That depends on whether NPIV is enabled ... otherwise this guest could have the same access as the one it was cloned from..
Scott Rohling On Fri, Sep 8, 2017 at 6:41 AM, Steffen Maier <ma...@linux.vnet.ibm.com> wrote: > Volume access control (LUN masking / host mapping) should prevent access > to a golden volume. You'd still need to customize disk clones to make them > work but it should at least break early during boot and not accecss the > golden image (especially not writable and thus potentially destroying its > golden property). > > > On 09/07/2017 09:19 PM, Greg Preddy wrote: > >> I think that is it, we have no clue where SLES12 puts the info about LUNS >> so don't know what to change where. >> > > Here's the official top-level documentation for zfcp configuration: > https://www.ibm.com/support/knowledgecenter/linuxonibm/com. > ibm.linux.z.lhdd/lhdd_t_fcp_wrk_on.html > https://www.ibm.com/support/knowledgecenter/linuxonibm/com. > ibm.linux.z.lhdd/lhdd_t_fcp_wrk_addu.html > > It's all tooling, no direct editing of any config files with SLES. > > On overview of the same, although not yet full updated for SLES12, is in > (slides 33,35 for SLES): > http://www-05.ibm.com/de/events/linux-on-z/pdf/day2/4_Steffe > n_Maier_zfcp-best-practices-2015.pdf > > But there's much more to customize in a golden disk image on the first use > of a disk clone... > > Found some steps for cloning SLES11 that would most likely work if we were >> SLES11. >> > > http://www.redbooks.ibm.com/abstracts/sg248890.html?Open > "The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux > Enterprise Server 12" > > However, the authors moved focus from golden disk image cloning towards > different disk content provisioning techniques for technical reasons: > "Chapter 7. Configuring Linux for cloning > Linux operating systems over time tend to have more and more unique > identifiers, such as, with the introduction of systemd, a new machine ID > has been added. All of these identifiers must be re-created on the cloned > system. However, the process to know all these identifiers > and to re-create them requires in-depth knowledge of the golden image. > Failure to update all of these identifiers could cause unforeseen trouble > later, including the possibilities of data corruption or security issues. > If you are unsure of all of the unique identifiers for your golden image, > and you prefer not to follow the cloning process, refer to the automated > installation procedures for KIWI imaging instead. Find information about > these in the following chapters" > > The older book version for SLES11 might contain more information on > cloning, but that's of course not necessarily fully applicable to SLES12. > http://www.redbooks.ibm.com/abstracts/tips1060.html?Open > > NB: The book's own tooling/scripting contains the image clone > customization details. > > On 9/7/2017 10:34 AM, Karl Kingston wrote: >> >>> Check your FCP definitions on linux. You may find they are still >>> referencing your gold >>> system. >>> >>> On Thu, 2017-09-07 at 11:31 -0400, Grzegorz Powiedziuk wrote: >>> >>>> Hi >>>> What do you mean it still mounts a gold LUN? You boot from from a NEW >>>> Lun >>>> but root filesystem ends up beeing mounted from GOLD Lun? >>>> First of I all I would make sure that GOLD lun after clonning is not >>>> accesible in virtual machine anymore. Just to make it simple. >>>> >>>> I can't remember how it is done in SLES but in RHEL there is a bunch of >>>> stuff that refers to a specific LUN with a specific scsi_id >>>> >>>> For example multipath (/etc/multipath.conf) configuration. In there you >>>> usually you bond scsi_id (wwid) of Lun with friendly name (mpathX for >>>> example). >>>> That multipath configuration is also saved in initrd. So if you boot >>>> from >>>> clone, it will end up mounting wrong volume. >>>> >>>> Are you using LVM? >>>> >>> > >>>> 2017-09-07 9:08 GMT-04:00 Greg Preddy <gpre...@cox.net>: >>>> >>>>> All, >>>>> >>>>> We're doing SLES 12 on 100% LUN, with gold copy on a single 60GB LUN. >>>>> This is a new cloning approach for us so we're not sure how to make >>>>> this >>>>> work. Our Linux SA got the storage admin to replicate the LUN, but >>>>> when >>>>> we change the server to boot the copy, it still mounts the gold LUN. >>>>> 99% sure we got the LOADDEV parms right. Does anyone have steps to >>>>> clone a LUN-only SLES 12 system? >>>>> >>>> > -- > Mit freundlichen Grüßen / Kind regards > Steffen Maier > > Linux on z Systems Development > > IBM Deutschland Research & Development GmbH > Vorsitzende des Aufsichtsrats: Martina Koederitz > Geschaeftsfuehrung: Dirk Wittkopp > Sitz der Gesellschaft: Boeblingen > Registergericht: Amtsgericht Stuttgart, HRB 243294 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
