Bingo! No NPIV so our only hope is fixing the clone with it mounted to
gold server or in recovery mode, but if "It's all tooling, no direct
editing of any config files with SLES." then how do we fix this?
On 9/8/2017 9:05 AM, Scott Rohling wrote:
That depends on whether NPIV is enabled ... otherwise this guest could
have the same access as the one it was cloned from..
Scott Rohling
On Fri, Sep 8, 2017 at 6:41 AM, Steffen Maier <ma...@linux.vnet.ibm.com>
wrote:
Volume access control (LUN masking / host mapping) should prevent access
to a golden volume. You'd still need to customize disk clones to make them
work but it should at least break early during boot and not accecss the
golden image (especially not writable and thus potentially destroying its
golden property).
On 09/07/2017 09:19 PM, Greg Preddy wrote:
I think that is it, we have no clue where SLES12 puts the info about LUNS
so don't know what to change where.
Here's the official top-level documentation for zfcp configuration:
https://www.ibm.com/support/knowledgecenter/linuxonibm/com.
ibm.linux.z.lhdd/lhdd_t_fcp_wrk_on.html
https://www.ibm.com/support/knowledgecenter/linuxonibm/com.
ibm.linux.z.lhdd/lhdd_t_fcp_wrk_addu.html
It's all tooling, no direct editing of any config files with SLES.
On overview of the same, although not yet full updated for SLES12, is in
(slides 33,35 for SLES):
http://www-05.ibm.com/de/events/linux-on-z/pdf/day2/4_Steffe
n_Maier_zfcp-best-practices-2015.pdf
But there's much more to customize in a golden disk image on the first use
of a disk clone...
Found some steps for cloning SLES11 that would most likely work if we were
SLES11.
http://www.redbooks.ibm.com/abstracts/sg248890.html?Open
"The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux
Enterprise Server 12"
However, the authors moved focus from golden disk image cloning towards
different disk content provisioning techniques for technical reasons:
"Chapter 7. Configuring Linux for cloning
Linux operating systems over time tend to have more and more unique
identifiers, such as, with the introduction of systemd, a new machine ID
has been added. All of these identifiers must be re-created on the cloned
system. However, the process to know all these identifiers
and to re-create them requires in-depth knowledge of the golden image.
Failure to update all of these identifiers could cause unforeseen trouble
later, including the possibilities of data corruption or security issues.
If you are unsure of all of the unique identifiers for your golden image,
and you prefer not to follow the cloning process, refer to the automated
installation procedures for KIWI imaging instead. Find information about
these in the following chapters"
The older book version for SLES11 might contain more information on
cloning, but that's of course not necessarily fully applicable to SLES12.
http://www.redbooks.ibm.com/abstracts/tips1060.html?Open
NB: The book's own tooling/scripting contains the image clone
customization details.
On 9/7/2017 10:34 AM, Karl Kingston wrote:
Check your FCP definitions on linux. You may find they are still
referencing your gold
system.
On Thu, 2017-09-07 at 11:31 -0400, Grzegorz Powiedziuk wrote:
Hi
What do you mean it still mounts a gold LUN? You boot from from a NEW
Lun
but root filesystem ends up beeing mounted from GOLD Lun?
First of I all I would make sure that GOLD lun after clonning is not
accesible in virtual machine anymore. Just to make it simple.
I can't remember how it is done in SLES but in RHEL there is a bunch of
stuff that refers to a specific LUN with a specific scsi_id
For example multipath (/etc/multipath.conf) configuration. In there you
usually you bond scsi_id (wwid) of Lun with friendly name (mpathX for
example).
That multipath configuration is also saved in initrd. So if you boot
from
clone, it will end up mounting wrong volume.
Are you using LVM?
2017-09-07 9:08 GMT-04:00 Greg Preddy <gpre...@cox.net>:
All,
We're doing SLES 12 on 100% LUN, with gold copy on a single 60GB LUN.
This is a new cloning approach for us so we're not sure how to make
this
work. Our Linux SA got the storage admin to replicate the LUN, but
when
we change the server to boot the copy, it still mounts the gold LUN.
99% sure we got the LOADDEV parms right. Does anyone have steps to
clone a LUN-only SLES 12 system?
--
Mit freundlichen Grüßen / Kind regards
Steffen Maier
Linux on z Systems Development
IBM Deutschland Research & Development GmbH
Vorsitzende des Aufsichtsrats: Martina Koederitz
Geschaeftsfuehrung: Dirk Wittkopp
Sitz der Gesellschaft: Boeblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
