cfgassist command
Purpose
Manages the Virtual I/O Server.
- Set date and time zone
- Change passwords
- Set system security
- Virtual I/O Server TCP/IP configuration
- Install and update software
- Storage management
- Devices
- Performance
- Role-based access control
- Shared storage pools
- Electronic Service Agent™
Syntax
cfgassist
Description
- Set date and time zone
- Set the date and time zone of the Virtual I/O Server.
- Change passwords
- Change the passwords for the users of the Virtual I/O Server.
- Set system security
- Set or unset the security settings by enforcing security rules and configuring firewall settings on the Virtual I/O Server.
- Virtual I/O Server TCP/IP configuration
- Set the TCP/IP configuration parameters that the Virtual I/O Server requires. The parameters include the host name, the IP address, the interface on which the IP is to be configured, the subnet mask, the gateway, the name server address, and the domain name.
- Install and update software
- Use to install and update software on the Virtual I/O Server.
- Storage Management
- Manage the storage on the Virtual I/O Server. Management operations include creation, deletion, or modification to the following storage devices: volume groups, logical volumes, physical volumes, storage pools, and virtual media repositories.
- Devices
- Manage the devices on the Virtual I/O Server, including virtual devices. Management operations include configuring or unconfiguring devices, changing characteristics of devices, removing devices, and configuring shared Ethernet adapters, link aggregation, and virtual local area network (VLAN).
- Performance
- Manage the performance tools on the Virtual I/O Server by using
the following topas functions:
- Topas recordings:
The Virtual I/O Server supports local, central electronics process (CEC), and cluster recording capabilities. These recordings can be either persistent or normal. Persistent recordings are recordings that run on the Virtual I/O Server and continue to run after the Virtual I/O Server reboots. Normal recordings are recordings that run for a specified time interval. The recording data files that are generated are stored in /home/ios/perf/topas. Local recordings gather data about the Virtual I/O Server, whereas CEC recordings gather data about any AIX® logical partitions that are running on the same CEC as the Virtual I/O Server. The data collected consists of dedicated and shared logical partition data, as well as a set of aggregated values that provide an overview of the partition set. Cluster recordings gather data from a list of hosts that are specified in a cluster configuration file. This list is considered a single cluster. The cluster configuration file is populated with host names and IP addresses by using the xmtopas configuration option for the cfgassist command. These hosts can belong to various CECs that are not on the same CEC as the Virtual I/O Server, although the xmtopas option, which is responsible for gathering data outside of the Virtual I/O Server, must be enabled to start the CEC and cluster recordings. The recording format can be specified by the user as either binary or nmon.
Persistent recordings are started by the cfgassist command with the option to specify the cut and retention of the recording. The user can specify the number of days of recording to be stored per recording file (cut) and the number of days of recording to be retained (retention) before the recording can be deleted. Not more than one instance of persistent recording of the same type (CEC or local recording) can be run in a system. When a persistent recording is started, the recording command is called with user-specified options. The same set of command-line options used by this persistent recording is added to inittab entries. This ensures that the recording is started automatically on reboot or restart of the system.
If a system is already running a persistent local recording (binary or nmon recording format), a user might want to start a new persistent recording of a local binary recording. To start a new persistent recording, the existing persistent recording must first be stopped by using the stop persistent recording option available under the stop recording option. Then a new persistent local recording has to be started from the start persistent local recording option. Starting a persistent recording fails if a persistent recording of the same recording format is already running in the system. Recordings are deleted after the specified retention period. By default, local persistent recordings run on the Virtual I/O Server.
- Performance Manager
This function configures the Performance Manager (perfmgr) agent to gather data about performance of the Virtual I/O Server to analyze the data. The generated recordings are picked up by the Electronic Service Agent (ESA) agent, which sends the data to IBM support for analysis.
After the agent is started, it runs various scripts internally to collect various data and generates a single data file named stats.send. All the individual data files and the stats.send file are stored in /var/perf/pm/daily/<hostname>/. Normally, the stats.send file is generated every midnight from the list of individual data files, which are generated by internally called scripts. A user can generate the stats.send file on demand by running the Retransmit Recorded Data menu.
- Topas recordings:
- Role-based access control
- Role-based access control (RBAC) concepts are a part of the core
set of security functions. RBAC provides a mechanism in the VIOS system
through which the padmin -specific system functions can also
be managed through users by using the roles assigned to them. RBAC
addresses two aspects of system management: convenience and flexibility
through the split of system management functions as roles. RBAC permits
the system administrator to define roles based on the job functions
within an organization. The administrator assigns authorizations to
these roles, which might require detailed operations to manage resources.
Users are granted membership in the roles (defining the authority
and responsibility for the user) based on their job requirements.
In other words, a role confers to a set of permissions or authorizations
to the assigned user. Also implementation could allow for hierarchies
of roles. RBAC simplifies the system administration due to the following
reasons:
- RBAC permits you to implement and enforce companywide security policies consistently with regard to system management and access control.
- It is expected that a role or job function definition within an organization remains the same as compared to resources and users. Hence, a change in the role definition is not required.
- By breaking down system functions into smaller units, RBAC permits you to protect the system to a greater extent. The isolation enforced around smaller units of administration confines the attackers to the smallest unit of power in the system.
- RBAC reduces the likelihood of making mistakes of commission and omission in granting privileges to users.
- RBAC permits you to enforce the traditional least privilege model of security.
- Electronic Service Agent
- Electronic Service Agent automatically monitors and collects hardware problem information and sends this information to IBM® support. It also can collect hardware, software, system configuration, and performance management information which can help IBM support assist in diagnosing problems.
- Shared storage pools
- Shared storage pools manage the cluster
and VIOS nodes, storage pool, and logical units. The following are
the submenu options of shared storage pools:
- Manage cluster and VIOS node
- Manage storage pools in cluster
- Manage logical units in storage pool
- Manage cluster and VIOS node
- Using this menu option, the user can create or delete a cluster, list existing clusters, add or delete VIOS nodes from a cluster, and list nodes in a cluster.
- Manage storage pools in cluster
- Using this menu option, the user can list storage pools in a cluster, list, change, or show physical volumes in a storage pool, and set or modify storage pool threshold alert.
- Manage logical units in storage pool
- Using this menu option, the user can create and map logical units, unmap logical units, delete logical units, list logical units, list logical unit maps, create logical unit snapshots, list logical unit snapshots, roll back to snapshot, and delete snapshots.
Security
The cfgassist command is a privileged command. To run the command successfully, assume a role that has the authorization, vios.security.cfgassist.
Exit Status
Examples
cfgassist