WPAR in AIX

Introduction
WPARs are a bold new innovation, implemented within AIX 6.1. It allows administrators to virtualize their operating system, which allows for fewer operating system images on your IBM System p partitioned server. Prior to WPARs, you would need to create a new Logical Partition (LPAR) for each new "isolated" environment. This is no longer necessary (with AIX 6.1 only), as there are many circumstances when one can get along fine with multiple WPARs within one LPAR. Why is this important? Every LPAR requires its own operating system image and a certain number of physical resources. While you can virtualize many of these resources, there are still some physical resources that must be allocated to the system. Furthermore, you need to install patches and technology upgrades to each LPAR. Each LPAR requires its own archiving strategy and DR strategy. It also takes some time to create an LPAR; you also need to do this outside of AIX, through a Hardware Management Console (HMC) or the Integrated Virtualization Manager (IVM). WPARs are much simpler to manage and can actually be created from the AIX command line or through SMIT. LPARs cannot. By far the biggest disadvantage of LPARs is maintaining multiple images, which goes along with possibly over-committing expensive hardware resources, such as CPU and RAM. In other words, while partitioning helps you consolidate and virtualize hardware within a single box, operating system virtualization through WPAR technology goes one step further and allows for an even more granular approach of resource management. It does this by sharing OS images and is clearly the most efficient use of CPU, RAM, and I/O resources. Rather than a replacement for LPARs, WPARs are a complement to them and allow one to further virtualize application workloads through operating system virtualization. WPARs allow for new applications to be deployed much more quickly, which is an important side-benefit. On the other side of the coin, it's important to understands the limitations of WPARs. For example, each LPAR is a single point of failure for all WPARs that are created within the LPAR. In the event of an LPAR problem (or a scheduled system outage, for that matter), all underlying WPARs will also be affected.

WPARs: How and when to use them

This section further defines the different types of workload partitions and discusses scenarios where WPARs should be used. As discussed earlier, Workload Partitions (WPARs) are virtualized operating system environments that are created within a single AIX (only supported on AIX 6.1) image. While they may be self-contained in the sense that each WPAR has its own private execution environment with its own filesystems and network addresses, they still run inside the global environment. The global environment -- the actual LPAR -- owns all the physical resources of the logical partition. It is important to also note that the global environment can see all the processes running inside the specific WPARs. There are two types of WPARs: system workload partitions and application workload partitions. The system WPAR is much closer to a complete version of AIX. The system WPAR has its own dedicated, completely writable filesystems along with its own inetd and cron. Application WPARs are real, lightweight versions of virtualized OS environments. They are extremely limited and can only run application processes, not system daemons such as inetd or cron. One cannot even define remote access to this environment. These are only temporarily objects; they actually disintegrate when the final process of the application partition ends, and as such, are more geared to execute processes than entire applications. Overall, WPARs have no real dependency on hardware and can even be used on POWER4 systems that do not support IBM's PowerVM (formerly known as APV). For AIX administrators, the huge advantage of WPARs is the flexibility of creating new environments without having to create and manage new AIX partitions. Let's look at some scenarios that call for the use of WPARs.

Application/workload isolation
WPARs are tailor-made for working with test and/or QA and development environments. Most larger organizations have at least three environments for their applications. These include development, test, and production. Some environments have as many as five, including demo/training and stress/integration environments. Let's use an example of a common three-tier application environment: Web, application server, and database server. In the land of the LPARs, in an environment where one has five isolated environments, you would need to create 15 LPARs. This is where the WPAR has the most value. In this environment, we would need to create just five LPARs. How is that? In Table 1, we have five different environments, consisting of a Web server, an application server, and a database server. If we wanted to isolate our environments, the only way to do this would be through logical partitioning. That would involve architecting 15 logical partitions. Of course, we could run some of our Web, application, and database on one LPAR, but if we did that, how would we be able to really mimic our production environments (which would run

on separate partitions)? In today's world of 99.9% availability, it is extremely common to give each application environment its own home. With WPARs, we can now do that, without having separate AIX images.

How to create a WPAR step-by-step

ch lpar in the managed system may have a different operating systems. Each workload partition runs only AIX. Lpar owns everything it uses, wpar shares lpar resources (memory, cpu, adapters). Usage of lpar resources (the amount of their processing power so to speak) by wpar can be defined, limited not to exceed certain amount if needed. Why I got interested in workload partitions (wpar)? I had to install application on AIX6.1. There is also a frequent but not continuous requirement of testing patches and new releases of this application not a constant need. As the time flows the operating system will evolve as well patches, fixes, MLs . The test environment must have identical OS as the production environment are you beginning to see my point? Lets create one private workload partition which I will call wpar (today, for a change I have no imagination). Why private? Because it will have its own (private) /usr. mkwpar -g wpar_vg -h wpar -l -n wpar -N interface=en0 address=159.14.245.85 nemtask=255.255.255.0 -P -r -s -o /root/wpar.config -g wpar_vg -> will create all file systems owned by wpar using the capacity of the indicated volume group -h wpar -> specifies the host name assigned to this wpar -l -> create private and writable /opt and /usr -n wpar -> workload partition name (wpar) -N -> Network info follows -P -> set the root password interactively -r -> duplicate network name resolution services (/etc/resolv.conf and so forth) -s -> start the wpar after creation -o /root/wpar.config -> create wpar.config file that can be used to re-create the wpar what we get as soon as we execute this command is: ......... rsct.core.fsrm 2.5.4.0 ROOT APPLY SUCCESS rsct.core.hostrm 2.5.4.0 ROOT APPLY SUCCESS rsct.core.lprm 2.5.4.0 ROOT APPLY SUCCESS rsct.core.microsensor 2.5.4.0 ROOT APPLY SUCCESS syncroot: Error synchronizing installp software. syncroot: Returns Status = FAILURE Copying network name resolution configuration... /etc/resolv.conf /etc/hosts /etc/netsvc.conf Changing password for root@wpar root@wpar's New password: Re-enter root@wpar's new password: mkwpar: 0960-192 They do not match, try again. root@wpar's New password: Re-enter root@wpar's new password: Workload partition wpar created successfully. Starting workload partition wpar. Mounting all workload partition file systems. Loading workload partition. Exporting workload partition devices. Starting workload partition subsystem cor_wpar. 0513-059 The cor_wpar Subsystem has been started. Subsystem PID is 323596. Verifying workload partition startup. entaimq1:MDC:/root>

entaimq1:MDC:/root>lsvg rootvg wpar_vg entaimq1:MDC:/root>lsvg -l wpar_vg wpar_vg: LV NAME TYPE LPs PPs PVs LV STATE MOUNT POINT fslv00 jfs2 3 3 1 open/syncd /wpars/wpar fslv01 jfs2 1 1 1 open/syncd /wpars/wpar/home fslv02 jfs2 16 16 1 open/syncd /wpars/wpar/opt fslv03 jfs2 3 3 1 open/syncd /wpars/wpar/tmp fslv04 jfs2 64 64 1 open/syncd /wpars/wpar/usr fslv05 jfs2 4 4 1 open/syncd /wpars/wpar/var As you can see this wpar has its own copy of the operating system created in the specified vg wpar_vg. Now, lets create some file systems in another (dedicated to it) volume group which (the file systems) we will assign to our wpar. entaimq1:MDC:/root>lsvg rootvg wpar_vg informatica_vg Lets make the logical volumes first: entaimq1:MDC:/root> mklv -t jfs2 -y inform1_lv informatica_vg 10 mklv -t jfs2 -y inform2_lv informatica_vg 10 mklv -t jfs2 -y inform3_lv informatica_vg 10 Now, lets make file system on the top of each logical volume:/lang_en] crfs -v jfs2 -d inform1_lv -m /wpars/wpar/inform1 -A yes -a log=INLINE crfs -v jfs2 -d inform2_lv -m /wpars/wpar/inform2 -A yes -a log=INLINE crfs -v jfs2 -d inform3_lv -m /wpars/wpar/inform3 -A yes -a log=INLINE Its too late but I forgot to include the mount type above so now, I have to execute the chfsagainst each file system. entaimq1:MDC:/root>chfs -u wpar /wpars/wpar/inform1 and ..../inform2 and ..../inform3 Now, inside the lpar that owns the wpar execute the mount all and lets go and see thewpar. To login from the lpar directly into its wpar, execute: entaimq1:MDC:/root>clogin wpar -l root Once inside, lets do some poking aroung. # df -g Filesystem GB blocks Free %Used Iused %Iused Mounted on Global 0.09 0.07 29% 1880 11% / Global 0.03 0.03 3% 7 1% /home Global 0.50 0.29 43% 8787 12% /opt Global - - - - - /proc Global 0.09 0.09 2% 13 1% /tmp Global 2.00 0.15 93% 39515 51% /usr Global 0.12 0.06 52% 4405 24% /var Global 1.25 1.24 1% 4 1% /inform1 Global 1.25 1.24 1% 4 1% /inform2 Global 1.25 1.24 1% 4 1% /inform3 # Now, lets increase the size of one the last three file systems made.

# chfs -a size=2G /inform1 chfs: 0506-915 No record matching /inform1 was found in /etc/filesystems. Guess, what? There are no stanzas for these file systems in the wpar own/etc/filesystems. Lets do the increase operation on the owner side (inside the lpar). So, execute exit to logout from the wpar, and then lets grow the file systems as required. entaimq1:MDC:/root>chfs -a size=2G /wpars/wpar/inform1 Filesystem size changed to 4194304 entaimq1:MDC:/root>chfs -a size=3G /wpars/wpar/inform2 Filesystem size changed to 6291456 Inlinelog size changed to 12 MB. entaimq1:MDC:/root>chfs -a size=4G /wpars/wpar/inform3 Filesystem size changed to 8388608 Inlinelog size changed to 16 MB. Going back into the wpar and what do you see? # df -g Filesystem GB blocks Free %Used Iused %Iused Mounted on Global 0.09 0.07 29% 1880 11% / Global 0.03 0.03 3% 7 1% /home Global 0.50 0.29 43% 8787 12% /opt Global - - - - - /proc Global 0.09 0.09 2% 13 1% /tmp Global 2.00 0.15 93% 39515 51% /usr Global 0.12 0.06 52% 4405 24% /var Global 2.00 1.99 1% 4 1% /inform1 Global 3.00 2.99 1% 4 1% /inform2 Global 4.00 3.98 1% 4 1% /inform3 Who owns these file systems? # ls -ld /inform2 drwxr-xr-x 3 root system 256 Jun 08 13:20 /inform2 Lets change it and assign it to a user and a group I have created earlier inside this wpar. # chown infouser.info /inform1 # chown infouser.info /inform2 # chown infouser.info /inform3 Who owns these file systems now?[lan_pl]Kto obecnie posiada te pliki? # ls -ld /inform1 drwxr-xr-x 3 infouser info 256 Jun 08 13:20 /inform1 # ls -ld /inform2 drwxr-xr-x 3 infouser info 256 Jun 08 13:20 /inform2 # ls -ld /inform3 drwxr-xr-x 3 infouser info 256 Jun 08 13:20 /inform3 # In another putty session I tried to login to this wpar (using its IP address), and I failed. I could login only after I got back into the wpar via the clogin than I executed the passwd command and I set the root password in the wpar. I tried again to login via wpar IP address and this time it worked. Could it be that while executing mkwpar its-P options failed? Maybe, who knows now, I do not have time to to worry about it. I have to load a software that arrived on a CD media. How to use a CD to load a software into a wpar? I try to mount CD drive into a file system accessible to my wpar, but the operation fails. entaimq1:MDC:/>mount -v cdrfs -o ro /dev/cd0 /wpars/wpar/cd0 mount: 0506-324 Cannot mount /dev/cd0 on /wpars/wpar/cd0: A file or directory in the path name does not exist.

You have mail in /usr/spool/mail/root entaimq1:MDC:/> It could be that I did not assign the adapter and CD to the partition (lpar) controlling my wpar Lets do it (HMC). Guess what? After I executed cfgmgr the CD showed up and I could mount it. entaimq1:MDC:/>lsdev | grep -i cd cd0 Available 02-08-00 SATA DVD-ROM Drive entaimq1:MDC:/> entaimq1:MDC:/>mount -v cdrfs -o ro /dev/cd0 /wpars/wpar/cd0 Study the previous line to understand how mounting from an lpar and into one of its wpars. Do I have access to CD from my wpar? # df Filesystem 512-blocks Free %Used Iused %Iused Mounted on Global 196608 140480 29% 1882 11% / Global 65536 63768 3% 7 1% /home Global 1048576 605768 43% 8787 12% /opt Global - - - - - /proc Global 196608 193016 2% 13 1% /tmp Global 4194304 318032 93% 39515 51% /usr Global 262144 126944 52% 4405 24% /var Global 4194304 4176624 1% 4 1% /inform1 Global 6291456 6265264 1% 4 1% /inform2 Global 8388608 8353904 1% 4 1% /inform3 Global 3759968 0 100% 939992 100% /cd0 # Yes, indeed. I got it, I see it. Can I have a peak at it content too? # cd /cd0 # ls .Version README.expansion.html usr GSKit.README installp README.expansion ismp # Well, well, well. Now I can proceed with software installations this CD contains the Expansion Pack for AIX. This is not the right CD! Back to reality. I have made a dynamic change to my lpar configuration I added the adapter controlling the CD. Few of you may yet not know (I belonged to this category too) but in case of an lpar anything called dynamic is nothing short of dynamic in absence of any further steps the dynamic changes will disappear the next time the lpar will be rebooted. So the question is this how to make the dynamic change a permanent one? What I did? On HMC, I go toConfiguration -> Save Current Configuration. This operation creates a new profile. Remember to make it the Default profile so if lpar reboots it will boot with this one and not the previous profile. [lang-en]Lets stop the wpar. entaimq1:MDC:/>lswpar Name State Type Hostname Directory RootVG WPAR -----------------------------------------------------wpar A S wpar /wpars/wpar no entaimq1:MDC:/>stopwpar -v wpar Stopping workload partition wpar. Stopping workload partition subsystem cor_wpar. 0513-044 The cor_wpar Subsystem was requested to stop. stopwpar: 0960-261 Waiting up to 600 seconds for workload partition to halt. Shutting down all workload partition processes. WPAR='wpar' CID=1

ID=2097153 KEY=0x4107001c UID=0 GID=9 RT=-1 ID=4194314 KEY=0x0100b0c4 UID=0 GID=0 RT=-1 ID=4194316 KEY=0xffffffff UID=0 GID=0 RT=-1 ID=4194319 KEY=0x010283b4 UID=0 GID=0 RT=-1 ID=2097168 KEY=0xffffffff UID=0 GID=0 RT=-1 wio0 Defined Unmounting all workload partition file systems. Umounting /wpars/wpar/cd0. Umounting /wpars/wpar/inform3. Umounting /wpars/wpar/inform2. Umounting /wpars/wpar/inform1. Umounting /wpars/wpar/var. Umounting /wpars/wpar/usr. Umounting /wpars/wpar/tmp. Umounting /wpars/wpar/proc. Umounting /wpars/wpar/opt. Umounting /wpars/wpar/home. Umounting /wpars/wpar. Return Status = SUCCESS. entaimq1:MDC:/> Have you noticed that I stopped the wpar from its lpar? entaimq1:MDC:/>lswpar Name State Type Hostname Directory RootVG WPAR -----------------------------------------------------wpar D S wpar /wpars/wpar no entaimq1:MDC:/> And now, let start it up. entaimq1:MDC:/>startwpar -v wpar Starting workload partition wpar. Mounting all workload partition file systems. Mounting /wpars/wpar Mounting /wpars/wpar/home Mounting /wpars/wpar/inform1 Mounting /wpars/wpar/inform2 Mounting /wpars/wpar/inform3 Mounting /wpars/wpar/opt Mounting /wpars/wpar/proc Mounting /wpars/wpar/tmp Mounting /wpars/wpar/usr Mounting /wpars/wpar/var Loading workload partition. Exporting workload partition devices. Starting workload partition subsystem cor_wpar. 0513-059 The cor_wpar Subsystem has been started. Subsystem PID is 585748. Verifying workload partition startup. Return Status = SUCCESS. entaimq1:MDC:/> Since I did not put the appropriate stanza in the /etc/filesystems no CD got mounted, has to go to the lpar to do this again: entaimq1:MDC:/>mount -v cdrfs -o ro /dev/cd0 /wpars/wpar/cd0 What happens when I try to unmount cd0 being inside wpar? # umount /cd0 umount: 0506-349 Cannot unmount Global: A system call received a parameter that is not valid. #

This can be done from the owning lpar. entaimq1:MDC:/>umount /wpars/wpar/cd0 Since nobody know where is the install CD, I have to kill the time in some other way. With the help from ftp,I install the VNC software, and after login as me (duszyk) not root, I try to start it executing: $ vncserver You will require a password to access your desktops. Password: Verify: $ vncserver 1356-364 xauth: creating new authority file /home/duszyk/.Xauthority New 'X' desktop is wpar:1 Creating default startup script /home/duszyk/.vnc/xstartup Starting applications specified in /home/duszyk/.vnc/xstartup Log file is /home/duszyk/.vnc/wpar:1.log $ It does not work . VNC would not start until I made some changes to the/usr/bin/X11/vncserver. I followed the advice included in this link: http://www.ee.pw.edu.pl/~pileckip/aix/vnc_setup.htm I tried Doug Ranz method. Following the changes, I was able to start the vncserver and connect to this machine from my laptop as this images shows:

How to get rid of a wpar? Easy, you can do it like that: entaimq1:MDC:/root>rmwpar -Fsv wpar Well, now I have been told that this wpar host name and its IP address has to change because of some requirement. The new hostname will be a very descriptive one indeed: infaprtu001, and its IP address will be 159.14.245.56. To execute the change I will add the appropriate entry to lpar /etc/hosts and execute: chwpar -h infaprtu001 -N address=159.14.245.56 wpar entaimq1:MDC:/root>lswpar Name State Type Hostname Directory RootVG WPAR --------------------------------------------------------wpar A S infaprtu001 /wpars/wpar no entaimq1:MDC:/root> I use the new address to login (with putty) into the wpar and what do I see here?

$ ifconfig -a en0: flags=1e080863,c0 inet 159.14.245.85 netmask 0xffffff00 broadcast 159.14.245.255 inet 159.14.245.56 netmask 0xffffff00 broadcast 159.14.245.255 tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0 lo0: flags=e08084b inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255 inet6 ::1/0 tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1 $ uname -a AIX wpar 1 6 00CD68344C00 $ hostname infaprtu001