Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
I so much agree with you on this! Real logic does not apply, it's called government. James Chaplin, ITIL® v3 Foundation Systems Programmer, MVS, zVM & zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Philipp Kern Sent: Wednesday, September 09, 2015 3:56 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Symantec Endpoint Protection (SEP) for installation on zLinux? On 2015-09-08 19:03, CHAPLIN, JAMES (CTR) wrote: > Here the sad ending to this problem, our management has decided that > since Symantec or anyone else actively supports an AV Agent for Linux > on the z Platform (s390x), they are moving all Linux based application > off the mainframe to distributive servers by the end of October... Any > good job openings out there ;-(, I am hitting the pavement, future > here not good. The irony is that - given your email domain - you are working for the government and any threat to the service is very likely not to be discovered by AV anyway. Moving back to x86 will increase the attack surface because standard exploit code is working on the target platform and doesn't need to be rewritten/retargeted for the System z CPU architecture. Plus it's incredibly unlikely that they would have a signature for exploits on System z. (Apart from the fact that they likely have very few signatures for Linux anyway.) Yes, they say it's behavioral. I have yet to see a solution there that works. Kind regards Philipp Kern -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
Here the sad ending to this problem, our management has decided that since Symantec or anyone else actively supports an AV Agent for Linux on the z Platform (s390x), they are moving all Linux based application off the mainframe to distributive servers by the end of October... Any good job openings out there ;-(, I am hitting the pavement, future here not good. James Chaplin, ITIL® v3 Foundation Systems Programmer, MVS, zVM & zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Marcy Cortes Sent: Tuesday, August 18, 2015 11:24 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Symantec Endpoint Protection (SEP) for installation on zLinux? We've been given an exception because it doesn't exist for z. Not a bad thing imnsho :) -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Tuesday, August 18, 2015 5:35 AM To: LINUX-390@VM.MARIST.EDU Subject: [LINUX-390] Symantec Endpoint Protection (SEP) for installation on zLinux? Fellow Penguin Mainframers, Has anyone installed Symantec Endpoint Protection (SEP) on Linux (RHEL or SUSE) on the s390x architecture? We have been given a "Security Requirement" that this vendor specific software has to be in place, and we cannot even verify that they support the s390x architecture. Please share any experience you may have with this if your shop has gone down this path and implemented SEP. James Chaplin, ITIL(r) v3 Foundation Systems Programmer, MVS, zVM & zLinux CA Technologies -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
Thanks Marcy, Sad to say this was the only response, not because of the list, but interest in hardening and anti-virus software tools available for the s390x architecture of Linux. Has anyone used or can name an alternate anti-virus tool (other than Symantec's end point) for Linux on the z Architecture (s390z)? We found one toll using Google F-PROT, but it is no longer available (from their website): Due to lack of customer demand, we have discontinued this product. If you are interested in F-PROT for S/390, please contact our sales department (sa...@f-prot.com). Fedora 22 for s390x has a tool ClamAV for use with Exim (mail server), but nothing for RHEL, any suggestions? James Chaplin, ITIL® v3 Foundation Systems Programmer, MVS, zVM zLinux CA Technologies -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Marcy Cortes Sent: Tuesday, August 18, 2015 11:24 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Symantec Endpoint Protection (SEP) for installation on zLinux? We've been given an exception because it doesn't exist for z. Not a bad thing imnsho :) -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Tuesday, August 18, 2015 5:35 AM To: LINUX-390@VM.MARIST.EDU Subject: [LINUX-390] Symantec Endpoint Protection (SEP) for installation on zLinux? Fellow Penguin Mainframers, Has anyone installed Symantec Endpoint Protection (SEP) on Linux (RHEL or SUSE) on the s390x architecture? We have been given a Security Requirement that this vendor specific software has to be in place, and we cannot even verify that they support the s390x architecture. Please share any experience you may have with this if your shop has gone down this path and implemented SEP. James Chaplin, ITIL(r) v3 Foundation Systems Programmer, MVS, zVM zLinux CA Technologies -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Symantec Endpoint Protection (SEP) for installation on zLinux?
Fellow Penguin Mainframers, Has anyone installed Symantec Endpoint Protection (SEP) on Linux (RHEL or SUSE) on the s390x architecture? We have been given a Security Requirement that this vendor specific software has to be in place, and we cannot even verify that they support the s390x architecture. Please share any experience you may have with this if your shop has gone down this path and implemented SEP. James Chaplin, ITIL(r) v3 Foundation Systems Programmer, MVS, zVM zLinux CA Technologies -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Performance Toolkit and zLinux
Tom, Look at RMF XP, http://pic.dhe.ibm.com/infocenter/zos/v1r13/index.jsp?topic=%2Fcom.ibm.zos.r13.erbb200%2Fgpm4cim1.htm, you can download the implementation guide at: ftp://public.dhe.ibm.com/eserver/zseries/zos/rmf/rmf_xp_implementation_guide.pdf as “rmfpms” replacement. Quote: “RMF XP exploits the existing Common Information Model (CIM) instrumentation for AIX and for the Linux distributions (RHEL/SUSE) and does not require any proprietary agent software on the monitored endpoints. The CIM server, as well as the metric providers, are integral parts of the supported AIX and Linux distributions, and therefore no additional software needs to be installed. However, you need to ensure that the CIM servers with their metric providers are properly set up and running on the monitored endpoints. This document helps you in configuring the CIM servers and their metric providers and gives you additional hints and tips on how to optimize your RMF XP configuration.” James Chaplin, ITIL® v3 Foundation Systems Programmer, MVS, zVM zLinux CA Technologies -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Tom Huegel Sent: Tuesday, August 26, 2014 11:21 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Performance Toolkit and zLinux Although zVPS is a fine product and I am sure well worth the price it provides much more than the basic information I am looking for. All I need in my lab on the occasions when someone wants to run a zLINUX guest is provided by the APPLdata and PTK. Thanks Berry. A GOOGLE search pointed me to an OMEGAMON doc with instructions to enable data collection. modprobe appldata_os modprobe appldata_mem modprobe appldata_net_sum echo 1 /proc/sys/appldata/os echo 1 /proc/sys/appldata/mem echo 1 /proc/sys/appldata/net_sum echo 1 /proc/sys/appldata/interval echo 1 /proc/sys/appldata/timer Tom On Tue, Aug 26, 2014 at 5:48 AM, Bill Bitner bit...@vnet.ibm.commailto:bit...@vnet.ibm.com wrote: The RMF agent that runs inside the Linux on System z guest was re-written the other year and changed the interface. We chose not to update the Performance Toolkit handling of that interface as other things have changed since the introduction of the RMF agent to Linux. You can still use the RMF client (the link provided earlier will point to information ont that) that supports z/OS as well. There was a statement of direction in 2011 for these changes. Performance Toolkit will report on the z/VM Appldata that Linux provides on all the current distributions. While this doesn't provide process level information, it does provide a Linux view of some important metrics. It is also very low overhead. Additionally, OMEGAMON XE for z/VM and Linux provides both the z/VM and the Linux agents. Perhaps not the first choice for a PoC, but wanted to mention for completeness. Bill Bitner - z/VM Customer Focus and Care - IBM Endicott - 607-429-3286 The postings on this site are my own and don't necessarily represent IBMs positions, strategies or opinions. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edumailto:lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edumailto:lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: timer ticks in /proc/stat - more differences between SLES and RHEL?
Interesting because when I ran the same script on a RHEL 5.9 guest (w/ 2 vCPUs), we get: ./gettricks.sh getting one set of data sleeping 5 seconds and getting another set of data statOut1 = cpu 60259 128520 96523 256447792 415684 8000 15453 134955 statOut2 = cpu 60259 128520 96524 256448793 415686 8000 15453 134955 nums1 = 60259+128520+96523+256447792+415684+8000+15453+134955 nums2 = 60259+128520+96524+256448793+415686+8000+15453+134955 totalTicks = 1004 Do not have a RHEL 6.3 system to compare with :-(. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael MacIsaac Sent: Friday, May 17, 2013 10:30 AM To: LINUX-390@VM.MARIST.EDU Subject: timer ticks in /proc/stat - more differences between SLES and RHEL? I'm hacking around with CPU utilization numbers from /proc/stat with this little script: # cat getticks #!/bin/bash echo getting one set of data statOut1=`egrep '^cpu ' /proc/stat` echo sleeping 5 seconds and getting another set of data sleep 5 statOut2=`egrep '^cpu ' /proc/stat` nums1=`echo $statOut1 | grep ^cpu | sed -e 's/cpu\s*//g' -e 's/ /+/g'` let sum1=$nums1 nums2=`echo $statOut2 | grep ^cpu | sed -e 's/cpu\s*//g' -e 's/ /+/g'` let sum2=$nums2 let totalTicks=$sum2-$sum1 echo statOut1 = $statOut1 echo statOut2 = $statOut2 echo nums1 = $nums1 echo nums2 = $nums2 echo totalTicks = $totalTicks On a SLES 11 SP2 system, with 5 vCPUs, I get the expected output: # ./getticks getting one set of data sleeping 5 seconds and getting another set of data statOut1 = cpu 251 8 170 857508 145 2 7 32 0 0 statOut2 = cpu 251 8 170 860009 145 2 7 32 0 0 nums1 = 251+8+170+857508+145+2+7+32+0+0 nums2 = 251+8+170+860009+145+2+7+32+0+0 totalTicks = 2501 2501 ~= 5 seconds * 5 CPUs * 100 ticks/sec On a RHEL 6.3 system (2 vCPUs), I get a *slightly* different number: # ./getticks getting one set of data sleeping 5 seconds and getting another set of data statOut1 = cpu 13059 57057 56528 4 0 2740 3152 3130 0 statOut2 = cpu 13059 57057 56529 4 0 2740 3152 3130 0 nums1 = 13059+57057+56528+4+0+2740+3152+3130+0 nums2 = 13059+57057+56529+4+0+2740+3152+3130+0 totalTicks = 1 HUH? Does RHEL not count ticks in /proc/stat? Any help will be appreciated. Mike MacIsaac mikemac at-sign us.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
What is VM00 Adjustment in /proc/sysinfo
In /proc/sysinfo, there is a value called VM00 Adjustment and LPAR Adjustment, what is this Adjustment value for and how is it set for each zVM guest? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company [cid:image002.jpg@01CDB77D.28669960] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ inline: image002.jpg
Is there a way to capture the entire LPAR CPU usage in PERFKIT for alerts
We use Perfkit to capture high CPU usage with individual Linux Guests on zVM, however is there a way to capture the CPU usage for the entire LPAR and set an alert to it? With the overcommitted of resources on the zVM LPAR, we had a situation where we did not have any one Linux Guest using excessive CPU, but the entire LPAR was pegged at 100%, giving each guest Linux performance issues. We do not have Velocity at this time (we keep trying, but no one will let us spend the money). So we have remaine3d focused on finding a solution with Perfkit. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Are your Linux instances healthy?
Hendrik (or anyone), Can you help us with one small issue I cannot seem to find the answer on with the install of this neat tool. I am doing the noarch rpm install and getting: rpm -ivh lnxhc-1.0-1.noarch.rpm error: Failed dependencies: rpmlib(PayloadIsLzma) = 4.4.2-1 is needed by lnxhc-1.0-1.noarch I know the answer is going to be easy, but I cannot seem to be able to resolve the rpmlib module PayloadIsLzma issue here, any suggestions. I issue: rpm -showrc and get: ARCHITECTURE AND OS: build arch: s390x compatible build archs: s390x noarch build os : Linux compatible build os's : linux install arch : s390x install os: Linux compatible archs : s390x s390 noarch compatible os's : linux RPMRC VALUES: macrofiles: /usr/lib/rpm/macros:/usr/lib/rpm/s390x-linux/macros:/etc/rpm/macros.*:/e tc/rpm/macros:/etc/rpm/s390x-linux/macros:~/.rpmmacros optflags : -O2 -g -m64 Features supported by rpmlib: rpmlib(VersionedDependencies) = 3.0.3-1 PreReq:, Provides:, and Obsoletes: dependencies support versions. rpmlib(CompressedFileNames) = 3.0.4-1 file name(s) stored as (dirName,baseName,dirIndex) tuple, not as path. rpmlib(PayloadIsBzip2) = 3.0.5-1 package payload can be compressed using bzip2. rpmlib(PayloadFilesHavePrefix) = 4.0-1 package payload file(s) have ./ prefix. rpmlib(ExplicitPackageProvide) = 4.0-1 package name-version-release is not implicitly provided. rpmlib(HeaderLoadSortsTags) = 4.0.1-1 header tags are always sorted after being loaded. rpmlib(ScriptletInterpreterArgs) = 4.0.3-1 the scriptlet interpreter can use arguments from header. rpmlib(PartialHardlinkSets) = 4.0.4-1 a hardlink file set may be installed without being complete. rpmlib(ConcurrentAccess) = 4.1-1 package scriptlets may access the rpm database while installing. rpmlib(BuiltinLuaScripts) = 4.2.2-1 internal support for lua scripts. Thanks for any suggestions and assistance James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Hendrik Brueckner Sent: Friday, March 16, 2012 7:43 AM To: LINUX-390@VM.MARIST.EDU Subject: Are your Linux instances healthy? Today the first release of the Linux Health Checker 1.0 is made available - an exciting new tool. The Linux Health Checker (lnxhc) identifies potential weaknesses in the Linux configuration before they impact your system's availability or cause outages. To try it out, visit: http://lnxhc.sourceforge.net/ With it comes a Health Checker User's Guide. It explains the new framework, how to install the tool and get started, how to run the health checks. Get your Linux instances healthy with the Linux Health Checker! -- Hendrik Brueckner brueck...@linux.vnet.ibm.com | IBM Deutschland Research Development GmbH Linux on System z Development | Schoenaicher Str. 220, 71032 Boeblingen IBM Deutschland Research Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz Geschaeftsfuehrung: Dirk Wittkopp Sitz der Gesellschaft: Boeblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Does anyone use Microsoft's SCOM monitoring tool with zLinux?
My manager just came to me with a question that was raised in a manager's meeting. Our distributive group (Unix/RH/Solaris/AIX) was complaining about the Tivoli agents on their servers creating problems, not reporting, etc. The Window's group manager stepped in with the response of why they don't start using SCOM instead? Looking at the Microsoft websites (not very helpful of course, more marketing, little technical) for SCOM (System Center Operations Manager 2007 R2), I do see it can be used with Linux, but does not get into the detail of which architecture. I would safely assume x86, but would it work on s390x? Is anyone out there using SCOM on their platform (zLinux, or s390x) with either RHEL or SUSE? Can anyone point me to a datasheet on this product (System Center Operations Manager 2007 R2) that lists supported platforms? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
How do you set up an rsa public key on zVM to connect to another zVM's Guest's zLinux session to issue a command.
I have a REXX script that issues a set of SEND commands to another zVM guest to log on another guest's Linux session and issue a Linux command and then exit. The problem with the script is that it is passing the password to Linux and I would like to change this to using an rsa public/private key exchange instead. What I want to be able to do is to send a user ID and commands to a zVM guest that hosts a zLinux server, logging in with only the user ID and using the rsa keys to authenticate on the zLinux side (allowing commands to be issued under that ID). Has anyone done this or is it possible? Is there a reverse command to the vmcp command in IBM s390 toolkit, a type of CP command that issues a Linux command the Linux side, like the vmcp allows CP commands to be issued from Linux to the zVM session. Because of authentication on the Linux side, I do not think this is possible, but I would like to learn I am wrong here. James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Required packages on a zLinux server running Oracle vs Put everything on
Thanks, that was what I was looking for. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Damian Gallagher Sent: Friday, December 16, 2011 9:47 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Required packages on a zLinux server running Oracle vs Put everything on Oh, we can do better than that :-) On the assumption that you have a support contract, all you need is in this article: Note 1086769.1 -Ensure you have prerequisite rpms to install Oracle Database and AS10g(midtier) on IBM: Linux on System z (s390x) This provides an rpm which consists only of prereqs, thus ensuring you have the packages needed for the appropriate product. Run both sets, and you're good for E-Business Suite also. It won't necessarily tell you what you have that's unnecessary, though. Cheers Damian -Original Message- From: Mauro Souza [mailto:thoriu...@gmail.com] Sent: 16 December 2011 10:56 To: LINUX-390@vm.marist.edu Subject: Re: Required packages on a zLinux server running Oracle vs Put everything on There's a RedBook (http://www.redbooks.ibm.com/abstracts/sg247634.html) for installing Oracle on System Z. It contains all the needed packages, so you could install just those packages. Having a lot of superfluous packages can slow your server down, use more memory and disk than it should, and create room for vulnerabilities (for instance on that Apache installed by default and never configured properly). Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. On Fri, Dec 16, 2011 at 1:43 AM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: The argument for not having them there is that you are subject to far less security patching. Now, some organizations don't seem to care about that. Some others care more than one can ever imagine. Marcy -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Thursday, December 15, 2011 3:20 PM To: LINUX-390@vm.marist.edu Subject: [LINUX-390] Required packages on a zLinux server running Oracle vs Put everything on I got into a discussion with a co-worker over packages that are installed on a zLinux oracle server. We are Running RHEL 5.7 at our site, and are using Oracle 10g (about to go to 11g). I noticed that our Oracle servers have an average of 1192 rpm packages installed and 91 define system services compared to our other non-Oracle servers (application, java, MQ Websphere) having only 450 - 480 installed rpm packages and 53 defined services. I am not an oracle expert. Can anyone point me to a list of required software packages to be installed to support Oracle 10g? If you have any suggestions or personal experiences with oracle and the zLinux base platform, your comments are welcome. Another statement was It does not matter what we have installed, as long as Oracle is working, or don't touch unless it is broken. A sample of the over 600 packages are httpd (apache) and eklogin. Others like squid I believe is needed. I am just looking for a good baseline and argument to clean up these servers from unneeded software. James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org
Required packages on a zLinux server running Oracle vs Put everything on
I got into a discussion with a co-worker over packages that are installed on a zLinux oracle server. We are Running RHEL 5.7 at our site, and are using Oracle 10g (about to go to 11g). I noticed that our Oracle servers have an average of 1192 rpm packages installed and 91 define system services compared to our other non-Oracle servers (application, java, MQ Websphere) having only 450 - 480 installed rpm packages and 53 defined services. I am not an oracle expert. Can anyone point me to a list of required software packages to be installed to support Oracle 10g? If you have any suggestions or personal experiences with oracle and the zLinux base platform, your comments are welcome. Another statement was It does not matter what we have installed, as long as Oracle is working, or don't touch unless it is broken. A sample of the over 600 packages are httpd (apache) and eklogin. Others like squid I believe is needed. I am just looking for a good baseline and argument to clean up these servers from unneeded software. James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Question of UTC vs Local Time
Has anyone moved from Local time (EST) to UTC with zLinux?? Any comments or experiences to share? One of our upper level managers want us to look at what it will take to move everything that is on Local time (Linux zOS) to UTC. From a systems point of view I cannot think of an impact, just on in house applications., that have self written timestamps. James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Question of UTC vs Local Time
The sysplex is a big issue at our shop, so this will be interesting, more so than the Y2K eleven years ago ;-). Thanks for responding. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of McKown, John Sent: Tuesday, November 29, 2011 2:05 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Question of UTC vs Local Time If you're application is requesing local time and you set up the TIMEZONE information correctly, then I doubt you'd see any problem. The problems occur if the application requests GMT time or does the assembler STCK or STCKE instruction to get the TOD clock from the hardware directly. You mentioned z/OS, which I'm better at than z/Linux. The only problem that I can foresee is if you change the TOD clock to move backwards and your running in a z/OS sysplex. You __cannot__ back up the TOD clock in a sysplex. Period. End of discussion. There are two things which you can do. One is to simply wait for n hours for the GMT version of the TOD clock to move forward from the local TOD clock time (US EST would be a 5 hour wait). This is not likely to go over well with management. grin. The reasonable thing to do is to create an entirely new, and unused, version of all your couple datasets and use the new versions on the IPL after the TOD is set to GMT. Oh, and watch out for database software such as DB2. It uses TOD timestamps instead of local time. But I don't know enough about DB2 to know what happens if the TOD backs up. I will allow the gurus of Linux to talk about the impact in Linux. I'm too ignorant. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Tuesday, November 29, 2011 11:38 AM To: LINUX-390@VM.MARIST.EDU Subject: Question of UTC vs Local Time Has anyone moved from Local time (EST) to UTC with zLinux?? Any comments or experiences to share? One of our upper level managers want us to look at what it will take to move everything that is on Local time (Linux zOS) to UTC. From a systems point of view I cannot think of an impact, just on in house applications., that have self written timestamps. James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Duplicate rpm packages s390 - s390x, can one of them be removed?
We have several Red Hat servers that were set up by our Unix group when we started into the zLinux world. All these servers are running in 64 bit architecture. As I am getting to know they systems better, I did a search on the packages we have installed and found about 71 packages that have both a s390 (32 bit) and s390x (64 bit) versions installed. Is there any reason to have both architectures install for the same package? We just did a basic install of RHEL on one of our test systems, and when I searched that platform, we had no 32 bit packages (great!). Has anyone had similar experience or have any recommendations. I am considering removing all the 32 bit packages from the system, but want to insure that it has no impact on the system. Is there any need for a 64 bit application to have access to it's 32 bit conterpart? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Adding users to RedHat 5.4
Small note to add value to Dave's excellent response in relation to updating the /etc/sudoers file, use visudo to update the /etc/sudoers file. It is clean and simple with error checking. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of David Boyes Sent: Wednesday, September 07, 2011 11:18 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Adding users to RedHat 5.4 First, what command and options should I be using to create the userid w/ a home directory and whatever else may be needed, along with the superuser attributes? useradd -m userid passwd userid add userid to /etc/sudoers -m creates the user's home dir. If these ids are going to be temporary, add -e to the useradd command and specify an expiration date so they automatically go locked when the class is over. You're dealing with two things here: real and effective uids. Each user normally must have a single unique numeric uid that should be unique across all systems. This is stored in /etc/passwd, and is known as their real uid (the one that determines permanent file ownership, etc). The _effective_ uid is the one that is used when executing programs, etc at the time of execution. Normally the real and effective uid are the same, producing no special powers. 'su' (and by extension, sudo and a an appropriate filter) temporarily change the effective uid for that user in that process context to 0, temporarily giving them powers beyond the mortal *for the duration of that process context*. In the case of sudo, a new process context is created, the command is parsed, and then checked against the patterns in /etc/sudoers. If the command matches a pattern in /etc/sudoers, sudo temporarily changes the effective uid of the process to 0, does the command, and immediately changes the effective uid back to the real uid when the command is completed and before the user is given control again. If the command is an interactive command like a shell (remember, Unix shells are just programs), the process retains the superuser privilege until the original shell started by sudo exits, and other commands issued from that shell inherit the Powers of Darkness from the 'sudo bash' command. These days, sudo is the way to go if you have multiple administrators who need superuser access. Much safer, and you don't ever have to give anyone the REAL root password (as you do with su) -- they authenticate with their OWN password before anything dangerous happens, effectively making them directly responsible for what they do. Third, how do I list the userid after it's created? cat /etc/passwd | grep userid -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: HugePage support with RHEL
Thanks Martin, I almost gave up hope on HughPages due to all our zLinux Guests run under zVM, and we like using zVM to control the swapping as best as possible. I do have two follow-up questions: 1) Can you point me to any reference material dealing with HugePages with zVM (v6.1) where I can start my homework on the topic? I did a search online of IBM zVM 6.1 doc on HugePages, Large Pages and came up with nothing. 2) What is required or needs to be done to enable edat in zLinux from the zVM side? Again, would you be able to point me to any doc in the zVM side? How do we get the edat facility, is it hardware or a setting in either the SE or HMC with the LPAR definition, or in the IODF? James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Martin Schwidefsky Sent: Friday, September 02, 2011 4:11 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: HugePage support with RHEL On Thu, 1 Sep 2011 15:01:52 -0400 Brad Hinson bhin...@redhat.com wrote: Hi James, It appears that in order to use hardware large page support, Linux must be running in LPAR mode. I can't find anything that says this is supported in z/VM. Hopefully someone can correct me if I'm wrong. I can confirm that on a z10 under z/VM 6.1 I also do not see 'edat' in /proc/cpuinfo, so hugepage support is emulated in software. You can use large pages in LPAR and under z/VM. In LPAR we have real large pages if we have the edat facility. If there is no edat facility or if we are running under z/VM we use large page emulation. There are two benefits to using hugepages: 1) The TLB pressure in reduced by using 1MB frames. To get this benefit the edat facility is required since this needs the large page segment table entries. No love here for z/VM. 2) The memory savings due to the reduced number of page tables. There are two cases: 2a) under LPAR with edat the 1MB frames are directly referenced by the segment table entry, the lowest page table level is not allocated at all. 2b) under z/VM there is no edat facility and no large page segment table entries. Here a single page table for the 1MB frame is allocated which is shared by all users of the large page. The page table overhead to map 2GB of memory: i) without large pages: 1 segment table, 2048 page tables ii) with large page emulation: 1 segment table, 1 page table iii) with edat large pages: 1 segment table In numbers i) 4112 KB, ii) 18 KB, and iii) 16 KB. This number is per process. If your database uses processes for its transactions and maps large share memory areas the memory savings quickly add up. If you have e.g. 128 processes mapping 2GB you'll need for case i) 514 MB, ii) 2.25 MB, and iii) 2 MB. -- blue skies, Martin. Reality continues to ruin my life. - Calvin. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
HugePage support with RHEL
I am currently looking at the HugePage support feature and whether it can help us at our site. But I hit a roadblock that someone out there may be able to help me with. In the doc I have found (both from RH and a collection of other presentations on the web), I have found how to set the /proc/sys/vm/nr_hugepages value with sysctl with no problem. But my concern is with the next bit of information concerning whether the hardware has large page support and if not, how do I enable that support. When I issue cat /proc/cpuinfo, we do not have the edat value set in features (page 26 in http://zjournal.tcipubs.com/issues/zJ.DEC-JAN09.pdf). We have two z196s with zVM 6.1 running zLinux guests using RHEL 5.6 (2.6.18-238.9.1.el5). Can anyone point me to how to get the feature edat turned on and where documentation on this may be located? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: VTL with Linux
We also use FDR Upstream to do the backups of Linux zVM volumes to Virtual Tape located o z/OS LPAR. The tape management is handled by z/OS with the data moved to z/OS first then to tape. We only have one tape drive defined to VM for zVM Maintenance. There is no management of tapes on this single drive, as all tapes are foreign tapes. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Graves, Aaron Sent: Thursday, August 25, 2011 2:23 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: VTL with Linux We use FDR Upstream to do the backups on z/OS to Virtual Tape. The tape management is handled by z/OS. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Walters, Gene P Sent: Thursday, August 25, 2011 2:01 PM To: LINUX-390@VM.MARIST.EDU Subject: VTL with Linux Is anyone on the list running Linux and doing backups to a Virtual Tape Library? If so, how are you doing tape management? VM? Linux? Thanks Gene -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Does anyone use SELinux on their zLinux platforms?
Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Does anyone use SELinux on their zLinux platforms?
Kevin, That sounds like the direction that I am currently trying to promote at our worksite. I have one question with authentication. With LDAP, are you going against RACF for the password and the user Statements with the related Roles and role statements, where are these stored? Are you able to use LDAP as the central location for these values on zOS for all Linux users and servers to access them from? We are not using LDAP, as we have CA's eTrust Top Secret at our shop on the zOS security package. We are using a different tool to retrieve user password, uid gid from Top Secret at our shop. At this time, CA has stated that they are not supporting SELinux values, but are considering this for the future. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 10:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are currently implementing Red Hat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Does anyone use SELinux on their zLinux platforms?
One last question, I am trying to understand where the SELinux settings for a user are stored, like the User Statements with the assigned roles stored for SELinux? Same question on the defined Roles and Role Statements? Does SELinux User mapping have to be defined on each server? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 11:08 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are not currently using LDAP for any SELinux information. We use LDAP for normal Linux/unix authentication values like uid, gid, home, etc... We also have sudo using LDAP for its rules so we do not have a sudoers file in /etc and can control it from a central location. We also control which host a given ID is allowed to log on to from the LDAP. The password used is the RACF password because we have enabled the LDAP server to use RACF for password validation. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 10:53 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? Kevin, That sounds like the direction that I am currently trying to promote at our worksite. I have one question with authentication. With LDAP, are you going against RACF for the password and the user Statements with the related Roles and role statements, where are these stored? Are you able to use LDAP as the central location for these values on zOS for all Linux users and servers to access them from? We are not using LDAP, as we have CA's eTrust Top Secret at our shop on the zOS security package. We are using a different tool to retrieve user password, uid gid from Top Secret at our shop. At this time, CA has stated that they are not supporting SELinux values, but are considering this for the future. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 10:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are currently implementing Red Hat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
How do you look up the current version of RMF that you are using on zLinux?
We deployed RMF on our zLinux guests (currently using RHEL 5.4) back around 2007, is there a command or a way to display the version of RMF on our Linux guests to determine the version we are currently using? I have been searching the doc and the web with no luck. Does anyone have any suggestions of where to look or command to issue? RMF DDS is installed using a tar file, which has long been deleted from the systems. From the Web page, the current version available appears to be RMF DDS Level 2339; does anyone know if this is the current version? Reading the README file from the original install, I think we are at Level 2116 (~2005), but would like to see a command to verify this from the binary application files. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, a CA Technologies Company Supporting the zSeries Platform Team Data Center Operations Branch Enterprise Data Center Operations Group Enterprise Data Management Engineering Division Office of Information and Technology Department of Homeland Security/U.S. Customs Border Protection (703) 921-6220 james.chap...@cbp.dhs.gov -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle on RedHat 6 beta for z
RHEL 5.6 James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Hughes, Jim Sent: Thursday, June 02, 2011 1:04 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle on RedHat 6 beta for z Wow. What release should I download? Jim Hughes Consulting Systems Programmer Mainframe Technical Support Group Department of Information Technology State of New Hampshire 27 Hazen Drive Concord, NH 03301 603-271-5586Fax 603.271.1516 Statement of Confidentiality: The contents of this message are confidential. Any unauthorized disclosure, reproduction, use or dissemination (either whole or in part) is prohibited. If you are not the intended recipient of this message, please notify the sender immediately and delete the message from your system. ==-Original Message- ==From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of ==Graves, Aaron ==Sent: Thursday, June 02, 2011 11:28 AM ==To: LINUX-390@VM.MARIST.EDU ==Subject: Re: Oracle on RedHat 6 beta for z == ==I do not believe Oracle is supported yet on RHEL6 on any platform. == ==Aaron == ==-Original Message- ==From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of ==Hughes, Jim ==Sent: Thursday, June 02, 2011 11:14 AM ==To: LINUX-390@VM.MARIST.EDU ==Subject: Oracle on RedHat 6 beta for z == ==Our Oracle people are getting an error saying Oracle complains about ==Redhat 6 Beta is not a supported operating system. == ==We are downloading Redhat 6 for z now. == ==Has anyone else discovered this restriction? == == ==Jim Hughes ==Consulting Systems Programmer ==Mainframe Technical Support Group ==Department of Information Technology ==State of New Hampshire ==27 Hazen Drive ==Concord, NH 03301 ==603-271-5586Fax 603.271.1516 == ==Statement of Confidentiality: The contents of this message are ==confidential. Any unauthorized disclosure, reproduction, use or ==dissemination (either whole or in part) is prohibited. If you are not ==the intended recipient of this message, please notify the sender ==immediately and delete the message from your system. == ==- - ==For LINUX-390 subscribe / signoff / archive access instructions, ==send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or ==visit ==http://www.marist.edu/htbin/wlvindex?LINUX-390 ==- - ==For more information on Linux on System z, visit ==http://wiki.linuxvm.org/ == ==- - ==For LINUX-390 subscribe / signoff / archive access instructions, ==send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or ==visit ==http://www.marist.edu/htbin/wlvindex?LINUX-390 ==- - ==For more information on Linux on System z, visit ==http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: zLinux CA PAM and ACF2
We are using CA ESM with TSS for many years and love it. We are years ahead of the Unix guys down the hall, who key in each user one server at a time. I do little to no work on setting up users, as our mainframe security department now does all that work for us (where it belongs). However, we also tend to be cutting edge with our software versions and support level, so I do not know if I can correctly answer your question. What you need to do is open a question with CA support (CA_ACF2 support) to verify that the started task for the PAM server (CA DSI Server) is compatible and supported with zOS 1.5 and the level of eTrust CA-ACF2 you are using. The more important question is the version of ACF2 than the version of zOS (other than issues with support and the versions of ACF2 with the operating system). We are currently at version 15 for the CA DSI Server (with eTrust Top Secret), but you may find that you will need to back level to version 12. zVM 5.4 is not a factor at all, communications is only between the Linux Guest and the mainframe started task (CA DSI Server). The External Security Manager (ESM) has been around for a long time. I have found CA support once you get past level one for the CA ESM product to be very good, Wayne Bruce did a great job with this and it is a free add-on. But there is little to no information on the web (www.ca.com) on the product. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Andre Massena Sent: Wednesday, June 01, 2011 7:03 AM To: LINUX-390@VM.MARIST.EDU Subject: zLinux CA PAM and ACF2 All, having seen several posts relating to CA PAM and ACF2 in the distant past on this forum, I thought I would pose my humble questions here.. A customer of mine is still running z/OS 1.5 using ACF2 as the ESM. He has installed several IFL's with bleeding edge z/VM 5.4.. and wants to authenticate his z/OS users using an LDAP method from zLinux (SLES11). Will CA PAM talk with such an old release of z/OS and presumably an equally old release of ACF2?? What are you considered opinions?? Regards, Andre -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Linux Applications
Linux has an endless source of free games and applications you can install on the servers, but that would be a waste of good resources. For working tools, look at Perfkit for zVM as a starter on performance. Play and learn Linux, use http://www.google.com/linux for all your questions, it's great, or visit http://linuxvm.org/ for a good read. Does your shop have any applications on distributed systems that a Linux based demo application can be ported over to your z10BC platform? Des your shop use Oracle on other platforms, it works great on zLinux. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Dazzo, Matt Sent: Tuesday, May 31, 2011 11:16 AM To: LINUX-390@VM.MARIST.EDU Subject: Linux Applications As part of our upgrade from a z890 to a z10BC our VAR threw in an IFL, Zvm/Linux and support to sweeten the deal. Although we do not currently have a business application for Linux we have zvm and 2 linux servers up and running for a learning experience and grins. We are running zvm 6.4 and RH5.6 My question is what are some tools or 'nice to have items' that can be installed and used to benefit the company at this point? I am looking to learn the environment and expand the roll of Linux on the MF here if possible. Thanks Matthew Dazzo Sr MVS Systems Programmer Publishers Clearing House -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Problem with Oracle on zLinux having multiple authentications to itself
I am not an Oracle DBA, and I am not getting an answer from our Oracle DBAs on site with this problem. I would like to know if anyone has had a similar problem with Oracle on zLinux multiple authentications to itself? We have several servers using oracle, however two of the dozen plus servers have a high volume of authentications. Every day I run a cron job that captures a summary of audit activity including authentications (aureport) on each of our servers. The average server has about 10 -25 authentications per day except two oracle servers. These two servers have over 2,300 authentications. The next step, I looked at why by looking for a pattern and found that the oracle user account access itself (points to its own IP address) 9 times every five minutes. It is like the Oracle application is ssh to the server IP address instead of the other server in the rack or some other reason. # aureport -au (returns): # datetime accthost term exe success event . . . . . . . . 35. 05/03/2011 00:21:01 oracle server IP address ? /usr/sbin/sshd yes 2221509 36. 05/03/2011 00:21:01 oracle server IP address ? /usr/sbin/sshd yes 2221519 37. 05/03/2011 00:21:01 oracle server IP address ? /usr/sbin/sshd yes 2221529 38. 05/03/2011 00:21:02 oracle server IP address ? /usr/sbin/sshd yes 2221561 39. 05/03/2011 00:21:02 oracle server IP address ? /usr/sbin/sshd yes 2221571 40. 05/03/2011 00:21:02 oracle server IP address ? /usr/sbin/sshd yes 2221581 41. 05/03/2011 00:21:03 oracle server IP address ? /usr/sbin/sshd yes 2221591 42. 05/03/2011 00:21:03 oracle server IP address ? /usr/sbin/sshd yes 2221601 43. 05/03/2011 00:21:03 oracle server IP address ? /usr/sbin/sshd yes 2221611 . . . . . . . . Here is a copy of the last event 2221611 in detail (ausearch -a 2221611): time-Tue May 3 00:21:03 2011 type=USER_AUTH msg=audit(1304396463.675:2221611): user pid=15285 uid=0 auid=4294967295 msg='op=pubkey_auth rport=7992 acct=oracle exe=/usr/sbin/sshd (hostname=?, addr=server IP address, terminal=? res=success)' Is there a setting in Oracle that should be corrected? Can anyone point me to any doc I can share with my DBAs to help resolve this? Has anyone else seen a similar problem? Is there a way with audit to associate a PID with an event? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Server rebooting after doing a CP Q DA from the console
Chen, No, console remained connected, the screen goes from displaying the DASD to a Linux boot. I was in such shock as it happened; I failed to capture a screen shot. Our terminal settings were/are: LINEND # BRKKEY PA1 Alan, Martin, Mauro Rob Van der Heij, Thanks very much for your feedback, I think what you added to this discussion is the solution. All of you give great value to this List Serv. This being a production system, I cannot test it right way out of the risk of job security, but I am in the process of setting up a test server attached to a large number of unused DASD devices and see if I can recreate the problem and then test your solution. I plan to test it with and without an ORACLE RAC. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Eddie Chen Sent: Friday, March 18, 2011 5:10 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Server rebooting after doing a CP Q DA from the console After you issue the cp query, did you disconnect? -Original Message- Mauro Souza thoriu...@gmail.com wrote: I saw this problem some time ago with an Oracle RAC guest. It haven't set the CP SET RUN ON, and as soon as the client issued some #CP Q SOMETHING, the server froze down, and linux rebooted. Looks like Oracle RAC have some kind of watchdog, and as CP MODE stops running Linux kernel for a little moment, the watchdog thinks the system froze down, and reboots the system. Setting RUN ON solved the problem. You can try this, it won't hurt, and I think RUN ON should be the default. Martin Schwidefsky schwidef...@de.ibm.com wrote: There is the important hint: if you have Oracle RAC and the watchdog is running the z/VM guest may not stop for longer periods of time. My guts feeling is that the large output of the #CP Q xyz command stopped the linux guest for too long. Once the output completed the guest continued and the Oracle watchdog did what it is programmed to do: reboot. Alan Altmark alan_altm...@us.ibm.com wrote: Regardless, when output comes to the console, there is no buffering, even if it thousands of lines long. That's ok since the output doesn't go through the virtual machine OS, but directly from CP to the 3270. Only the 3270 PA1 key (the default break key) will stop the output. CP QUERY TERMINAL to look at the BRKKEY setting. Pressing the break key will cause CP to put up a CP READ, canceling any pending output. If #cp had in fact been caught by CP, not Linux, there would have been no buffering, no error message, and no server abend. Ergo, #cp was not caught by CP. Rob van der Heij rvdh...@gmail.com wrote: So we're talking about virtual-MP in both cases? Are both also using cpuplugd to vary off CPUs maybe? Setting RUN ON will only prevent the CP READ upon reconnect. You should not need to reconnect a perfectly runing system. With RUN ON you may get buried in console output that prevents you from doing what you came for. I recommend to have RUN OFF and be aware of the CP READ when you have to reconnect. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, March 18, 2011 5:07 PM To: LINUX-390@VM.MARIST.EDU Subject: Server rebooting after doing a CP Q DA from the console Found a problem today with CP QUERY command that caused our Linux Server to reboot. Using vmcp from a zLinux server, I issued the following command: vmcp q dasd | less Binary file (standard input) matches Error: output (21282 bytes) was truncated, try --buffer to increase size This guest has a large number of DASD attached to it (Oracle database) causing this problem. (Should have used the 'vmcp -b q dasd | less') But I thought I would try the same command from the guest console (#CP Q DA), and got the following response just before the server rebooted: DASD 4886 ON DASD 4886 R/W VI1304 SUBCHANNEL = 014C DASD 4887 ON DASD 4887 R/W VI1305 SUBCHANNEL = 014D Error: output (21282 bytes) was truncated, Two questions as I am a VM rookie, How to you modify the buffer from the console for the CP command? How do you display the buffer size available for a CP command? Also: Why would a query command on a console bring down a linux guest, but vmcp query does not? Is this a know bug? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ Please consider the environment before printing this email. Visit our website at http://www.nyse.com Note
Re: Server rebooting after doing a CP Q DA from the console
Yes I understand Alan is right on, and that vmcp protect's itself with a limited buffer. But when I did the same command from the console instead of using the vmcp command on the guest, it brought the entire server down. VMCP limits the amount of output through buffers, how does VM limit output from commands from the console? I should have phrased my question that way. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Ronald van der Laan Sent: Saturday, March 19, 2011 9:23 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Server rebooting after doing a CP Q DA from the console James, As Alan said, someone is intercepting in Linux your CP command. The vmcp q term does not generate so much output that it does not fit in the standard vmcp buffer, so you should be fairly safe issueing that command. An other option is to issue from an other authorized VM user (for instance MAINT) the command FOR linux_guest_id CMD QUERY TERMINAL For what it is worth, in my days as an operator (a long long time ago), we intercepted the D T command, sometimes issued by MVS operators to Display Time. Only on VM it was a Dump Terminal, so we were less amused when that got issued under OPERATOR .. Ronald van der Laan -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Moving Oracle off zLinux boxes -- comments from the field?
We just had a surprise announcement by one of the Oracle DBAs during a zLinux Application group planning meeting at our worksite. The DBA advised us that they (Database group) were going to move/migrate all the Oracle databases that we have on zLinux boxes off to an intel/unix platform. He did not offer details of the hardware, or when or how, just that they were going to do it. This is a bite of a surprise as we have just moved our MQ off the Mainframe (zOS) to the zLinux platform (guests on zVM) and that move is doing well. This may be due in part to the false mindset that we have in our upper management at our site that Mainframes are old technology. Also we have had slow response from Oracle on resolving issues we have identify (certifying Oracle 11 on z390x architecture, getting Oracle 10 support for RHEL 5.0 on z390x architecture). Has anyone else on this list had any related war stories similar to what we may be about to experience as this move takes place? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Server rebooting after doing a CP Q DA from the console
Found a problem today with CP QUERY command that caused our Linux Server to reboot. Using vmcp from a zLinux server, I issued the following command: vmcp q dasd | less Binary file (standard input) matches Error: output (21282 bytes) was truncated, try --buffer to increase size This guest has a large number of DASD attached to it (Oracle database) causing this problem. (Should have used the 'vmcp -b q dasd | less') But I thought I would try the same command from the guest console (#CP Q DA), and got the following response just before the server rebooted: DASD 4886 ON DASD 4886 R/W VI1304 SUBCHANNEL = 014C DASD 4887 ON DASD 4887 R/W VI1305 SUBCHANNEL = 014D Error: output (21282 bytes) was truncated, Two questions as I am a VM rookie, How to you modify the buffer from the console for the CP command? How do you display the buffer size available for a CP command? Also: Why would a query command on a console bring down a linux guest, but vmcp query does not? Is this a know bug? James Chaplin Systems Programmer, MVS, zVM zLinux -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Moving Oracle off zLinux boxes -- comments from the field?
It's government, what do you expect ;-) James Chaplin -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Barton Robinson Sent: Friday, March 18, 2011 5:03 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Moving Oracle off zLinux boxes -- comments from the field? wow, your DBAs have the authority to spend that kind of money and make that kind of change without management signature? So no financial analysis, no technical reason, sounds religious. CHAPLIN, JAMES (CTR) wrote: We just had a surprise announcement by one of the Oracle DBAs during a . . . . -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Server rebooting after doing a CP Q DA from the console
My biggest problem is that I have no way to recreate the problem without impacting our production. The vmcp command is at a level of protection against this problem. But what we want to understand is why would a simple #CP Q DA bring down the guest linux? You should have seen my face as I watched this Linux guest go into a reboot from the console view on a Friday evening :-( I was unable to capture the true output when the CP Q DA failed. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Alan Altmark Sent: Friday, March 18, 2011 5:54 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Server rebooting after doing a CP Q DA from the console On Friday, 03/18/2011 at 05:07 EDT, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: But I thought I would try the same command from the guest console (#CP Q DA), and got the following response just before the server rebooted: DASD 4886 ON DASD 4886 R/W VI1304 SUBCHANNEL = 014C DASD 4887 ON DASD 4887 R/W VI1305 SUBCHANNEL = 014D Error: output (21282 bytes) was truncated, Two questions as I am a VM rookie, How to you modify the buffer from the console for the CP command? How do you display the buffer size available for a CP command? You don't. The Error: output you see wasn't generated by CP; it came from Linux. Ergo, the command you issued didn't actually go to CP. It wouldn't surprise me if someone set up a shell script of some sort to turn #cp (a habit) into vmcp. Why would a query command on a console bring down a linux guest, but vmcp query does not? Is this a know bug? Try again, but issue vmcp query term before you try the #cp. I often see that the LINEND character has been set to something other than # in order to allow use of # in Linux. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Announcing Red Hat Enterprise Linux 6 beta
The big question will be after RHEL 6 goes GA, how long will it take Oracle to catch up and certify their DB on this platform for the z390x Architecture? It took to this year, that we are able to move our Oracle DBs to RHEL 5 servers. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Brad Hinson Sent: Friday, April 23, 2010 4:39 PM To: LINUX-390@VM.MARIST.EDU Subject: Announcing Red Hat Enterprise Linux 6 beta Below is the announcement for RHEL 6 beta, released this past Wednesday. It's currently available on RHN (https://rhn.redhat.com). Red Hat is pleased to announce the Beta availability of the next generation of the Red Hat Enterprise Linux product family. Red Hat Enterprise Linux 6 brings together ground-breaking improvements across many subsystems and a significant update to the kernel to deliver the overall Red Hat open source experience. Red Hat Enterprise Linux 6 Beta is available today for download by customers, partners and members of the public. We value wide participation and invite you to install, test and provide feedback on the Beta to help us ensure that the final release delivers a best-in-class solution. Our currently supported release, Red Hat Enterprise Linux 5, continues to be the cornerstone of Red Hat's subscription-based software product portfolio. It will continue to be supported by Red Hat and its ISV and OEM partners until 2014. Featuring fully updated core technology, from the kernel to the application infrastructure to the development toolchain, Red Hat Enterprise Linux 6 Beta includes many features and enhancements to the following areas: * Virtualization* Security * Power management * Storage * Resource management * RAS * File systems * Scalability * Compiler and tools* Desktop * Installer * New hardware enablement Please note that this early access software should not be deployed in production environments. The Beta packages and installation images are intended for testing purposes only. Red Hat Enterprise Linux 6 Beta is still in active development, and the contents of the media kit and the implemented features are subject to change. The Beta is not formally supported and it will not be possible to upgrade from the Beta to the final production version. Due to the incorporation of debugging features, performance tests based on the Beta will not provide results that are representative of the final product. To learn more about this release or to download the installation kits, please visit the Red Hat Enterprise Linux 6 Beta portal at: http://www.redhat.com/rhel/beta The portal also provides detail on how to report issues and feedback to Red Hat. Please be sure to periodically check the Red Hat blog for articles on Red Hat Enterprise Linux 6. The blog can be accessed at: http://press.redhat.com/ If you'd like to stay current with Red Hat Enterprise Linux 6 updates, we encourage you to subscribe to the following mailing lists: 1. Mailing list that provides general announcements related to Red Hat Enterprise Linux 6. https://www.redhat.com/mailman/listinfo/rhelv6-announce 2. Mailing list to serve as a discussion list for Red Hat Enterprise Linux 6 beta(s). https://www.redhat.com/mailman/listinfo/rhelv6-beta-list Thank you for your continued support of Red Hat and your interest in the Red Hat Enterprise Linux 6 Beta. Your participation is critical in ensuring that we deliver a high-quality release that supports your enterprise environments. Sincerely, The Red Hat Enterprise Linux Team -- Brad Hinson bhin...@redhat.com Worldwide System z Sales, Strategy, Marketing Red Hat, Inc. +1 (919) 360-0443 (mobile) +1 (919) 754-4198 (voicemail) www.redhat.com/z -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: problem deinstalling an rpm
Co-worker spotted my problem, I was trying to de-install a file, not a package name, once I dropped the .rpm, it worked beautifully. That second set of eyes helps. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Bruce Furber Sent: Wednesday, March 10, 2010 1:56 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: problem deinstalling an rpm Try --force May the force be with you CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: I am having a problem with a possible corrupted rpm. I tried to uninsta;; and rpm, and it tells be it is not installed to begin with, go to install, message is that is it installed. r...@zn001:(/root)#rpm -i Some_modulefiles.s390x.rpm package Some_modulefiles.s390x is already installed r...@zn001:(/root)#rpm -q Some_modulefiles.s390x.rpm package Some_modulefiles.s390x.rpm is not installed same message with rpm -e . . . . is not installed and quits. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
problem deinstalling an rpm
I am having a problem with a possible corrupted rpm. I tried to uninsta;; and rpm, and it tells be it is not installed to begin with, go to install, message is that is it installed. r...@zn001:(/root)#rpm -i Some_modulefiles.s390x.rpm package Some_modulefiles.s390x is already installed r...@zn001:(/root)#rpm -q Some_modulefiles.s390x.rpm package Some_modulefiles.s390x.rpm is not installed same message with rpm -e . . . . is not installed and quits. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: New Virtualization Cookbook for z/VM 6.1 and SLES 11
Mike, Will you be coming out with a Red Hat version of this same cookbook (RHEL 5.4 zVM 6.4)? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Michael MacIsaac Sent: Friday, February 12, 2010 8:34 AM To: LINUX-390@VM.MARIST.EDU Subject: New Virtualization Cookbook for z/VM 6.1 and SLES 11 Hello lists (cross posted to linux-390 and ibmvm), Marian Gasparovic and I are pleased to announce a new cookbook entitled z/VM and Linux on IBM System z: The Virtualization Cookbook for SLES 11. It is temporarily at the top of the page: http://www.vm.ibm.com/devpages/mikemac/ The PDF weighs in at 4.5MB and 236 pages. The associated tar file is only 17KB. There was no funding/support for this to become an official IBM Redbook, so we updated it on the side. It is currently on my z/VM developer page, but we hope to finalize it on linuxvm.org/present (if Mark ever finishes his promised review :)) The changes to this book are: -) The z/VM sections are updated for V6.1 -) The Linux sections are updated for SLES 11. -) The REXX EXEC and XEDIT macro to help modify z/VM system labels have been removed as it is recommended to change the system labels at z/VM install time. For reference, the section on relabeling system volumes is slightly modified to describe performing the steps manually, without the REXX EXEC and XEDIT macro. -) The Servicing z/VM chapter has been updated for z/VM 6.1 and now describes IBM ShopzSeries, not IBMLink. -) The Linux system that does the cloning is called the cloner, not the controller. -) A section on the X Window System has been added. -) The penguin on the cover representing the golden image was given a gold jacket :)) Some sections are removed in the release of this book: -) In Miscellaneous Recipes chapter, sections on LDAP, NTP, rsync and CMM were removed in the interests of time. -) Details on creating a travelling /home/ have been removed, however, a section with words of wisdom, based on a linux-390 append by Patrick Spinler, has been added. Thanks to all who helped to make this project possible (see list in Preface). Feedback is welcome on or off-list. Enjoy - you can't beat the price! :)) Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intro, request for advice ...
This is a great place to start as you start working with Linux. Also keep www.google.com/linux as quick starting point to finding answers. Do you have an open systems group in your shop? Buy a large box of donuts and pay them a visit. Many quick answers can be found just down the hall in many shops. Also set up one or two x86 boxes at home to play with, and install Linux on them, just to keep as a sandbox to test your ideas. One Question, why go with free source code? Will you be putting any production applications on zLinux? Is there a detail play within your organization to use zLinux, or is this just a playground? If this will be a high value application for users that need 7 x 24 x 365 access, then you may want to invest in some system support, both SUSE and RED HAT are great with their support for the z390x platform. And push for zVM, that is where the magic begins, virtualization! New server fully loaded in less than 10 minutes. Seeing the .gov in your email, someone has to be accountable to the performance with application running on zLinux. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Bonno, Tuco Sent: Wednesday, January 13, 2010 9:02 AM To: LINUX-390@VM.MARIST.EDU Subject: intro, request for advice ... please allow me to introduce myself. I am new to this listserver community. I am an mvs systems programmer w/ about 30 years experience with ibm mainframe o/s-s (s360 thru z/os), plus about 12 years experience w/ ibm’s UnixSystemsServices/OpenEdition, and its related hierarchical file system (HFS). I have been given a mission to install a Linux o/s on an IFL lpar on one of our Z9 mainframe platforms, and hence have found my way here, to this community. the PURPOSE of the Linux IFL lpar will be to host DB2Connect. The install is going to be standalone directly into the IFL lpar (the governmental agency I work for does not wish to spend any money for a Z/VM license – or for anything else connected w/ this op.). So I’m also going to need a FREE distribution of Linux. So far I have discovered about 3 of these ‘free’ Linuxes: Centos, Debian, and the one available from the marist.edu . question: can anyone offer me some advice on which one I should use (please keep in mind the purpose is to host DB2Connect) ? question: can anyone recommend any good cookbook manuals to use? on my own, I’ve discovered quite a few books out there on the internet, but I would like to save some time and not have to download each one to check it out …. question: anyone have any gp (general purpose, across the board) words of wisdom he/she would care to share? thank you for your indulgence. /s/ tuco bonno graduate, College of Conflict Management; University of Southeast Asia; I partied on the Ho Chi Minh Trail - tiến lên !!
How to set up a common USER home directory across multiple zLinux Guests
We want to create a central location for all zLinux server's user home directory located on a common server (using NFS?) with some method of failover if that server is down. Is there a file system that crosses different servers that can be mounted by one system as the user home file system, and then can fail over to another system if that (NFS holding the Home Directories) server goes down? Right now as I understand NFS, if we use an NFS to hold user home directories, if the hosting server is taken down, no one can log into any of the other zLinux guests. Can anyone point me to a sample or documentation to resolve this? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
How do you . . . . setting up a user to force him to change his password?
I have been banging my head (and the keyboard with google.com/linux) trying to come up with an answer/solution. When setting up a new user, I want to be able to expire the user's temporary password, allowing the user to login with the temporary password, but force him/her to create his own password on the first login. I know how to set the INACTIVE value in the /etc/shadow file, but is there a command to modify the account without manually modifying the /etc/shadow create date (to expire) to do this? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How do you . . . . setting up a user to force him to change his password?
Thanks for pointing me in the right direction, this was the solution I was missing, wrote a great script to get the job done. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Dominic Coulombe Sent: Tuesday, October 13, 2009 11:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: How do you . . . . setting up a user to force him to change his password? Hi, On Tue, Oct 13, 2009 at 11:31, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: [...] is there a command to modify the account without manually modifying the /etc/shadow create date (to expire) to do this? Assuming the password can expire (EXPIRE_DATE != -1) : chage -d 0 username Regards, Dominic Coulombe -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Remove a user from a secondary group
I know how to add a user to a second group, for example to give su authority (using wheel)to a user, we issue the following command: usermod -G wheel testur4 But how can I remove him in a single command without directly editing the /etc/group /etc/gshadow files (vigr). Is there a single command? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Remove a user from a secondary group
Thanks Mark, . . . that's the answer, and I did not know this. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Tuesday, October 06, 2009 2:33 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Remove a user from a secondary group On 10/6/2009 at 12:06 PM, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: I know how to add a user to a second group, for example to give su authority (using wheel)to a user, we issue the following command: usermod -G wheel testur4 But how can I remove him in a single command without directly editing the /etc/group /etc/gshadow files (vigr). Is there a single command? When you use usermod -G group1,group2,group3 username, any groups that username is a member of, but are not listed on the command, are removed. I.e., each usermod -G command must specify _all_ the groups you want them to be in. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
intrusion detection on the zLinux Platform
Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Prop concatenating lines
Good afternoon Jan, We use Tivoli monitor which works good (but not great), and we also wanted to have a second method, so I looked at PROPs with much disappointment. However we did come up with capturing exception messages from Perfkit and send the information to our operational center. You need to have Perfkit installed on your VM system. We focused on capturing high DASD I/O and high CPU usage on our zLinux servers. We wrote a separate set of scripts on each Linux server, not using PERFKIT, to check swapping and memory (using crontab). But memory and swapping may also be done through PERFKIT, I just did not explore that option yet. This involved setting limits in FCONX $PROFILE on PERFSVM, and then creating a REXX (JSEND) to pass the message from VM to a Linux guest, which in turn passed the message to our operators in our situation room to notify us of any problems. I can send you detail information on the simple code we wrote to your email address off the list if you would like. Drop me a request to my personal email, jhchap...@comcast.net, and I will pass you that information. James Chaplin Systems Programmer, MVS, zVM zLinux -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Jan de Wet - Business Connexion Sent: Tuesday, September 08, 2009 3:33 AM To: LINUX-390@VM.MARIST.EDU Subject: Prop concatenating lines Hi I am trying to use PROP to monitor Linux Red Hat I am elimination all lines that are OK in the RTABLE to catche any strange messages I found that in PROP, some lines are concatenated These are lines that seem to end on a X'FF' On the Linux console they apear as separate messages How can I get them as separate messages on PROP ex on Linux Starting system logger: [ OK ].. Starting kernel logger: [ OK ].. Starting portmap: [ OK ].. Starting NFS statd: [ OK ].. Starting RPC idmapd: in PROP ZABBIX03 BCXZVM : [ OK ]...STARTING SYSTEM LOGGER: [ OK ]...STARTING KERNEL LOGGER: ZABBIX03 BCXZVM : [ OK ]...STARTING PORTMAP: [ OK ]...STARTING NFS STATD: ZABBIX03 BCXZVM : [ OK ]...STARTING RPC IDMAPD: thank you Jan de Wet Deployment | Data Centre Services office +27 (0)11 729 5436 | fax +27 (0)86 572 5720 | mobile +27 (0)82 902 1996 web site www.bcx.co.za http://www.bcx.co.za/ Email: jan.de...@bcx.co.za Jesus Christ is my Lord This e-mail and its contents are subject to the Business Connexion (Pty) Ltd e-mail legal notice available at: http://www.bcx.co.za/disclaimer.htm -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Anyone use nmap on s390x?
Has anyone run nmap on zLinux, know where I may find any rpm or binaries for the s390x platform? Comments and insight? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Anyone use nmap on s390x?
Does that include the Red Hat distributions? I did an rpm -qa | grep nmap and it came back empty. I will look on our satellite server to make sure. Thanks for the quick response, I'll keep digging. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Friday, June 19, 2009 4:41 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Anyone use nmap on s390x? On 6/19/2009 at 4:11 PM, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: Has anyone run nmap on zLinux, know where I may find any rpm or binaries for the s390x platform? Comments and insight? It should come with the Linux distribution. It's been on every one that I've seen. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Question on acl files and permission values.
I have a user who deploys an application using a common user ID and script. For security reasons, we are trying to get them off this common ID. However their deployment scripts fail to remove files other than the ones they themselves (user) deploy. Thus the team resorts to a common ID. My solution was to use ACL to grant RWX to all members of the group on the file system. This works after I set the command: setfacl -R -m g:guid:rwx /file/system and setfacl -R -m -d g:guid:rwx /file/system for the default value. When I display (getfacl) these values, they are verified as still correct. However after they expand their zip file again during the deployment, the files are no longer removable (permission denied) by any other member of the group except for the user completing the deployment. And the ACL values are still the same for the file system. The files are created by the developers on a Windows platform to be deployed on linux. Before: group:groupname:rwx After redeployment: group:groupname:rwx #effective:r-x ==(I need the write) How can I resolve this without having to rerun the setfacl command again? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: backups on Red hat
We are a big Innovation FDR shop, and FDR Upstream (http://www.fdr.com/products/upstream/zlinuxups.cfm ) has been our zLinux backup tool with good success so far. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Jan de Wet - Business Connexion Sent: Thursday, April 02, 2009 12:21 AM To: LINUX-390@VM.MARIST.EDU Subject: backups on Red hat Hi I am implementing our first production Linux on the mainframe We are looking at backups What commercial backup systems have agents that can run on Red Hat on the Mainframe Our system of choice is Legato, but they do not seem to support this environment thank you Jan de Wet Deployment (Business Connexion), Services Building, Midrand, South Africa Cell: +27 (0)82 902 1996 Office: +27 (0)11 990 1695 Fax:+27 (0)86 572 5720 e-mail: jan.de...@bcx.co.za Jesus Christ is my Lord -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Stopping java based applications
Our programmers have been creating java based applications that they start and stop using simple scripts. The start script call java to start the program; however the stop script issues a simple kill command against the PID. Our problem if User A start the program, only User A can kill it (except for root). We want anyone in the group level to be able to also issue the kill command (in the script). Is there a way to allow users in a group to kill each other's started processes. Being new to the zLinux and Java worlds, is it standard to issue a 'kill -9 pid to terminate a java program? Is there a better way and how does issuing a kill de-allocate memory and other issues? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
-r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh The setuid is set on group level. Removed the user execute perms as shown above, and script failed to kill -p pid, got permission denied message still. Did a chmod 2474 stopServer.sh to set the bits, is this correct in what you are suggesting? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Jack Woehr Sent: Tuesday, March 31, 2009 10:28 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Stopping java based applications CHAPLIN, JAMES (CTR) wrote: We want anyone in the group level to be able to also issue the kill command (in the script). Is there a way to allow users in a group to kill each other's started processes. You can have a script or program * with the setuid bit set * with the write permissions off * with group execute perms but no user execute perms -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
using ldappasswd with zLinux and LDAP
We are trying to allow users to change their mainframe password through LDAP via ldappasswd command: home/user1)#ldappasswd -A -S -H ldap://hostname:port# user1 Old password: Re-enter old password: New password: Re-enter new password: SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: We are using Top Secret on the mainframe; we have IBM LDAP on the mainframe with NATIVEAUTH active (so it is getting the password directly from Top Secret). However this command is failing to change the Top Secret stored password. Any suggestions where to look or make changes to resolve this? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: using ldappasswd with zLinux and LDAP
I like you're thinking and tested your idea however got a different error: ldappasswd -A -S -x -H ldap://hostname:port# user1 Old password: Re-enter old password: New password: Re-enter new password: Result: Protocol error (2) Additional info: No backend for OID=1.3.6.1.4.1.4203.1.11.1 James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Patrick Spinler Sent: Thursday, March 26, 2009 11:27 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: using ldappasswd with zLinux and LDAP -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unless you've explicitly set up a SASL authentication method, you're probably using simple authentication. Indicate this to linux via the -x command line option to most ldap utils. Test it via ldapsearch, first. E.g.: ldapsearch -H ldap://hostname uid=some_known_uid should fail with a similar error. whereas: ldapsearch -x -H ldap://hostname uid=some_known_uid should work. Another note. You should be able to put most of the necessary default host, search base and similar information into /etc/ldap.conf and /etc/openldap/ldap.conf (you can cheat and make them symlinks to each other) so that you don't have to enter -H options, and suchlike. - -- Pat CHAPLIN, JAMES (CTR) wrote: We are trying to allow users to change their mainframe password through LDAP via ldappasswd command: home/user1)#ldappasswd -A -S -H ldap://hostname:port# user1 Old password: Re-enter old password: New password: Re-enter new password: SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: We are using Top Secret on the mainframe; we have IBM LDAP on the mainframe with NATIVEAUTH active (so it is getting the password directly from Top Secret). However this command is failing to change the Top Secret stored password. Any suggestions where to look or make changes to resolve this? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknLntQACgkQNObCqA8uBswM7ACghYxhK8En+SB9NF3x1dBW1lv0 M8AAn3w56kG9xvDsGk3mEMvxAfS3J+hH =0mCU -END PGP SIGNATURE- -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Posting etiquette
And that coming from a person working at a bank in this economic climate ;-) Personally, job offering and searching is for a different format, this should be a technical forum, not a job search tool. Go to Monster.com or Dice.com for a job search. That's my two cents. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Schneck.Glenn Sent: Friday, March 13, 2009 2:12 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Posting etiquette Mark, I have seen job postings on other lists and personally don't see an issue with them. In this economic climate and the potential of each of us being laid off any avenue for employment is appreciated, IMHO. Glenn Glenn A. Schneck AVP, Managed Services, Transaction Services SunTrust Banks, Inc. 407-762-3514 (office) 407-625-2596 (cell) glenn.schn...@suntrust.com Live Solid. Bank Solid. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Barajas Sent: Friday, March 13, 2009 1:09 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Posting etiquette Ladies and Gentlemen, I have a question about etiquette of postings into this email list. I've been monitoring and most of the postings are about asking and sharing of technical issues encountered during day to day activities and once in a while about events to benefit everyone. Even once or twice I have seen several of the members posting having to move on. On the last one; I would like to know what would be or if it would be possible for posting for employment opportunities. If this is not the right spot to find folks with this groups skill sets ... would someone be able to direct me to where I might be able to post and find folks? PS This is my first post to the email list and hope that I'm not breaking too many rules. Thanks Mark Barajas Data Center Technologies Accenture - Infrastructure Consulting Enterprise Architecture If the decisions you made yesterday are in line with your values, don't go back and second-guess yourself. Stick with it, move on, and trust yourself. A goal is a planned conflict with the status quo. -Hyrum W. Smith A plan is a list of actions arranged in whatever sequence is thought likely to achieve an objective. -John Argetti This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 LEGAL DISCLAIMER The information transmitted is intended solely for the individual or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please contact the sender and delete the material from any computer. SunTrust is a federally registered service mark of SunTrust Banks, Inc. Live solid. Bank solid. is a service mark of SunTrust Banks, Inc. [ST:XCL] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Creating RAID Arrays on zLinux / zVM minidisks
Okay, this is not real work, been working on my RHCT, and decided to test what I can do on a PC to the zLinux platform. I am trying to create a RAID-1 Array (two disks mirroring each other) in a zVM environment. I created two minidisks in zVM and am trying to format them on the zLinux side, using fdasd (instead of fdisk on the PC side). But I see no option to format fd the disks, with the interactive, it keeps asking for partition number (here is the display): (/root)#fdasd /dev/dasdk reading volume label ..: VOL1 reading vtoc ..: ok Command action m print this menu p print the partition table n add a new partition d delete a partition v change volume serial t change partition type r re-create VTOC and delete all partitions u re-create VTOC re-using existing partition sizes s show mapping (partition number - data set name) q quit without saving changes w write table to disk and exit Command (m for help): t Disk /dev/dasdk: cylinders : 750 tracks per cylinder ..: 15 blocks per track .: 12 bytes per block ..: 4096 volume label .: VOL1 volume serial : 0X0205 max partitions ...: 3 --- tracks --- Device start end length Id System 21124911248 unused change partition type partition id (use 0 to exit): Has anyone played with software RAID on the mainframe Linux? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Advice on zLinux for a systems-administrator from the x86 world
What are you doing March 1st - 6th? Start by going to SHARE in Austin TX. Go to http://www.share.org/Events/UpcomingConference/tabid/349/Default.aspx and look at the zVM and zLinux sessions. Tell the Boss that he will get a get return on his investment of sending you to SHARE. Also look at http://www.linuxvm.org at a resource. Good luck, you are making a good move. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team Data Center Operations Branch Enterprise Data Center Operations Group Enterprise Data Management Engineering Division Office of Information and Technology Department of Homeland Security/U.S. Customs Border Protection (703) 921-6220 james.chap...@cbp.dhs.gov -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Erling Ringen Elvsrud Sent: Monday, February 09, 2009 7:04 AM To: LINUX-390@VM.MARIST.EDU Subject: Advice on zLinux for a systems-administrator from the x86 world Hello list, I work as a Linux systems administrator. Currently we have about 200 virtual (vmWare) and 40 physical linux servers. Most of these servers are used for WAS (Websphere appserver), a few for WPS (Websphere process server), and a few for other uses. My employer is condidering zLinux (on a z10 BC mainframe). I have no experience with mainframe, z/VM or zLinux. Can you describe how you use zLinux? What kind of software do you run on zLinux? how many zLinux instances per IFL, how much memory? What kind of workloads do you think realizes most economic benefits on zLinux? If you are familiar with other virtualization alternatives, can you compare zLinux on zVM with them? (for instance cost, performance, simplicity of administration, etc). Thanks, Erling -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Security question and using scp
We have a security requirement (which is common with Linux) to prevent ssh login for root (setting PermitRootLogin to no). One problem we find, as system administrators, we like to use secure copy (remote file copy program, scp) files between systems. However this will not work for any root level files, since scp uses ssh to copy files over a network. Does anyone have a suggested solution or better way around this issue? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team Data Center Operations Branch Enterprise Data Center Operations Group Enterprise Data Management Engineering Division Office of Information and Technology Department of Homeland Security/U.S. Customs Border Protection (703) 921-6220 james.chap...@cbp.dhs.gov -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Security question and using scp
Tom Kern from DOE called me with a good solution, using pubkeys and in the sshd_conf file, set PermitRootLogin to without-password. Did a google search on PermitRootLogin without-password and got allot of hits, trying to set up a test right now (phone keeps ringing with other peoples problem;-0). But this is looking like the best solution. Will update soon, thanks for the suggestions. Thanks Tom for pointing me in the right direction. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Romanowski, John (OFT) Sent: Friday, January 16, 2009 1:49 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Security question and using scp Have the same issue here. As workarounds I sometimes use an NFS mount to transfer multiple files, or a VDISK used a thumb drive to copy multiple files from one guest to another on the same VM system -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, January 16, 2009 11:20 AM To: LINUX-390@VM.MARIST.EDU Subject: Security question and using scp We have a security requirement (which is common with Linux) to prevent ssh login for root (setting PermitRootLogin to no). One problem we find, as system administrators, we like to use secure copy (remote file copy program, scp) files between systems. However this will not work for any root level files, since scp uses ssh to copy files over a network. Does anyone have a suggested solution or better way around this issue? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team Data Center Operations Branch Enterprise Data Center Operations Group Enterprise Data Management Engineering Division Office of Information and Technology Department of Homeland Security/U.S. Customs Border Protection (703) 921-6220 james.chap...@cbp.dhs.gov -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This e-mail, including any attachments, may be confidential, privileged or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Interesting article on IBM Mainframes (and zLinux) and market trends
Every few years, people predict that the mainframe is on its last legs and will be taken over by the technology du jour. That replacement technology has ranged over the years from client-server computing to Web-based computing, and, now, it's cheap, commodity x86-based servers. Don't believe a word of it -- mainframe sales have begun climbing again. A mainframe's capacity is large enough that it enables massive consolidation, which helps slash costs. Perhaps another telling comment we've heard concerning Z processors came from an IBM rep at a recent gathering. When asked about sales trends, the rep indicated that sales of mainframes were in fact on the rise. What is the primary market for this rise? China. Full article here: http://www.internetnews.com/hardware/article.php/3764656/The+Mainframe+S till+Lives.htm James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Problem with sendmail (and mailx)
We have several RHEL 4.5 servers running Oracle. Each is a clone of the original. However I discovered that we can only send email from two (using the mailx command). I am not an expert on sendmail, however I have looked at every configuration file I can find to see if I can locate a difference between the servers that work and the servers that do not work and have come up empty. I looked at sendmail.cf and submit.cf, and their respective *.mc files, with no differences found. In the /etc/log/maillog file I found the following between servers (working and not working): Working: Jul 31 14:58:59 zn023 sendmail[30613]: m6VIwxY2030613: [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32986, relay=mailhost [10.159.4.16], dsn=2.0.0, stat=Sent (Message accepted for delivery) Fail to send: Jul 31 14:48:50 zn019 sendmail[27586]: m6VImo9Z027586: [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32985, relay=mailhost [10.159.4.16], dsn=5.0.0, stat=Service unavailable Does anyone have any insight to this and how/where the DSN values (Delivery Status Notification) is set, where I may look to find the root of this fail to send or any suggestions. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: LVM problem. Lost VG info
Did you try a vgscan? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Walters, Gene P Sent: Tuesday, June 17, 2008 8:58 AM To: LINUX-390@VM.MARIST.EDU Subject: LVM problem. Lost VG info I'm already having a bad day. I took one of our Linux Instances down to add more disk space to it. Everything went fine. I used Yast2 to add the new volumes to the VG. Now when I IPL, it cant find the volume group. I ran a PVSCAN, and it shows all my physical volumes are associated to an unknown VG. I've looked at several commands, but I guess I just don't understand. Hopefully my data is not lost. Is there a way to rebuild the VG? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: LVM problem. Lost VG info
Were you able to verify that the device is online? If lscss is unavailable, go to the dev directory: Determine the device number (say 204) either from an lsdasd or cat /proc/dasd/devices cd /sys/bus/ccw/drivers/dasd-eckd/0.0.0204 cat online . . . .if value zero (offline), then echo 1 online James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Walters, Gene P Sent: Tuesday, June 17, 2008 9:15 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: LVM problem. Lost VG info This is on sles8, so I don't have the lscss command, but when I try the vgchange -ay it cant find any volume groups. -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Szefler Jakub Sent: Tuesday, June 17, 2008 9:05 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: LVM problem. Lost VG info Have you all disks online ? Issue command : lscss and check it. After then you can try: vgscan vgchange -ay Best regards, Jakub Szefler Administrator zOS/zVM -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Walters, Gene P Sent: Tuesday, June 17, 2008 2:58 PM To: LINUX-390@VM.MARIST.EDU Subject: LVM problem. Lost VG info I'm already having a bad day. I took one of our Linux Instances down to add more disk space to it. Everything went fine. I used Yast2 to add the new volumes to the VG. Now when I IPL, it cant find the volume group. I ran a PVSCAN, and it shows all my physical volumes are associated to an unknown VG. I've looked at several commands, but I guess I just don't understand. Hopefully my data is not lost. Is there a way to rebuild the VG? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Measuring CPU performance? Which is right?
On the zLinux guest (ZP013), using sar I get a CPU usage of about 15%: 11:00:01 AM CPU %user %nice %system %iowait%steal %idle 11:50:01 AM all 14.78 0.00 0.70 0.53 0.1583.84 But under Perfkit (zVM) we get the following exception message, 33.5% CPU: 11:51:51 FCXUSL317A User ZP013 %CPU 33.5 exceeded threshold 30.0 for 5 min. 'top' numbers match the 'sar' values from the zLinux guest. We have two IFLs defined to the guest. Why are the numbers from PERFKIT different from the zLinux environment? Which numbers should we be monitoring from? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Measuring CPU performance? Which is right?
RHEL 5.0 James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Thursday, June 12, 2008 1:33 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Measuring CPU performance? Which is right? On Thu, Jun 12, 2008 at 12:31 PM, in message [EMAIL PROTECTED], CHAPLIN, JAMES (CTR) [EMAIL PROTECTED] wrote: -snip- Why are the numbers from PERFKIT different from the zLinux environment? Which numbers should we be monitoring from? You didn't say which version of which distribution you are using. Anything prior to SLES10 and RHEL5 will report (possibly wildly) incorrect CPU utilization numbers from inside the Linux guests. If you're at one of those levels or higher, then the numbers should match. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Measuring CPU performance? Which is right?
From zLinux, I am seeing one CPU at 15%, the other at a much lower value (~5%) using 'mpstat -P ALL' James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Kim Goldenberg Sent: Thursday, June 12, 2008 3:19 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Measuring CPU performance? Which is right? Malcolm Beattie wrote: CHAPLIN, JAMES (CTR) writes: On the zLinux guest (ZP013), using sar I get a CPU usage of about 15%: [...] But under Perfkit (zVM) we get the following exception message, 33.5% CPU: 11:51:51 FCXUSL317A User ZP013 %CPU 33.5 exceeded threshold 30.0 for 5 min. [...] We have two IFLs defined to the guest. [...] Why are the numbers from PERFKIT different from the zLinux environment? PerfKit percentages are calculated as percentage of one engine. Linux percentages calculate percentage of CPU resource available to the image. For your Linux guest with 2 engines, Linux tells you it's using ~15% of its 2-engines'-worth. PerfKit spells that as ~30% of a nominally-100%-utilised single engine. Same resource usage, different way of displaying the measurement. Isn't that in the wrong direction? I'd expect 15% of two engines ~= 7.5% of one engine (.15x200 = .075x100). If, however, Linux is reporting as if 1 engine and PerfKit is doubling due to two engines, I could see your scenario. Which is correct? TIA Kim -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Capturing PERFKIT console messages
I am trying to find a way to take a PERKIT message, capture it and email or move the information out. We have PERFKIT set up with FC LIMIT set to capture CPU (NORMCPU 90) and FC PROCESS CPMsg in FCONX $PROFILE. When we get a situation of high CPU, a message does display in the zVM console. I would like to know a way to capture that message and send it as an email message or as a file to one of the zLinux guests on the zVM LPAR. Any suggestions from other shops how they (you) monitor and capture this information. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
vmcpi command
Has anyone used the vmcp command? And reference on how to set it up on our zLinux systems. We are using RHEL 4.5 5 on zVM 5.3 LPARs. We have the man pages in place: vmcp - send commands to the z/VM control program but I get command not found when working with it. Can anyone point me to a good reference on setting this tool up? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Monitoring zVM CPU usage with automated alerts
James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 We had a situation in our shop were CPU in the zVM topped at 100% while the CPU usage in the zLinux Guests remained at their low levels. We use Tivoli ITM to monitor (automated) the CPU on our zLinux guests, but do not have an effective way to capture when zVM starts taking too much CPU in an single LPAR. Does anyone know of how/if ITM (Tivoli) can monitor zVM, or any shareware tool, Is there a Perfkit method to send a message out when the system starts to hold high CPU usage in zVM? We have looked at Velocity, but at the stage have no budget to invest in a tool as zLinux is still viewed as a test (experimental) platform in our shop James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Customs and Border Protection -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Question on measuring CPU Usage in Linux
We are using RHEL 5.0 4.5 (pending if using Oracle or not). So I am assuming the information form PERFKIT is the best measure of CPU Usage? I am trying to understand the waiting for I/O value of CPU, is this CPU unable to process other work? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Monday, March 24, 2008 5:37 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Question on measuring CPU Usage in Linux On Mon, Mar 24, 2008 at 4:04 PM, in message [EMAIL PROTECTED], CHAPLIN, JAMES (CTR) [EMAIL PROTECTED] wrote: Under Linux we have the command vmstat (and others) that display the CPU usage. What version of what distribution do you have? Anything prior to SLES10 and RHEL5, the data from inside the guest is pretty much meaningless. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Question on measuring CPU Usage in Linux
Under Linux we have the command vmstat (and others) that display the CPU usage. CPU Usage is broken into four groupings totaling 100%. I understand System and User CPU usage, and Idle is available CPU. But wa: Time waiting for IO, is this available CPU or unusable CPU? If this number is high on a system, is this a performance issue? On one of our systems, in PERFKIT we see the CPU at 99%. But we show CPU values at us: 21% sy: 5% id: 0% wa: 74%. Is the actual work being done by 26% of the CPU, and 74% CPU is unavailable waiting on I/O? Any performance suggestions? James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
question on what is 'nobody'
In the /etc/passwd group is a uid/gid of nobody. Why is nobody there and what does he do? Also in his (and others) shadow file he has * as his encrypted password, does this have special value? nobody:*:13725:0:9:7::: New to linux, inquisitive mind ;-) James Chaplin Systems Programmer, MVS zLinux (703) 921-6220 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Changing password on multiple zLinux servers
Running zLinux as Guests on zVM is fantastic until it comes time to reset your password across multiple servers. The guest servers are multiply like rabbits. We are a shop new to Linux on the mainframe and have a question. Is there a way to apply without using LDAP, or to issue a series of commands like passwd across multiple servers either through SSH or other method from a single server. Where should I point my learning curve to resolve this? I am new to scripting, but how different from REXX can it be? Thanks in advance for any comments and insight James Chaplin Systems Programmer USCBP -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: brain cramp on versioning info
rpm -q for software installed using rpms or for kernel info you can use: uname -v -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of LJ Mace Sent: Friday, October 26, 2007 12:15 PM To: LINUX-390@VM.MARIST.EDU Subject: brain cramp on versioning info What the heck is the command to find the version(s) of software your on? I remember it is - but for the life of me I can't remember the exact command thanks brain dead Mace __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390