > Use -L flag lsWPAR
Name State Type Hostname Directory
———————————————————-
MyTestWPAR1 A S MyTestWPAR1 /WPARs/MyTestWPAR1
MyTestWPAR2 A S MyTestWPAR2 /WPARs/MyTestWPAR2
TestWPAR3 A S TestWPAR3 /WPARs/TestWPAR3
LPAR47p682e_pub[/] > lsWPAR TestWPAR3
Name State Type Hostname Directory
—————————————————-
TestWPAR3 A S TestWPAR3 /WPARs/TestWPAR3
========================================================================
THere are diffrent state of WPAR — ref Man page
The lsWPAR command prints information about one or more specified workload partition (or all workload partitions if none are specified) to standard output.
You can filter all listings according to the following workload partition states using the -s flag:
Defined : The workload partition has been defined by the mkWPAR command and is ready for use, but is not active. Start workload partitions in this state with the startWPAR command.
Loaded : The workload partition has been configured in the kernel, but processes have not yet been started. Note: This state is visible only to
programmatic consumers that use the lsWPAR command to start a workload partition.
Active : The workload partition is running normally.
Frozen : A checkpoint operation is initiated, and the processes of the workload partition are quiesced, awaiting the storing phase. Note: The Frozen state is only visible when you use the lsWPAR command to checkpoint a workload partition. The checkpoint or restart function requires additional software package other than base WPAR.
Paused : A checkpoint or restart operation has been performed, and the workload partition’s processes are ready to be resumed or killed. The checkpoint or restart functionality requires additional software.
Transitional : An administrative operation is in progress. The workload partition is in the process of being created, started, stopped, configured, and so on.
Broken : An administrative operation failed, leaving this workload partition in an unusable state. You can filter all listings according to the following workload partition types using the -t flag:
Application: This is an application workload partition, running a single process (or a group of processes invoked by that means) without isolated system services. The process or group of processes inherits its operating environment (file systems, security, devices. and so on) from the environment where the application workload partition was created.
System : This is a system workload partition, emulating an independent, fully-functional instance of the operating system. If additional checkpoint or restart software is installed, you can also specify the following type:
Checkpointable : This workload partition is enabled for checkpoint or restart functions. Tip: This is not a mutually exclusive workload partition type. Checkpointable workload partitions are still either System or Application workload partitions.
=======================================================================
To list detail of MyTestWPAR1
====================================================================
LPAR47p682e_pub[/] > lsWPAR -L MyTestWPAR1
=================================================================
MyTestWPAR1 – Active
=================================================================
GENERAL
Type: S
Owner: root
Hostname: MyTestWPAR1
Directory: /WPARs/MyTestWPAR1
Start/Stop Script:
Auto: yes
Private /usr: yes
Checkpointable: no
Application:
NETWORK
Interface Address Mask/Prefix Broadcast
—————————————————————–
en0 172.29.138.203 255.255.192.0 172.29.191.255
FILE SYSTEMS
MountPoint Device Vfs Nodename Options
—————————————————————–
/WPARs/MyTestWPAR1 /dev/fslv00 jfs2
/WPARs/MyTestWPAR1/home /dev/fslv01 jfs2
/WPARs/MyTestWPAR1/opt /dev/fslv02 jfs2 rw
/WPARs/MyTestWPAR1/proc /proc namefs rw
/WPARs/MyTestWPAR1/tmp /dev/fslv03 jfs2
/WPARs/MyTestWPAR1/usr /dev/fslv04 jfs2 rw
/WPARs/MyTestWPAR1/var /dev/fslv05 jfs2
RESOURCE CONTROLS
Active: yes
Resource Set:
CPU Shares: 20
CPU Limits: 0%-100%,100%
Memory Shares: 20
Memory Limits: 0%-100%,100%
Per-Process Virtual Memory Limit: unlimited
Total Processes: unlimited
Total Threads: unlimited
OPERATION
Operation: none
Process ID:
Start Time:
SECURITY SETTINGS
Privileges: PV_AU_,PV_AU_ADD,PV_AU_ADMIN,PV_AU_PROC,PV_AU_READ,
PV_AU_WRITE,PV_AZ_ADMIN,PV_AZ_CHECK,PV_AZ_READ,PV_AZ_ROOT,
PV_DAC_,PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_RID,PV_DAC_UID,
PV_DAC_W,PV_DAC_X,PV_DEV_CONFIG,PV_DEV_QUERY,PV_FS_CHOWN,
PV_FS_CHROOT,PV_FS_CNTL,PV_FS_LINKDIR,PV_FS_MKNOD,
PV_FS_MOUNT,PV_FS_QUOTA,PV_KER_ACCT,PV_KER_CONF,PV_KER_DR,
PV_KER_EWLM,PV_KER_EXTCONF,PV_KER_IPC,PV_KER_IPC_O,
PV_KER_IPC_R,PV_KER_IPC_W,PV_KER_LVM,PV_KER_NFS,PV_KER_RAC,
PV_KER_RAS_ERR,PV_KER_REBOOT,PV_NET_PORT,PV_PROC_CKPT,
PV_PROC_CORE,PV_PROC_CRED,PV_PROC_ENV,PV_PROC_PRIO,
PV_PROC_RAC,PV_PROC_RTCLK,PV_PROC_SIG,PV_PROC_TIMER,
PV_PROC_VARS,PV_PROC_PRIV,PV_SU_UID,PV_TCB,PV_TP,PV_TP_SET,
PV_MIC,PV_MIC_CL,PV_LAB_,PV_LAB_CL,PV_LAB_CLTL,PV_LAB_LEF,
PV_LAB_SLDG,PV_LAB_SLDG_STR,PV_LAB_SL_FILE,PV_LAB_SL_PROC,
PV_LAB_SL_SELF,PV_LAB_SLUG,PV_LAB_SLUG_STR,PV_LAB_TL,
PV_MAC_,PV_MAC_CL,PV_MAC_R,PV_MAC_R_CL,PV_MAC_R_STR,
PV_MAC_R_PROC,PV_MAC_W,PV_MAC_W_CL,PV_MAC_W_DN,PV_MAC_W_UP,
PV_MAC_W_PROC,PV_MAC_OVRRD,PV_KER_SECCONFIG,
PV_PROBEVUE_TRC_USER,PV_PROBEVUE_TRC_USER_SELF
DEVICE EXPORTS
Name Type
—————————————————————–
/dev/null pseudo
/dev/tty pseudo
/dev/console pseudo
/dev/zero pseudo
/dev/clone pseudo
/dev/sad clone
/dev/xti/tcp clone
/dev/xti/tcp6 clone
/dev/xti/udp clone
/dev/xti/udp6 clone
/dev/xti/unixdg clone
/dev/xti/unixst clone
/dev/error pseudo
/dev/errorctl pseudo
/dev/audit pseudo
/dev/nvram pseudo
=========================================================================
Listing file system of diffrent WPAR in server . THere are three WPAR.
LPAR47p682e_pub[/] > df -g
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/hd4 0.12 0.01 91% 8120 68% /
/dev/hd2 3.38 0.15 96% 91414 69% /usr
/dev/hd9var 0.25 0.24 6% 488 1% /var
/dev/hd3 0.25 0.25 1% 55 1% /tmp
/dev/hd1 0.12 0.12 1% 8 1% /home
/dev/hd11admin 0.12 0.12 1% 5 1% /admin
/proc – - – - – /proc
/dev/hd10opt 0.25 0.11 55% 3048 11% /opt
p650:/stage/middleware 73.94 13.38 82% 37383 2% /stage/middleware
192.168.1.12:/userdata/20005533 10.00 9.92 1% 19 1% /home/u0005533
——————————————————————————
WPAR1 Filesystem
/dev/fslv00 0.12 0.10 21% 2107 9% /WPARs/MyTestWPAR1
/dev/fslv01 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR1/home
/dev/fslv02 0.25 0.11 56% 3048 11% /WPARs/MyTestWPAR1/opt
/proc – - – - – /WPARs/MyTestWPAR1/proc
/dev/fslv03 0.12 0.12 3% 13 1% /WPARs/MyTestWPAR1/tmp
/dev/fslv04 3.38 0.14 96% 91483 71% /WPARs/MyTestWPAR1/usr
/dev/fslv05 0.12 0.11 10% 371 2% /WPARs/MyTestWPAR1/var
/proc – - – - – /WPARs/MyTestWPAR1/proc
——————————————————————————
WPAR 2 File system
/dev/fslv06 0.12 0.10 21% 2112 9% /WPARs/MyTestWPAR2
/dev/fslv07 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR2/home
/dev/fslv08 0.25 0.11 56% 3048 11% /WPARs/MyTestWPAR2/opt
/proc – - – - – /WPARs/MyTestWPAR2/proc
/dev/fslv09 0.12 0.12 3% 10 1% /WPARs/MyTestWPAR2/tmp
/dev/fslv10 3.38 0.14 96% 91483 71% /WPARs/MyTestWPAR2/usr
/dev/fslv11 0.12 0.11 11% 374 2% /WPARs/MyTestWPAR2/var
——————————————————————————
WPAR 3 FIle System
/dev/fslv12 0.12 0.10 21% 2103 9% /WPARs/MyTestWPAR3
/dev/fslv13 0.12 0.12 2% 5 1% /WPARs/MyTestWPAR3/home
/opt 0.25 0.11 55% 3048 11% /WPARs/MyTestWPAR3/opt
/proc – - – - – /WPARs/MyTestWPAR3/proc WPAR 3
/dev/fslv14 0.12 0.12 3% 9 1% /WPARs/MyTestWPAR3/tmp
/usr 3.38 0.15 96% 91414 69% /WPARs/MyTestWPAR3/usr
/dev/fslv15 0.12 0.11 11% 370 2% /WPARs/MyTestWPAR3/var
LPAR47p682e_pub[/] >
==========================================================================
Comparing AIX 6.1 WPAR to the Global AIX:
Lets take a look around a WPAR and compare it to the global AIX
What can we find out from the global AIX about the WPARs we already have?
List the WPARs with lsWPAR
WPARs called wp03 and wp05 are active system Workload Partiotion but wp09 is only defined it can be made Active by running the “startWPAR wp09″ command.
Key:
State A=active
State D=defined
State B=broken
State T=transitory i.e. changing state
Type A=Application WPAR
Type S=System WPAR
In this example all my WPAR are have simple names starting with “wp” and then two digits. This is, or course, not mandatory.
What is in /WPARs ?
This is a new directory specifically for WPAR use in this we find:
One sub-directory for each WPAR and in this sub-directory we find:
If you have used AIX much you will recognize this as the regular files and directories of AIX because that is pretty much what you get with an WPAR.
When I check the disk space use of a WPAR on the NFS server I find a basic just installed WPAR is using:
I make that around 25MB in size – this is a very small overhead. Remember by default the big filesystems like /usr and /opt are shared with the global AIX. If you really need a writable /usr, for example, this is possible but then you need to find the extra disk space too. If you have an application that is normally, installed in these filesystems (generally regarded as a poor application) then you can install it in the global AIX and every sharing WPAR can access the files – this can reduce the workload of installing applications a great deal.
List the mount points
The global AIX has its own mount point and the mount points for the WPARs it is hosting:
Here we see the regular mount points of AIX: /, /usr, /var, /tmp, /home, /opt
and then for each of the active WPAR there are additional mounts as below
NFS mount for the read/write private filesystem: /, /home. /tmp and /var
remounts to make them read-only of: /opt and /user
More WPAR details with lsWPAR -L
This “lsWPAR -L ” list all the attributes of the WPAR
Sections
General section - has the basic information and where the WPAR data can be found
Network section - has the IP address etc.
Filesystems - note some local read-only filesystems nd some read-write and private over NFS in this case
Resources like Workload Manager (WLM) which has been part of AIX for years and years – see http://www.ibm.com/developerworks/AIX/library/au-Practical_WLM.html for details of how these are used as theWPAR resource control is built on top of WLM. When a WPAR is started a WLM Class is automatically created.
Operation - this WPAR has not been moved
Security based on Role Based Access Control (RBAC) – not covered here see the AIX Security Redbook for more details Export devices are various items that the WPAR has which are distinct form the global AIX for security and performance Network
In the global AIX we can find the following out about the network:
See the network aliases (9.69.44.115 and 113) that are used to “piggy back” the real network card in the global AIXwith IP address 9.69.44.236. The top line with the IP Address is the IP Address that the global AIX uses the lines below are the network aliases used by the WPAR – one each. This also highlights that the global AIX and WPARneeds to be in the same sub-net
Introduction to WPAR in AIX 6
Introduction to Workload Partitions – WPAR 101
Workload Partitioning is a virtualization technology that utilizes software rather than firmware to isolate users and/or applications.
A Workload Partition (WPAR) is a combination of several core AIX technologies. There are differences of course, but here the emphasis is on the similarities. In this essay I shall describe the characteristics of these technologies and how workload partitions are built upon them.
There are two types of WPAR: system and application.My focus is on system WPAR as this more closely resembles aLPAR or a seperate system. In other words, a system WPAR behaves as a complete installation of AIX. At a later time application workload partitions will be described in terms of how they differ from a system WPAR. For the rest of this document WPAR and system WPAR are to be considered synonomous.
AIX system software has three components: root, user, and shared. The root component consists of all the software and data that are unique to that system or node. The user (or usr) part consists of all the software and data that is common to all AIX systems at that particular AIX software level (e.g., oslevel AIX 5.3 TL06-01, or AIX 5.3 TL06-02, orAIX 6.1). The shared component is software and data that is common to any UNIX or Linux system.
In it’s default configuration a WPAR inherits it’s user (/usr) and shared (/usr/share, usually physically included in /usr filesystem) components from the global system. Additionally, the WPAR inherits the /opt filesystem. The /opt filesystem is the normal installation area in the rootvg volume group for RPM and IHS packaged applications and AIXLinux affinity applications and libraries. Because multiple WPAR‘s are intended to share these file fystems (/usr and /opt) they are read-only by WPAR applications and users. This is very similiar to how NIM (Network Installation Manager) diskless and dataless systems were configured and installed. Since only the unique rootvg volume group file systems need to be created (/, /tmp, /var, /home) creation of a WPAR is a quick process.
The normal AIX boot process is conducted in three phases:
1) boot IPL, or locating and loading the boot block (hd5);
2) rootvg IPL (varyonvg of rootvg),
3) rc.boot 3 or start of init process reading /etc/inittab
A WPAR activation or “booting” skips step 1. Step 2 is the global (is hosting) system mounting the WPAR filesystems – either locally or from remote storage (currently only NFS is officially supported, GPFS is known to work, but not officially supported at this time (September 2007)). The third phase is staring an init process in the global system. This @init@ process does a chroot to the WPAR root filesystem and performs an AIX normal rc.boot 3 phase.
WPAR Management
WPAR Management in it’s simpliest form is simply: Starting, Stopping, and Monitoring resource usage. And, not to forget – creating and deleting WPAR.
Creating a WPAR is a very simple process: the onetime prequistite is the existance of the directory /WPARs with mode 700 for root. Obviously, we do not want just anyone wondering in the virtualized rootvg’s of the WPAR. And, if theWPAR name you want to create resolves either in /etc/hosts or DNS (and I suspect NIS) all you need to do is enter:
# mkWPAR -n
If you want to save the output you could also use:
# nohup mkWPAR -n & sleep 2; tail -f nohup.out
and watch the show!
This creates all the WPAR filesystems (/, /home, /tmp, /var and /proc) and read-only entries for /opt and /usr. After these have been made, they are mounted and “some assembly” is performed, basically installing the root part of the filesets in /usr. The only “unfortunate” part of the default setup is that all filesystems are created in rootvg, and using generic logical partition names (fslv00, fslv01, fslv02, fslv03). Fortunately, there is an argument (-g) that you can use to get the logical partitions made in a different volume group. There are many options for changing all of these and they will be covered in my next document when I’ll discuss WPAR mobility.
At this point you should just enter:
# startWPAR
wait for prompt and from “anywhere” you can connect to the running WPAR just as if it was a seperate system. Just do not expect to make any changes in /usr or /opt (software installation is also a later document).
AIX 6.1 WPAR Commands:
Most of these commands are only runable by root user for the Global LPAR (Global Environment).
chWPAR Modifies dynamically the configuration options of the WPAR even when it is
running.
clogin Provides a mechanism for the root user to log in or run a command within a
workload partition. The “clogin” command uses a pseudo-terminal allocated on
the Global Environment (see in the mobility part the impact of this) and creates
a login shell running which belongs to the workload partition.
lsWPAR Prints information about WPARs
mkWPAR Specific for System WPAR – Builds the infrastructure and the configuration
file. Then it creates and populates the WPARs file systems. Allocate the
specified resources as well as the WLM information (if any) and eventually
starts it. Specifying whether the workload partitions should be automatically
started on system boot or when /etc/rc.WPARs is executed.
startWPAR Activates the System WPAR defined with mkWPAR
WPARexec Specific for Application WPAR – Builds, create specification file and
eventually starts the Application WPAR
rebootWPAR Stops and resumes a System Workload Partition. It cannot be run within a
WPAR
rmWPAR Deletes the specified Workload Partition from the system as well as its
configuration and its WLM profile
stopWPAR Kills the WPAR and deallocate all resources belonging to it. It removes the
Application WPAR
syncWPAR Specific to System WPAR – Synchronizes the software installed in the global
shared parts (usually /usr and /opt) with the workload partition’s root part
Note: The mkWPAR and startWPAR can update the global file /etc/WPARs:
Note: /etc/rc.WPARs: Specific to System WPAR – this script is run at main system boot it
invokes the startWPAR command on all workload partitions with the autostart option.
Some commands have different or enhanced behavior in a WPAR environment. The list
includes acctcom, acctctl, df, domainname, hosted, hostname, ifconfig, ioo, ipcrm, ipcs,
mkclass, mount, netstat, nfso, no, projctl, ps , schedo, uname, vmo, wlmstat, wlmtune,
wlmcntrl. This change is described in the AIX 6 documentation.
The simplest way to administrate WPARs using command lines (CLI) is to issue the
command smitty WPAR which will provide the interface to these commands.
Creating a WPAR in AIX 6.1:
You can create a WPAR in many ways:
1 – Make the simplest possible WPAR
To make a simple WPAR with its file systems on the global AIX disks, just type the following:
mkWPAR -n myfirstWPARAll we have supplied is a WPAR name and this WPAR is not even on the network. We have to use a special command (clogin) to gain access to the WPAR from the global area. while very secure this is not very useful but shows that all the defaults can be taken. This mkWPAR command takes a few minutes and does the following:
Creates the filesystems for the WPAR
Mounts the filesystems
copies over some files from the global AIX
Performance an install of AIX packages (much like what we see while installing AIX) to create the files in the WPARprivate filesystems (/, /var, /home and /tmp) we don’t need to rebuild the read-only filesystems).
The WPAR is prepared and made ready to run.
This takes about 3 to 4 minutes on my System p p550Q where my global LPAR is a Virtual I/O Server (VIOS) client so the disks are virtualized and actually on the VIOS. It also seems to be roughly the same regardless of local disk or NFS filesystems.
2 – Make local disk WPAR with a network.
We might as well put the WPAR straight on the network to save time. Simply add the -N options as you might expect. You will need to have a IP address and hostname allocated. We also need to supply the hostname with the -h option. Note: I name the WPAR after the hostname (i.e. wp13) – this makes life simpler but its not mandatory. Finally, the -r option means use the DNS setting of the global AIX for the WPAR – this saves time. In this example, we have assumed the global AIX is on just the one default network. If there was more than one we would need to specify which. We will explore how the WPAR gets network access later on.
mkWPAR -n wp13 -h wp13 -N netmask=255.255.255.0 address=8.9.10.11 -r
Note: Of course, replace the network IP addresses to suite your network – I just made these number up.
3 – Make NFS disk WPAR with a network – ready for Mobility/Relocation
If we want to move the WPAR between global AIX copies i.e. between LPARs or machines then we need to NFS mount the WPAR private filesystems. Assuming here that we have the NFS running and have made the NFS mount points available to this global AIX and to the WPAR hostnames (in this example wp13) then we use the following command.
mkWPAR -n wp13 -h wp13 -N netmask=255.255.255.0 address=3.4.5.6 -r -c \
-M directory=/ vfs=nfs host=blue.ibm.com dev=/scratch/wp13root \
-M directory=/home vfs=nfs host=blue.ibm.com dev=/scratch/wp13home \
-M directory=/tmp vfs=nfs host=blue.ibm.com dev=/scratch/wp13tmp \
-M directory=/var vfs=nfs host=blue.ibm.com dev=/scratch/wp13var
Note the extra options in this command:
-c means this WPAR is “checkpointable” which is used to in Live Application Mobility = Relocate to a different AIX.
-M there is one of these for each of the four private filesystems for the WPAR. Hopefully, it is clear in the example that we have the filesystem name (directory=), the connection(vfs=nfs) and there may be other ways of supporting the file system in the future, and the hostname and mount point of the NFS server.
This gives you a fully functioning relocatable WPAR and is the command I use to create new WPARs. I simply take an existing script containing this command and edit it to suit the next WPAR. You could make a more generic single script if you have time and things like the mount points are similar for each WPAR.
4 – As above but via a Spec File
An alternative way to create a WPAR is using a “spec file” which includes the options you want. The option you specify on the command like will over ride the file contents. You can ask the mkWPAR command to save a spec file with the -o option the first time you run it or you can find the master copies in the /WPARs directory. You can take a spec file of a current WPAR and change it for WPAR specific details and use that to create a new WPAR.
mkWPAR -f my.specthe spec file looks like the one below:
general:
name = “wp13″
preserve = “no”
hostname = “wp13″
checkpointable = “yes”
directory = “/WPARs/wp13″
privateusr = “no”
devices = “/etc/WPARs/devexports”
network:
broadcast = “9.69.44.255″
interface = “en0″
netmask = “255.255.255.0″
address = “9.69.44.123″
mount:
dev = “/scratch/wp13root”
mountopts = “bg,intr”
directory = “/”
vfs = “nfs”
host = “blue.ibm.com”
mount:
dev = “/scratch/wp13home”
mountopts = “bg,intr”
directory = “/home”
vfs = “nfs”
host = “blue.ibm.com”
mount:
dev = “/scratch/wp13tmp”
mountopts = “bg,intr”
directory = “/tmp”
vfs = “nfs”
host = “blue.ibm.com”
mount:
dev = “/scratch/wp13var”
mountopts = “bg,intr”
directory = “/var”
vfs = “nfs”
host = “blue.ibm.com”
mount:
dev = “/usr”
directory = “/usr”
vfs = “namefs”
mountopts = “ro”
mount:
dev = “/proc”
directory = “/proc”
vfs = “namefs”
mountopts = “rw”
mount:
dev = “/opt”
directory = “/opt”
vfs = “namefs”
mountopts = “ro”
security:
secfile = “/etc/WPARs/secattrs”5 – Creating with smitty
The “smitty WPAR” command will take you to the smitty panels to control and create a WPAR.
If you have understood the above information requirements you should have no problem at all using smitty but I find filling in all the NFS mount points etc. a little tedious.
6 – Creating with WPAR Manager
The WPAR Manager allows two ways to create a WPAR:
The full Guided Activity – Create Workload Partition (take the link on the left had sidebar) which will take you through a series of panels for the various aspects of the WPAR and then create a WPAR for you. The simple quick Resource Views – Workload Partitions (the panel which shows the WPARs) and click on “New”. this asks the bare minimum of info and creates a WPAR to which you can later add. We will look at WPAR Manager further down this article.
Summary
WPAR creation is very similar to the process NIM uses for diskless and dataless installations. This method relies onAIX rootvg software consisting of three components: root, user and share. The normal boot process is emulated by the global system “hosting” the WPAR. Phase 1 is not needed; Phase 2 is the mount of the WPAR filesystem resources; and Phase 3 is a so-called @init@ process that is seen as the regular init in the WPAR environment. This is the process that reads and processes /sbin/rc.boot 3 and /etc/inittab just as a normal AIX system would.