Fix for the AIX filesystems and general search techniques:

If the file system recently overflowed, use the -newer flag to find recently modified files.

To produce a file for the -newer flag to find against, use the following touch command:

touch mmddhhmm filename   (eg: touch 01192000 test_mohi)

Where mm is the month, dd is the date, hh is the hour in 24–hour format, mm is the minute, and filename is the name of the file you are creating with the touch command.

After you have created the touched file, you can use the following command to find newer large files:

find /filesystem_name -xdev -newer touch_filename -ls

(eg: fine /var -xdev -newer /test_mohi -ls)

You can also use the find command to locate files that have been changed in the last 24 hours, as shown in the following example:

find /filesystem_name -xdev -mtime 0 -ls

******

/ (root) overflow

Check the following when the root file system (/) has become full.

Use the following command to read the contents of the /etc/security/failedlogin file:
```
who /etc/security/failedlogin
```
The condition of TTYs recreating too rapidly can create failed login entries. To clear the file after reading or saving the output, execute the following command:
```
cp /dev/null /etc/security/failedlogin
```
Check the /dev directory for a device name that is typed incorrectly. If a device name is typed incorrectly, such as rmto instead of rmt0, a file will be created in /dev called rmto. The command will normally proceed until the entire root file system is filled before failing. /dev is part of the root (/) file system. Look for entries that are not devices (that do not have a major or minor number). To check for this situation, use the following command:
```
cd /dev
ls -l | pg
```
In the same location that would indicate a file size for an ordinary file, a device file has two numbers separated by a comma. For example:
```
crw-rw-rw-   1 root     system    12,0 Oct 25 10:19 rmt0
```
If the file name or size location indicates an invalid device, as shown in the following example, remove the associated file:
```
crw-rw-rw-   1 root     system   9375473 Oct 25 10:19 rmto
```
Note:
- Do not remove valid device names in the /dev directory. One indicator of an invalid device is an associated file size that is larger than 500 bytes.
- If system auditing is running, the default /audit directory can rapidly fill up and require attention.
Check for very large files that might be removed using the find command. For example, to find all files in the root (/) directory larger than 1 MB, use the following command:
```
find / -xdev -size  +2048 -ls |sort -r -n +6
```
This command finds all files greater than 1 MB and sorts them in reverse order with the largest files first. Other flags for the find command, such as -newer, might be useful in this search. For detailed information, see the command description for the find command.
Note: When checking the root directory, major and minor numbers for devices in the /dev directory will be interspersed with real files and file sizes. Major and minor numbers, which are separated by a comma, can be ignored.
Before removing any files, use the following command to ensure a file is not currently in use by a user process:
```
fuser filename
```
Where filename is the name of the suspect large file. If a file is open at the time of removal, it is only removed from the directory listing. The blocks allocated to that file are not freed until the process holding the file open is killed.

******

Resolving overflows in the /var file system

Check the following when the /var file system has become full.

You can use the find command to look for large files in the /var directory. For example:
```
find /var -xdev -size  +2048 -ls| sort -r  +6
```
For detailed information, see the command description for the find command.
Check for obsolete or leftover files in /var/tmp.
Check the size of the /var/adm/wtmp file, which logs all logins, rlogins and telnet sessions. The log will grow indefinitely unless system accounting is running. System accounting clears it out nightly. The /var/adm/wtmp file can be cleared out or edited to remove old and unwanted information. To clear it, use the following command:
```
cp /dev/null  /var/adm/wtmp
```
To edit the /var/adm/wtmp file, first copy the file temporarily with the following command:
```
/usr/sbin/acct/fwtmp < /var/adm/wtmp >/tmp/out
```
Edit the /tmp/out file to remove unwanted entries then replace the original file with the following command:
```
/usr/sbin/acct/fwtmp -ic < /tmp/out > /var/adm/wtmp
```
Clear the error log in the /var/adm/ras directory using the following procedure. The error log is never cleared unless it is manually cleared.
Note: Never use the cp /dev/null command to clear the error log. A zero-length errlog file disables the error logging functions of the operating system and must be replaced from a backup.
1. Stop the error daemon using the following command:
```
/usr/lib/errstop
```
2. Remove or move to a different filesystem the error log file by using one of the following commands:
```
rm /var/adm/ras/errlog
```
  or
```
mv /var/adm/ras/errlog filename
```
  Where filename is the name of the moved errlog file.
  
  Note: The historical error data is deleted if you remove the error log file.
3. Restart the error daemon using the following command:
```
/usr/lib/errdemon
```
Note: Consider limiting the errlog by running the following entries in cron:
```
0 11 * * * /usr/bin/errclear -d S,O 30    
0 12 * * * /usr/bin/errclear -d H 90
```
Check whether the trcfile file in this directory is large. If it is large and a trace is not currently being run, you can remove the file using the following command:
```
rm /var/adm/ras/trcfile
```
If your dump device is set to hd6 (which is the default), there might be a number of vmcore* files in the /var/adm/ras directory. If their file dates are old or you do not want to retain them, you can remove them with the rm command.
Check the /var/spool directory, which contains the queuing subsystem files. Clear the queueing subsystem using the following commands:
```
stopsrc -s qdaemon
rm /var/spool/lpd/qdir/*
rm /var/spool/lpd/stat/*
rm /var/spool/qdaemon/*
startsrc -s qdaemon
```
Check the /var/adm/acct directory, which contains accounting records. If accounting is running, this directory may contain several large files.
Check the /var/preserve directory for terminated vi sessions. Generally, it is safe to remove these files. If a user wants to recover a session, you can use the vi -r command to list all recoverable sessions. To recover a specific session, usevi -r filename.
Modify the /var/adm/sulog file, which records the number of attempted uses of the su command and whether each was successful. This is a flat file and can be viewed and modified with a favorite editor. If it is removed, it will be recreated by the next attempted su command. Modify the /var/tmp/snmpd.log, which records events from the snmpd daemon. If the file is removed it will be recreated by the snmpd daemon.
Note: The size of the /var/tmp/snmpd.log file can be limited so that it does not grow indefinitely. Edit the /etc/snmpd.conf file to change the number (in bytes) in the appropriate section for size.

VIOS is nothing but the AIX OS added with the additional softwares,

Single VIOS migration is a direct approach, We need to do shutdown all the VIO Clients and do the migration on the VIOS.

Dual VIOS is different since We can run the clients with the redundancy path and the network during a migration of the VIOS.

Note: We need to make sure the disk paths and NW redundancy on all the VIO clients.

Step by step Procedure for dual VIOS migration:

Considerations:
1. Make sure the control channel VLAN is same and Its health status.
2. Identify the Primary and Secondary VIO server.
3. Make sure the SEA adapter's "ha_mode" should be "auto".
4. Check all the clients disk path is redundant (atleast 2 paths and each one should come from different VIO Server).
5. IF THE DISKS IN A MIRRORED ROOTVG FOR THE VIO CLIENTS ARE COMING FROM EACH VIO SERVER AND BOTH THE DISKS HAVE A SINGLE PATH, RUN SYNCVG AND WAIT TO SYNCHRONIZE AFTER EACH UPDATE

Procedure:

1. Check VIO's sea adapter state and update the VIO Server who is in backup mode first.

To check VIO Servers state run the following script

for x in $(lsdev -Cc adapter |grep -i shared|awk '{print $1}')
do
echo $x
entstat -d $x|grep -E State
done

ent10
State: BACKUP
ent11
State: BACKUP

2. On the VIO Server which is in backup mode

Check ioslevel in padmin mode

Note: If any interim fixes were installed then remove that.

$ oem_setup_env

# emgr –P -> To list the interim fixes

# emgr –r –L -> To remove the interim fixes
$ ioslevel
2.1.3.10-FP-23
Commit all the updates
$ updateios -commit
There are no uncommitted updates.

For the safer side
force the sea adapters to backup state

chdev -dev ent10 -attr ha_mode=standby
chdev -dev ent11 -attr ha_mode=standby

Mount the remote file system , location where vio updates are kept
and use command
updateios -accept -install -dev

reboot VIO Server after installation is complete
and accept license
$ license -accept
$ ioslevel
2.2.1.3
now change the sea adapters into auto mode again
chdev -dev ent10 -attr ha_mode=auto
chdev -dev ent11 -attr ha_mode=auto
3)Now move to the other VIO Server and change the sea adapter to standby mode

chdev -dev ent10 -attr ha_mode=standby
chdev -dev ent11 -attr ha_mode=standby

Now the adapters at the previous vio servers should be viewed as primary and the adapters at the current vio server

Now follow the same procedure to update this vio server as the previous one
after reboot and license update
change the adapter again to auto

AIX, HACMP, PowerVM

AIX - Filesystem space management

/ (root) overflow

Resolving overflows in the /var file system

Power VM - Dual VIO Migration