Post-Install Optimizations: Difference between revisions

From Try-AS/400
Jump to navigation Jump to search
(Undo revision 978 by PoC (talk) - Cleanup has it's use.)
Tag: Undo
(5 intermediate revisions by the same user not shown)
Line 17: Line 17:
* *NETSVR
* *NETSVR
* *SLP
* *SLP
=== Change uninstalled programs to not run ===
If you did not install the Ultimedia package, you can remove the pre started job from the QSYSWRK subsystem description to make it not generate an error message at IPL time.
RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC)
If you did not install the Directory Services package (aka LDAP), you can remove the auto started jobs from the QSYSWRK subsystem description to make them not generate an error message at IPL time.
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA)
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE)
Both is valid and tested for V4R5.


=== Cleanup unneeded stuff ===
=== Cleanup unneeded stuff ===
Line 60: Line 70:
  CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC)
  CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC)
  CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC)
  CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC)
* Maximize TCP buffers for maximum performance, especially on faster links.
CHGTCPA TCPRCVBUF(8388608) TCPSNDBUF(8388608)


=== Message-and-Logging ===
=== Message-and-Logging ===
Line 101: Line 113:
  CHGNETA    ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO)  ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE)
  CHGNETA    ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO)  ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE)


In addition, OS/400 has a default value of 65535 for <code>QCCSID</code>. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 237, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values.
In addition, OS/400 has a default value of 65535 for <code>QCCSID</code>. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 273, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values.


== IPL Customization ==
== IPL Customization ==
Line 124: Line 136:
  ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats')
  ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats')
  ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages')
  ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages')
== Additional Steps for at least V7R2 and probably newer ==
After trying to enter SST, one gets the message that the password has expired. But the password cannot be changed. Re-IPL in manual mode, or force DST display via control panel.
* Choose ''5. Work with DST environment'' and ''3. Service tools user IDs''.
** Disable the "backdoor" profile ''11111111'',
** ''Change password'' for ''QSECOFR'', ''Set password to expired'' to ''2=No''.
* Press F12 and choose ''5. Work with DST environment'' and ''6. Service tools security data''.
** Enter 0 into the field ''8. Password expiration interval in days'', 8 into the ''Selection'' field, and press return.
** Enter a high number (like 12) into the field ''9. Maximum sign-on attempts allowed'', 9 into the ''Selection'' field, and press return.
** Enter 0 into the field ''10. Duplicate password control'', 10 into the ''Selection'' field, and press return.
Now exit DST.
You may choose to enter SST, enter 7 for ''Work with system security'', and set ''Allow a service tools user ID with a default and expired password to change its own password'' to ''1=Yes''. Since we changed password expiry to ''never'', this step is entirely optional.


== See also ==
== See also ==

Revision as of 21:45, 26 November 2021

OS/400 provides a lot of default values for variables (affecting the run-time environment) and program options. Some of these make sense, some of them are kept consistent with earlier versions of the OS because of compatibility reasons by IBM.

Some of these recommendations might not be appropriate for you by various reasons. Don't apply blindly. Know what you do, use the online help to retrieve background information on the topic in question.

The findings below are based on V4R5 with annotated exceptions for newer releases.

Housekeeping

These are settings and scheduled jobs to keep your system uncluttered.

Change unneeded programs to not run

We most likely don't need to run lpd and smtpd to run per default. 

CHGLPDA    AUTOSTART(*NO)
CHGSMTPA   AUTOSTART(*NO)

You can easily check all settings at once by using STRDFU OPTION(5) on the file QUSRSYS/QATOCSTART. These are not needed in general. Depending on OS version, not all entries may be available.

  • *DIRSRV
  • *NETSVR
  • *SLP

Change uninstalled programs to not run

If you did not install the Ultimedia package, you can remove the pre started job from the QSYSWRK subsystem description to make it not generate an error message at IPL time. 

RMVPJE SBSD(QSYSWRK) PGM(QUMEDIA/QUMBPJTC)

If you did not install the Directory Services package (aka LDAP), you can remove the auto started jobs from the QSYSWRK subsystem description to make them not generate an error message at IPL time. 

RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBA)
RMVAJE SBSD(QSYSWRK) JOB(QGLDPUBE)

Both is valid and tested for V4R5.

Cleanup unneeded stuff

These objects come by default at OS install time, are not needed to my knowledge, and thus can be safely deleted: 

DLTOUTQ    OUTQ(QDKT)
DLTOUTQ    OUTQ(QPFROUTQ)
DLTOUTQ    OUTQ(QPRINTS)
DLTF       FILE(QPRINTS)
DLTOUTQ    OUTQ(QPRINT2)
DLTF       FILE(QPRINT2)
DLTOUTQ    OUTQ(QTPPPOUTQ)
DLTDEVD    DEVD(QESPAP)
DLTDEVD    DEVD(QIADSP)
DLTDEVD    DEVD(QIAPRT)
DLTDEVD    DEVD(QQAHOST)
DLTDEVD    DEVD(QTIDA)
DLTDEVD    DEVD(QTIDA2)
DLTCTLD    CTLD(QESCTL)
DLTCTLD    CTLD(QTICTL)
DLTLIND    LIND(QESLINE)
DLTLIND    LIND(QTILINE)

System Values

System values are like environment variables as known from common operating systems. They influence system operation. I recommend the following changes.

System Control

  • Change work environment to separate subsystems for different kind of jobs.
CHGSYSVAL  SYSVAL(QCTLSBSD) VALUE('QCTL QSYS')
  • Set automatic DST adjustment, and UTC offset. This value is valid for Central Europe (Berlin, Paris, …) and not available in V4R5.
CHGSYSVAL  SYSVAL(QTIMZON) VALUE('QP0100CET2')
  • Lessen time to automatically end disconnected interactive jobs (sessions).
CHGSYSVAL  SYSVAL(QDSCJOBITV) VALUE('60')

(Memory) Allocation

  • Adjust automatic performance values only at runtime, not at IPL.[1]
CHGSYSVAL  SYSVAL(QPFRADJ) VALUE('3')
  • Make sure, database tasks can use system resources as needed.
CHGSYSVAL  SYSVAL(QQRYDEGREE) VALUE(*OPTIMIZE)
  • Match jobs running in total with reservations at IPL time. See WRKACTJOB and set to slightly more than the Active Jobs value to be seen there.
CHGSYSVAL  SYSVAL(QTOTJOB) VALUE(80)
  • Allow memory pools to self adjust depending on jobs running. You can adjust the maximum active jobs per pool in the WRKSHRPOOL display.[2]
CHGSHRPOOL POOL(*BASE) PAGING(*CALC)
CHGSHRPOOL POOL(*INTERACT) PAGING(*CALC)
CHGSHRPOOL POOL(*SPOOL) PAGING(*CALC)
  • Maximize TCP buffers for maximum performance, especially on faster links.
CHGTCPA TCPRCVBUF(8388608) TCPSNDBUF(8388608)

Message-and-Logging

  • Allow immediate deletion of problem reports.
CHGSYSVAL  SYSVAL(QPRBHLDITV) VALUE(0)
  • Do not log software errors. We can't do much about these anyway, seen from a hobbyist viewpoint.
CHGSYSVAL  SYSVAL(QSFWERRLOG) VALUE(*NOLOG)
  • Maximize Central Syslog (viewable with DSPLOG size to lessen rotation frequency. Depending on OS version only VALUE(32767) may be valid.
CHGSYSVAL  SYSVAL(QHSTLOGSIZ) VALUE(*DAILY)
  • Raise allowed unsuccessful sign on tries before taking action.
CHGSYSVAL  SYSVAL(QMAXSIGN) VALUE('15')
  • Minimize logging for sessions disconnected beause of device errors.
CHGSYSVAL  SYSVAL(QDEVRCYACN) VALUE(*ENDJOBNOLIST)

Security System Values

  • Unrestrict automatic creation of system objects triggered by external (network) requests.
CHGSYSVAL  SYSVAL(QAUTOVRT) VALUE(*NOMAX)
  • Allow restore with all security relevant flags.
CHGSYSVAL  SYSVAL(QALWOBJRST) VALUE(*ALL)
  • For TCP connections to work, we need encrypted passwords.
CHGDDMTCPA PWDRQD(*ENCRYPTED)
  • Allow QSYSOPR signon to all devices.
CHGSYSVAL  SYSVAL(QLMTSECOFR) VALUE('0')
  • Raise maximum password length to maximum value.[3]
CHGSYSVAL  SYSVAL(QPWDMAXLEN) VALUE(10)
  • Raise minimum passsword length for security reasons.
CHGSYSVAL  SYSVAL(QPWDMINLEN) VALUE(8)

Misc

  • PTF install shall be done on unattended IPL time.
CHGSRVA PTFINSTYP(*DLYALL)
  • Provide European style formatting.
CHGSYSVAL  SYSVAL(QCURSYM) VALUE('€')
CHGSYSVAL  SYSVAL(QDECFMT) VALUE('J')
CHGSYSVAL  SYSVAL(QSRTSEQ) VALUE(*LANGIDUNQ)[4]
  • Allow background compiling in PDM as ordinary user, and submitting batch jobs in general.
GRTOBJAUT  OBJ(QGPL/QBATCH) OBJTYPE(*JOBD) USER(*PUBLIC) AUT(*USE)
  • Tweaking automatic cleanup (like logrotate).
CHGCLNUP   ALWCLNUP(*YES) STRTIME('02:22:22') USRMSG(7) SYSMSG(3) SYSPRT(7) SYSLOG(14) CALITM(*KEEP)
  • Change general SNA networking attributes. This is one long line. Take care to get it completely.
CHGNETA    ALRSTS(*ON) ALRLOGSTS(*LOCAL) ALRPRIFP(*NO)  ALRDFTFP(*NO) ALRBCKFP(*NONE) ALRRQSFP(*NONE) ALRCTLD(*NONE) ALRHLDCNT(0) ALRFTR(*NONE) JOBACN(*SEARCH) VRTAUTODEV(254) MDMCNTRYID(DE)

In addition, OS/400 has a default value of 65535 for QCCSID. It should be set to a value being dependent on the installed language, to enable automatic translation of data on disk to the display device, and back. For Germany, the correct value is 273, and for US, it's 37. A good hint is to check your 5250 emulator program for possible values.

IPL Customization

With this procedure, the current startup program for the OS can be retrieved for easy customization. 

RTVCLSRC   PGM(QSTRUP) SRCFILE(QCLSRC)
WRKMBRPDM  FILE(QCLSRC) MBR(QSTRUP) MBRTYPE(CLP)
CRTCLPGM   PGM(QSYS/QSTRUP)

Change Program Defaults

  • File creation and change defaults.
CHGCMDDFT  CMD(CRTPF) NEWDFT('SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)')
CHGCMDDFT  CMD(CHGPF) NEWDFT('DLTDEPLF(*YES) SIZE(*NOMAX *N *N) WAITFILE(*IMMED) WAITRCD(*IMMED) REUSEDLT(*YES)')
CHGCMDDFT  CMD(CRTLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)')
CHGCMDDFT  CMD(CHGLF) NEWDFT('WAITFILE(*IMMED) WAITRCD(*IMMED)')
  • No unnecessary wait for power down. CONFIRM(*NO) can be added for newer releases to suppress prompting.
CHGCMDDFT  CMD(PWRDWNSYS) NEWDFT('OPTION(*IMMED) ENDSBSOPT(*NOJOBLOG)')

Regular Cleanup jobs

See job comment TEXT for details. These are long lines. Take care to get it completely. 

ADDJOBSCDE JOB(PRGPRB) CMD(DLTPRB STATUS(*CLOSED)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('13:22:00') MSGQ(*LIBL/QSYSOPR) TEXT('Purge closed and deletable problem entries')
ADDJOBSCDE JOB(RCLTMPSTG) CMD(RCLTMPSTG DAYS(30)) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:24:00') MSGQ(*LIBL/QSYSOPR) TEXT('Reclaim temporary storage')
ADDJOBSCDE JOB(RTVDSKINF) CMD(RTVDSKINF) FRQ(*MONTHLY) SCDDATE(*MONTHSTR) SCDDAY(*NONE) SCDTIME('13:34:00') MSGQ(*LIBL/QSYSOPR) TEXT('Retrieve disk space stats')
ADDJOBSCDE JOB(QPGMRCLR) CMD(CLRMSGQ MSGQ(QPGMR) CLEAR(*KEEPUNANS)) FRQ(*WEEKLY) SCDDATE(*NONE) SCDDAY(*ALL) SCDTIME('07:07:07') RCYACN(*NOSBM) MSGQ(*NONE) TEXT('Delete uninteresting messages')

Additional Steps for at least V7R2 and probably newer

After trying to enter SST, one gets the message that the password has expired. But the password cannot be changed. Re-IPL in manual mode, or force DST display via control panel.

  • Choose 5. Work with DST environment and 3. Service tools user IDs.
    • Disable the "backdoor" profile 11111111,
    • Change password for QSECOFR, Set password to expired to 2=No.
  • Press F12 and choose 5. Work with DST environment and 6. Service tools security data.
    • Enter 0 into the field 8. Password expiration interval in days, 8 into the Selection field, and press return.
    • Enter a high number (like 12) into the field 9. Maximum sign-on attempts allowed, 9 into the Selection field, and press return.
    • Enter 0 into the field 10. Duplicate password control, 10 into the Selection field, and press return.

Now exit DST.

You may choose to enter SST, enter 7 for Work with system security, and set Allow a service tools user ID with a default and expired password to change its own password to 1=Yes. Since we changed password expiry to never, this step is entirely optional.

See also

Footnotes

  1. If you change the mount of memory for the machine, could be wise to adjust the value to '1', make the memory change and then change the value back to '3'.
  2. Press F21 to switch to view 2 or 3 to have adjustment possibilities.
  3. In newer OS versions, an additional variable QPWDLVL allows even longer passwords.
  4. This value isn't available with V4R5. You can use *LANGIDSHR there.
Retrieved from "http://try-as400.pocnet.net/index.php?title=Post-Install_Optimizations&oldid=995"