Edit: How many of you used or still use WPARs?
Originally posted January 21, 2008 on AIXchange
Last week I discussed workload partitions (WPARs) in AIX 6. Now let’s continue with this topic and look at how you actually create and use a WPAR.
With WPARs in AIX 6.1, there’s only one copy of the AIX operating system to worry about–it’s called the global instance. From this global instance, you manage your WPARs. Creating a basic WPAR is as simple as entering:
mkwpar -n mywpar
and waiting a few minutes. After the wait is done, enter:
startwpar mywpar
and you have a running WPAR.
As I previously noted, the IBM Redbook on Workload Partition Mobility gives much more information.
Here you’ll learn about specification files that you can create so that you can clone your WPARs, the differences between application WPARs and system WPARs, etc. If you set up networking (or if your hostname already existed in /etc/hosts on your machine when you created your WPAR) then you can ssh or telnet into your WPAR, as if it were any other machine on the network. You can also get a console login by entering:
clogin mywpar
from the global instance of AIX.
Again, from the Redbook:
“The separation of user sets (or security domains) between different system workload partitions also enables the system administrators to isolate groups of users logging on in AIX environments according to their application access control requirements. Users defined in one system WPAR are unaware of the applications executing in the global environment or in other WPARs. They cannot see the list of users or processes outside their WPAR.”
This means that there’s a different /etc/passwd file and a different root user for the WPAR. You can change the WPAR root password and give it to a junior administrator or database admin, or any users who think that they need root. They can do what they need to do as root, but they don’t effect the AIX global instance. If they break something, they only hurt themselves, not anyone else on the system.
Perhaps, for example, an application runs better when managed using root. Instead of setting up sudo, or a role-based access control (RBAC), just give the user the root password to the WPAR. Think of a chroot jail, or any other virtual environment you’re used to.
You cannot see any disks in a WPAR. It lives in a bunch of filesystems in the global instance:
/dev/fslv03 262144 208144 21% 1710 7% /wpars/mywpar
/dev/fslv04 131072 128312 3% 5 1% /wpars/mywpar/home
/opt 262144 54144 80% 2103 26% /wpars/mywpar/opt
/proc – – – – – /wpars/mywpar/proc
/dev/fslv05 262144 256856 3% 10 1% /wpars/mywpar/tmp
/usr 3276800 113072 97% 33643 68% /wpars/mywpar/usr
/dev/fslv06 262144 236008 10% 365 2% /wpars/mywpar/var
There are flags to encapsulate the whole WPAR into one filesystem on your machine. If you want to set up 10 WPARs on your machine, your /etc/filesystems and df output in your global instance can get pretty ugly pretty quickly.
It is spooky the first time you run lspv and lsvg in WPAR and get nothing in return.
# lspv
# lsvg
0516-318 lsvg: No volume groups found.
Be sure to read about the -@ flags that many commands use now. If I’m in my global instance and I want to see the processes running in my WPAR, I can enter:
ps -ef -@ mywpar
WPAR UID PID PPID C STIME TTY TIME CMD
mywpar root 278754 385194 0 Dec 07 – 0:00 /usr/sbin/syslogd
mywpar root 315502 385194 0 Dec 07 – 0:00 /usr/sbin/qdaemon
mywpar root 319598 385194 0 Dec 07 – 0:00 /usr/sbin/sshd
mywpar root 344148 385194 0 Dec 07 – 0:00 /usr/sbin/writesrv
mywpar root 348376 385194 0 Dec 07 – 0:00 /usr/sbin/rsct/bin/IBM
mywpar root 364548 385194 0 Dec 07 – 0:01 /usr/sbin/rsct/bin/rmc
mywpar root 385194 413910 0 Dec 07 – 0:00 /usr/sbin/srcmstr
mywpar root 409814 413910 0 Dec 07 – 0:00 /usr/local/bin/aixagen
mywpar root 413910 200850 0 Dec 07 – 0:00 /etc/init
mywpar root 426046 413910 0 Dec 07 – 0:00 /usr/lib/errdemon
mywpar root 430208 413910 0 Dec 07 – 0:00 /usr/sbin/cron
mywpar root 438510 385194 0 Dec 07 – 0:00 /usr/sbin/rpc.lockd -d
mywpar root 442490 385194 0 Dec 07 – 0:00 /usr/sbin/portmap
mywpar root 446646 385194 0 Dec 07 – 0:00 /usr/sbin/inetd
mywpar root 458986 385194 0 Dec 07 – 0:00 /usr/sbin/biod 6
mywpar root 463090 385194 0 Dec 07 – 0:04 sendmail: accepting co
mywpar root 557080 385194 0 Dec 07 – 0:06 /usr/sbin/rsct/bin/IBM
mywpar root 561182 385194 0 Dec 07 – 0:00 /usr/sbin/rsct/bin/IBM
and only see the processes that belong to that WPAR.
This command
topas -@ mywpar
also shows interesting output, as there are no disk stats to report.
So read the Redbook, load AIX 6 on a test box and see what else you can do with WPARs. Breathe new life into that old hardware. Yes, POWER6 and APV certainly have their place, but AIX 6.1 gives us new options in the way we manage our environments.