Debian/390 from Sine Nomine Associates
Last December Sine Nomine Associates put out a set of CD's that were designed to make it easy to install Debian Linux quickly on a VM system. I would like to talk with someone else that has used these instillation CD's. I wish to compare experiences with them. Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, OK 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 email: [EMAIL PROTECTED]
Re: Oracle 9.2 on Suse 7.2 S390
David Boyes wrote: > Historically, I guess I'm somewhat suspicious of compatibility modes > like the mixed mode 31/64-bit stuff. None of the implementations of > such code I've ever worked with was sufficient (DEC Alpha, Cray, HP) > for production level reliability. Perhaps you folks are better > programmers...8-). Compat mode should work well enough; some people are running a full 32-bit userland environment under a 64-bit kernel, and I think some of the IBM middleware is actually certified for 32-bit compat layer on SLES-7 (64-bit) for example. If you know of specific problems, we are always happy to receive bug reports ;-) > I also still find that the algorithms used in Linux for buffer > management are quite a bit less efficient than the ones used in VM -- > that's no slight to the Linux folks, it's what they have to work with Could you be more specific here? > If your application issues a read (either buffered or non-buffered) in > the VM case and MDC has pre-cached the response by doing a fulltrack > read or has previously cached the record, the response time for I/O > completion is significantly better than going direct to disk. Well, if the block is already in the page cache, response time will be even more significantly better, as we save the round-trip through CP, SIE intercepts and all ... > Simplistic, until you consider that if the same database table > is active for multiple database machines, you can do quite a bit of > I/O avoidance that isn't possible in the Linux-only scenario. Net win. As soon as you have multiple guests accessing the same disk, shared caching will provide benefits, no arguments about that. However, I'd still consider shared read/write access to be a rare scenario, only exploitable from a few specialized applications at the moment. > You also gain the early I/O completion notification from > virtualizing DASDFW, although that's more a hardware feature than a VM > feature. It does have an impact on write performance in that the write > I/O completes much more quickly, and is guaranteed via the NVRAM. And how is that different from Linux using the DASDFW feature directly (actually, we don't even need to do anything, the hardware uses DASDFW by default unless you specifically switch it off)? > Is it better? Maybe not. It does however give you a lot more knobs to > manipulate the performance of the process. I'm of the opinion that the > I/O optimization code in VM has had more time to get optimized, and I > find that to be more tunable than the Linux code. It is true that the Linux philosophy generally views lots of tuning knobs with suspicion -- the system is supposed to tune itself, with the existing knobs having more something of a debugging function. Is there anything specific you'd like to be able to tune but cannot? > It also has some > very inspired hardware feature exploitation code in in that Linux > hasn't inherited yet. Time will tell -- you've got plenty of work to > keep you busy nights...8-). Is there anything specific you have in mind? (Things that are applicable to modern storage subsystems -- we are not particularly interested in supporting all the quirks of real 3390 devices at this point ...) Bye, Ulrich -- Dr. Ulrich Weigand [EMAIL PROTECTED]
cpio behaviour between sles7 & sles8
is there a documented difference between cpio in sles7/390 and sles8/390? When extracting the oracle 9iR2 archive, the cpio that ships with sles8 errors with a "premature end of file". I copied the cpio binary from sles7 and it worked fine.
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
At 11:42 AM 3/24/03 -0600, you wrote: >Having a vast array to choose from and loading one at a time ... THAT >might be palatable. In fact, it would be truly spiffy if some user- >space program could take IBM-defined binary translation files and do >the right thing to the kernel's console driver from that spec, one map >at a time. That's actually what I meant to suggest. A loadable module for translation, selected by the kernel code at boot time based on the actual or virtual hardware that is the console. Or loaded via startup script via insmod if necessary. Whether existing IBM binary translation files are the ones that should be used is a subject I'll leave to you and others to argue. I just want a well-defined translation that "just works" no matter whether it's real iron, VM or hercules. BTW, further testing on my part shows that at least two of the EBCDIC-unique characters do not display at all on the hercules console even with codepage 437/500 enabled -- cent sign and PL/1 not sign. Are these even available on a "real iron" HMC? These are obviously not critical or even necessarily useful for emergency programming at the HMC, so I really don't care that they don't show up. Plus, that could be a hercules issue and not a linux issue, I haven't isolated who's doing what to whom there yet. >Right. But accurate scripting in an emergency >does not also require that the translate table be symmetric. >You get input translated correctly from a number of possible >reference code pages. If the output does not match, >the operator can figure out what is happening from the context. >Again, this is for the emergency, not for "production". >(But avoid HMC for production work anyway, as IBM recommends.) Figuring it out from the context can be a real PITA, even if you think you know what you're doing. It's hard enough to get it right without such complications. >> >Here too, a switch after the fact would be reasonable. >> >> ??? After which fact? You lost me here. > >I mean that you could load a symmetrical table later on, >after the emergency has passed. I don't necessarily ask for a symmetrical table, just that all the characters be correctly input fro the keyboard and displayed on the console. If an asymmetrical table accomplishes that, it's OK by me. It *would* be nice if these console codepages were documented in a man page or info file somewhere, and not require venturing into the kernel source to resolve a simple question. Then hercules developers would be able to tailor their translation to what the kernel needs/wants (using OSTAILOR LINUX, for instance). Thanks for your insight on this. It's been very informative. - Peter J. Farley III ([EMAIL PROTECTED])
Re: Read-Only Telnet
I don't think anybody has mentioned it, so... Could you just set up Apache to follow symlinks, and allow directory listings and then create symlinks to the directories that the developers need access to? Then a simple refresh in the browser gets the updated file. Note: I haven't actually done this myself, but from my little experience with Apache it seems like it would at least be possible. And it seems like there could be security exposures here too if you let anybody read the system log. Of course if we were talking about Websphere under OS/390 you'd have the MVSDS service and you could make people logon with their RACF user id and password to use MVSDS and then they could only see the datasets they were permitted to. As you pointed out, the security model in *nix leaves a bit to be desired. (Or perhaps several bits.) Scott Chapman Jeremy Warren <[EMAIL PROTECTED]To: [EMAIL PROTECTED] om> cc: Sent by: Linux onSubject: Re: Read-Only Telnet 390 Port <[EMAIL PROTECTED] IST.EDU> 03/24/03 01:32 PM Please respond to Linux on 390 Port > So the first question is: what do they need shell access for? do they > need full shell access? > > * What do they need to run? Is it a something from certain set of > commands? If so: take a look at rbash, pdmenu, and similar. The prime example that the developers keep bringing up is along these lines: User A calls in a problem which working with the app via their browser.The developer wants to ssh into the host and issue a tail -f logfile while the user is doing their thing to better understand the sequence of events causing the problem. With the current FTP method, it becomes difficult to completely correlate User Action A with Log message B, especially if their are other folks working just fine at the time. rbash was one of the ones that came up in my searches after your earlier post, but I haven't really had time just yet to delve deeper into just how restricted, "restricted" is. (Specifically preventing the modifications of files you might otherwise gain access to via world permissions). > Generally a shell user is not supposed to be able to harm the system in > any way I frankly feel pretty good about the permissions elsewhere on the box, (Famous last words) however given that I have such little control over the permissions within this applications directories, I was hoping there was a "safer" way. Something that would override any "world" permissions. In my ideal pipe dream, not only would I be able to see "You can look but you can't touch", but I would even be able to deny access to "You shouldn't be here ever ever ever" types of files. (Although the vendor appears to have done this much right. I should be able to do that with group permissions right now, but it would be a nice thing to be SURE). > Mounting the system read-only may work. But remember that some actual > work has to be done on this system. That is: those developers need to > actually change config files. We have a change management process in place, so if they go in and determine the problem requires a change, they would need to go to the development system, make the changes and promote them as needed, so in this case, the "Read-Only" image might be a good way of doing what I need to do. On a side note, the security admin suggested that a different way to tackle this might be through key-stroke auditing, we could allow the developers in doing the best we could with permissions as they are and send a report of what EXACTLY they did somewhere that they couldn't get to. That way IF someone did something bad we could at least figure out who/what/where/and when, (why would be a whole different can of worms).. Any suggestions down that road would be appreciated too. Thanks! --- Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com |-+> | | Tzafrir Cohen| | | <[EMAIL PROTECTED]| | | .ac.il> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | || | || | | 03/24/2003 12:37 | | | PM | | | Please respond to| | | Linux on 390 Port| | || |-+> > -| | | | To: [EMAIL PROTECT
Re: Read-Only Telnet
You may wish to do what we have done with our application running on all platforms, not just Linux/390. We direct logs files out through a secure port to one or more "log servers". The level of detail of this action is set by the system administrator and the log files for the application are reviewed at one or more workstations located in one or more areas. For secured access to the system by the administrator(s), use SSH/Telnet. For log files, see above. This can be done with syslog as well. Thanks, Steve Guthrie -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Jeremy Warren Sent: Monday, March 24, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: Re: Read-Only Telnet > So the first question is: what do they need shell access for? do they > need full shell access? > > * What do they need to run? Is it a something from certain set of > commands? If so: take a look at rbash, pdmenu, and similar. The prime example that the developers keep bringing up is along these lines: User A calls in a problem which working with the app via their browser.The developer wants to ssh into the host and issue a tail -f logfile while the user is doing their thing to better understand the sequence of events causing the problem. With the current FTP method, it becomes difficult to completely correlate User Action A with Log message B, especially if their are other folks working just fine at the time. rbash was one of the ones that came up in my searches after your earlier post, but I haven't really had time just yet to delve deeper into just how restricted, "restricted" is. (Specifically preventing the modifications of files you might otherwise gain access to via world permissions). > Generally a shell user is not supposed to be able to harm the system in > any way I frankly feel pretty good about the permissions elsewhere on the box, (Famous last words) however given that I have such little control over the permissions within this applications directories, I was hoping there was a "safer" way. Something that would override any "world" permissions. In my ideal pipe dream, not only would I be able to see "You can look but you can't touch", but I would even be able to deny access to "You shouldn't be here ever ever ever" types of files. (Although the vendor appears to have done this much right. I should be able to do that with group permissions right now, but it would be a nice thing to be SURE). > Mounting the system read-only may work. But remember that some actual > work has to be done on this system. That is: those developers need to > actually change config files. We have a change management process in place, so if they go in and determine the problem requires a change, they would need to go to the development system, make the changes and promote them as needed, so in this case, the "Read-Only" image might be a good way of doing what I need to do. On a side note, the security admin suggested that a different way to tackle this might be through key-stroke auditing, we could allow the developers in doing the best we could with permissions as they are and send a report of what EXACTLY they did somewhere that they couldn't get to. That way IF someone did something bad we could at least figure out who/what/where/and when, (why would be a whole different can of worms).. Any suggestions down that road would be appreciated too. Thanks! --- Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com |-+> | | Tzafrir Cohen| | | <[EMAIL PROTECTED]| | | .ac.il> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | || | || | | 03/24/2003 12:37 | | | PM | | | Please respond to| | | Linux on 390 Port| | || |-+> >--- --| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: Re: [LINUX-390] Read-Only Telnet | >--- --| On Mon, Mar 24, 2003 at 11:19:42AM -0500, Jeremy Warren wrote: > Sorry for the lack of detail... > > Basically, > > It's a 3rd party java based application, numerous configuration files, etc, > which are dynamically updated via the application itself. Lots of log > files, etc. The users access it via a web page front end, but our > developers are asking to get "beneath the covers" while it's runni
Re: Read-Only Telnet
> So the first question is: what do they need shell access for? do they > need full shell access? > > * What do they need to run? Is it a something from certain set of > commands? If so: take a look at rbash, pdmenu, and similar. The prime example that the developers keep bringing up is along these lines: User A calls in a problem which working with the app via their browser.The developer wants to ssh into the host and issue a tail -f logfile while the user is doing their thing to better understand the sequence of events causing the problem. With the current FTP method, it becomes difficult to completely correlate User Action A with Log message B, especially if their are other folks working just fine at the time. rbash was one of the ones that came up in my searches after your earlier post, but I haven't really had time just yet to delve deeper into just how restricted, "restricted" is. (Specifically preventing the modifications of files you might otherwise gain access to via world permissions). > Generally a shell user is not supposed to be able to harm the system in > any way I frankly feel pretty good about the permissions elsewhere on the box, (Famous last words) however given that I have such little control over the permissions within this applications directories, I was hoping there was a "safer" way. Something that would override any "world" permissions. In my ideal pipe dream, not only would I be able to see "You can look but you can't touch", but I would even be able to deny access to "You shouldn't be here ever ever ever" types of files. (Although the vendor appears to have done this much right. I should be able to do that with group permissions right now, but it would be a nice thing to be SURE). > Mounting the system read-only may work. But remember that some actual > work has to be done on this system. That is: those developers need to > actually change config files. We have a change management process in place, so if they go in and determine the problem requires a change, they would need to go to the development system, make the changes and promote them as needed, so in this case, the "Read-Only" image might be a good way of doing what I need to do. On a side note, the security admin suggested that a different way to tackle this might be through key-stroke auditing, we could allow the developers in doing the best we could with permissions as they are and send a report of what EXACTLY they did somewhere that they couldn't get to. That way IF someone did something bad we could at least figure out who/what/where/and when, (why would be a whole different can of worms).. Any suggestions down that road would be appreciated too. Thanks! --- Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com |-+> | | Tzafrir Cohen| | | <[EMAIL PROTECTED]| | | .ac.il> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | || | || | | 03/24/2003 12:37 | | | PM | | | Please respond to| | | Linux on 390 Port| | || |-+> >-| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: Re: [LINUX-390] Read-Only Telnet | >-| On Mon, Mar 24, 2003 at 11:19:42AM -0500, Jeremy Warren wrote: > Sorry for the lack of detail... > > Basically, > > It's a 3rd party java based application, numerous configuration files, etc, > which are dynamically updated via the application itself. Lots of log > files, etc. The users access it via a web page front end, but our > developers are asking to get "beneath the covers" while it's running. > > Right now I am using a restricted ftpd where then can only do "gets" from > various directories. That way they can pull the files back that they need > to look at for debugging, monitoring, etc. The developers are complaining > that what they really need is "telnet/ssh" access so that they can get in > and
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
> And under VM, of course, the translation should follow the 3215 HW
> capabilities, requiring at least as many kernel tables as there could
> be legitimate "consoles" for it to talk to, I would think. That or VM
> needs to provide an HMC virtual device (I know, that one's a lot less
> likely to get done).
Uhh... That's not what I meant to suggest.
Having lots of kernel A/E tables might be alright as an option.
My beef was just that the default translation when talking to a
(virtual) 3215 should match the ISO 8859-1 to CP 37 v2 mapping.
I am *not* anxious to see a plethora of codepages loaded up
into the kernel to support the myriad of IBM devices out there.
It would make a lot more sense to get the default translation right
and then require emulators ('x3270' is what I use) to handle
"CP 37 v2" or at least handle CP 1047.
Having a vast array to choose from
and loading one at a time ... THAT might be palatable.
In fact, it would be truly spiffy if some user-space program could
take IBM-defined binary translation files and do the right thing
to the kernel's console driver from that spec, one map at a time.
> >it is fair that console kernel codepages be asymmetrical:
...
> But commands from the real HMC to a linux LPAR (and by extension, from
> a hercules HMC) might well need to include any characters needed to do
> shell-level scripting in an emergency. The translation needs to be
> accurate for those cases, I would think.
Right. But accurate scripting in an emergency
does not also require that the translate table be symmetric.
You get input translated correctly from a number of possible
reference code pages. If the output does not match,
the operator can figure out what is happening from the context.
Again, this is for the emergency, not for "production".
(But avoid HMC for production work anyway, as IBM recommends.)
> >Here too, a switch after the fact would be reasonable.
>
> ??? After which fact? You lost me here.
I mean that you could load a symmetrical table later on,
after the emergency has passed.
-- RMT
Re: Read-Only Telnet
On Mon, Mar 24, 2003 at 11:19:42AM -0500, Jeremy Warren wrote: > Sorry for the lack of detail... > > Basically, > > It's a 3rd party java based application, numerous configuration files, etc, > which are dynamically updated via the application itself. Lots of log > files, etc. The users access it via a web page front end, but our > developers are asking to get "beneath the covers" while it's running. > > Right now I am using a restricted ftpd where then can only do "gets" from > various directories. That way they can pull the files back that they need > to look at for debugging, monitoring, etc. The developers are complaining > that what they really need is "telnet/ssh" access so that they can get in > and look at the filesystem as a whole. I realize that they "should" be > able to do this all via FTP, but I have been told to come up with a > solution to make this work for them. ftp is bad to begin with, as it has trivial plaint-text authentication, like telnet and pop3. It is no use limiting their access to the system to restricted "guest accunts": whoever has access to those accounts (possibly by sniffing) is able to write the configuration files of this complex java app. The developers want shell access. Shell access is considered problematic because a user with a shell account is in a better position to harm the system. However a system generally needs user in order to get something done (sysadmins are also known to be the causes of some incidents to systems from time to time ;-) ). So the first question is: what do they need shell access for? do they need full shell access? * What do they need to run? Is it a something from certain set of commands? If so: take a look at rbash, pdmenu, and similar. > > So I guess a better way to word it would be that I am looking for a way to > grant them read-only access to the filesystems on the host. But Linux > Owner/Group/World Permissions won't work since I can't really muck with > them since they are set by the vendor. They have certain areas which are > validly world writeable, but where an accidental key stroke could wreak > havoc on the app, so I need to guarantee read only to those areas. ( I > sure do miss RACF at times ) A standard unix shell account gives "read-only" access to the system, except to the home directory, /tmp and a number of other places. Generally a shell user is not supposed to be able to harm the system in any way (though defending the system against denial-of-service from local shell users: fork bombs and friends, takes some extra settings). Any such method is a security hole that should yield a security-fix of a locally-exploitable security hole. Note that I wrote "is not supposed to" and not "is not". You are keeping your systems up-to-date, right? > > I like the idea of another image which mounts all the filesystems RO, but I > need to investigate it further and try some experiments. I have also found > a couple of interesting discussions by searching on kiosk and restricted > shell which Tzafrir Cohen recommended, but I still need to do some digging. Mounting the system read-only may work. But remember that some actual work has to be done on this system. That is: those developers need to actually change config files. -- Tzafrir Cohen +---+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---+
Re: CP Signal shutdown requirements
They later kernels from SuSE have the patch in it. My patch has been adapted by the kernel folks so that it's different to the quiesce-diffs you've located. SLES8 definitely has it. You'll need to update /etc/inittab to enable the signal to do the ctrl-alt-del processing. -Original Message- I see that Neale has a patch called linux-2.4.7-s390-quiesce.diffs which appears to be a patch on smp.c for SLES7. In order to apply this patch, do I have to completely regen the kernel? I'm reluctant to start down that long learning curve at this time. Or does SuSE or anyone else have a downloadable 2.4.7 kernel with the SIGNAL enablement already installed? Or should I just wait for SLES8 to be delivered? (We ordered it in December. No idea what the holdup is.) Is SIGNAL enabled in SLES8 even?
CP Signal shutdown requirements
We've just upgraded to z/VM 4.3 and would like to begin using the CP SIGNAL SHUTDOWN command to shut down our Linux servers. We are running SuSE SLES7 with the timer patch,and I think I have the latest update. When I try the SIGNAL command I get HCPSIG2110E User LNX54321 is not enabled for signals Ready(02110); I see that Neale has a patch called linux-2.4.7-s390-quiesce.diffs which appears to be a patch on smp.c for SLES7. In order to apply this patch, do I have to completely regen the kernel? I'm reluctant to start down that long learning curve at this time. Or does SuSE or anyone else have a downloadable 2.4.7 kernel with the SIGNAL enablement already installed? Or should I just wait for SLES8 to be delivered? (We ordered it in December. No idea what the holdup is.) Is SIGNAL enabled in SLES8 even? They say there are three signs of stress in your life. You eat too much junk food, you drive too fast and you veg out in front of the TV. Who are they kidding? That sounds like a perfect day to me! Gordon Wolfe, Ph.D. (425)865-5940 VM & Linux Servers and Storage, The Boeing Company
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
At 10:32 AM 3/24/03 -0600, you wrote: >The translation when talking to the HMC should match real hardware >(though perhaps with a switch; the default should match the hardware). Do you by any chance know just exactly what *is* the HMC on a real-iron G5/6 or z900/800? Is there a document that describes the character set on the beastie? I do not think it's a 3215 any more, is it? >If that is CP 500, so be it. Both 500 and 037 are slightly wrong >from the customer usage standpoint. This opens up old wounds. >EBCDIC square brackets are AD and BD in practice, not 500 or 037. Old wounds, indeed. BTDT. 'Nuff said. >The translation when talking to VM, specifically the 3215, >should be either CP 1047 or (better) "CP 37 version 2", >which is a customer-defined animal (more like a protest). >1047 is the "open extensions" codepage and gets the brackets right. >"CP 37 v2" goes further and gets the ASCII circumflex "hat" >and EBCDIC "not" mapped properly. I can't speak to this without knowing what the "real iron" HMC really is. Whatever *that* beastie is needs to define the translation, don't you think? And under VM, of course, the translation should follow the 3215 HW capabilities, requiring at least as many kernel tables as there could be legitimate "consoles" for it to talk to, I would think. That or VM needs to provide an HMC virtual device (I know, that one's a lot less likely to get done). >I haven't had time to create patches to fix this >let alone maintain any such patches. :-( > >> Any idea why that is so? Shouldn't those tables be symmetrical? > >Even with the above recommended translations, >it is fair that console kernel codepages be asymmetrical: >The console is vital to system operation and not used much >for things like code development, so you want to be able to >issue commands, though their output might look funny. >(Square brackets ... it's always the square brackets.) >The idea is that what is typed-in gets mapped to the >most likely useable subset. But commands from the real HMC to a linux LPAR (and by extension, from a hercules HMC) might well need to include any characters needed to do shell-level scripting in an emergency. The translation needs to be accurate for those cases, I would think. >Here too, a switch after the fact would be reasonable. ??? After which fact? You lost me here. - Peter J. Farley III ([EMAIL PROTECTED])
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
I can't understand why (well, I uess I can) they didn't standardize on CP 819 and 1047. I'm using that pair for all my in-house stuff. "Peter J. Farley III" wrote: > > At 08:57 AM 3/24/03 -0500, you wrote: > > >What's the matter with the kernel source, Peter? It shows that, yes, > > >it uses code pages 037 and 500. It looks like 037 for the 3215 and > >3270 console and 500 for the integrated system console (037 if > running > >on VM). All conversions are to 437 (based on commentary). > > > >http://lxr.linux.no/source/drivers/s390/ebcdic.c?a=s390#L70 and > >http://lxr.linux.no/source/arch/s390/kernel/ebcdic.c?a=s390#L91 were > >starting points for my search. > > Thanks for those references, Alan. As to why not the kernel source, > that's because I haven't got the foggiest clue where to begin looking > in the code. A kernel hacker I'm not. In fact, I've never even looked > at the kernel source, much less read the kernel hackers guides that are > out there. > > Too scared of getting lost, I think. That water is very, very deep. > > I notice, though, that the translations on the page you point out are > not symmetrical. In particular, the ascii->ebcdic translate table > converts ascii square brackets (x'5B', x'5D') to ebcdic x'AD' and > x'BD', but the ebcdic->ascii translation presumes square brackets are > at x'BA' and x'BB', and translates those characters to ascii x'5B' and > x'5D' respectively. x'AD' and x'BD' both translate to ascii x'07'. > > Any idea why that is so? Shouldn't those tables be symmetrical? > - > Peter J. Farley III ([EMAIL PROTECTED])
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
> I notice, though, that the translations on the page you point out are > not symmetrical. In particular, the ascii->ebcdic translate table > converts ascii square brackets (x'5B', x'5D') to ebcdic x'AD' and > x'BD', but the ebcdic->ascii translation presumes square brackets are > at x'BA' and x'BB', and translates those characters to ascii x'5B' and > x'5D' respectively. x'AD' and x'BD' both translate to ascii x'07'. The translation when talking to the HMC should match real hardware (though perhaps with a switch; the default should match the hardware). If that is CP 500, so be it. Both 500 and 037 are slightly wrong from the customer usage standpoint. This opens up old wounds. EBCDIC square brackets are AD and BD in practice, not 500 or 037. The translation when talking to VM, specifically the 3215, should be either CP 1047 or (better) "CP 37 version 2", which is a customer-defined animal (more like a protest). 1047 is the "open extensions" codepage and gets the brackets right. "CP 37 v2" goes further and gets the ASCII circumflex "hat" and EBCDIC "not" mapped properly. I haven't had time to create patches to fix this let alone maintain any such patches. :-( > Any idea why that is so? Shouldn't those tables be symmetrical? Even with the above recommended translations, it is fair that console kernel codepages be asymmetrical: The console is vital to system operation and not used much for things like code development, so you want to be able to issue commands, though their output might look funny. (Square brackets ... it's always the square brackets.) The idea is that what is typed-in gets mapped to the most likely useable subset. Here too, a switch after the fact would be reasonable. -- RMT
Re: Read-Only Telnet
Jeremy, One thought I had would be to make all the volatile portions of the environment based on VDISKs and have the machine IPL CMS and populate the VDISKs with a default environment using DDR or similar tool, then IPL Linux. You bring the the machine up, they play with their app, and you log it off after they are done playing. Any modifications vanish when the Linux machine logs off, and you're back to the pristine state next time someone needs to use the demonstration system. Tdisk would also work, but VDISK is easier to define and manage, I'd think. If by "read-only", you mean have an app running against live data, but be unable to modify it, that's going to take work on your application to obey a read=only flag of some kind. -- db David Boyes Sine Nomine Associates > -Original Message- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of > Post, Mark K > Sent: Saturday, March 22, 2003 1:38 PM > To: [EMAIL PROTECTED] > Subject: Re: Read-Only Telnet > > > Jeremy, > > You're a little too vague (for me) about what you mean by "so > they can look > at an application." Do you mean you want to be able to demo > something for > them? Do you only want to allow them to see the output of > the application? > (In that case, generating HTML output and having them point their web > browser at the system might be quickest/easiest.) Something > else entirely? > > > Mark Post > > -Original Message- > From: Jeremy Warren [mailto:[EMAIL PROTECTED] > Sent: Friday, March 21, 2003 9:21 AM > To: [EMAIL PROTECTED] > Subject: Read-Only Telnet > > > Does anyone know of a simple/quick way to setup a GUARANTEED read-only > access to a linux guest? > > Maybe some type of read-only telnet/ssh daemon? I couldn't > find a switch > to either of them. > > Basically I need to grant read-only access to a system to a > group of users > so they can look at an application, > > However the user/group/world file permissions for other > reasons don't allow > me to guarantee that these users will have read-only. > > > TIA! > > > --- > Jeremy Warren > Sr. Systems Programmer > KB Toy Stores > mailto:[EMAIL PROTECTED]@kbtoys.com >
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
At 01:47 PM 3/24/03 +, you wrote: >> I'm running debian-390 under hercules-390 (v2.17.1), both under RH7.3 >> and under WinXP. A strange problem showed up recently, in that the >> split vertical bar character would disappear when entered from the >> hercules HMC console. Not get translated into something else, just >> plain deleted. > >What operating system is hosting your Hercules? I run it both under RedHat Linux 7.3 and under WinXP Pro. The behavior is the same in both, and I think it is a function of the linux kernel translations conflicting with the hercules default translations. >Only I had the exact same problem with Cygwin on WinME and found this >in the Cygwin FAQ: > >Pipe key (`|') doesn't work on non-US keyboards in Win9x/ME >This might get fixed someday, but meanwhile, just use rxvt, which does >not have this problem. This is no real loss, because rxvt has many >other advantages. (Do not attempt to use the "broken" pipe key (`|') as >a substitute, it is a different character.) I think knowing what code pages the kernel uses will help resolve the issue. When running linux-390 under hercules, one will have to select the right code page translation, which may not be the same one used for retro-computing with VM/370 R6 or MVS3.8j. - Peter J. Farley III ([EMAIL PROTECTED])
Re: Samba - 1 for 1 or 'n' to 1
Depends on the politics of your situation. Usually the reason for separate servers has little to do with technical merit and everything to do with administrative fiefs. Trying to consolidate many to one usually fails due to political control problems, which is why most of the historical "consolidate everything onto one big z/OS-based file server" efforts were such horrible failures (performance issues aside). Great idea technically, but doesn't take into account the reality of most organizations. The safest bet is to do physical to logical (ie, one to one) as a first step, and then start working on the political problems to try to do many to one. If the one to one step goes smoothly, then the next step is a lot easier. One caveat -- printing tends to transfer a lot of data. You may want to keep separate servers dedicated to printing only to avoid throughput issues for consolidated servers. -- db David Boyes Sine Nomine Associates > -Original Message- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of > Lionel Dyck > Sent: Saturday, March 22, 2003 12:26 PM > To: [EMAIL PROTECTED] > Subject: Samba - 1 for 1 or 'n' to 1 > > > When doing a file/print server consolidation using Samba what is the > recommended approach? > > Is it better to do a one for one (windows server to linux > samba server) or > to take some number of windows servers into a single samba server? > > thx > > Lionel B. Dyck, Systems Software Lead > Kaiser Permanente Information Technology > 25 N. Via Monte Ave > Walnut Creek, Ca 94598 > > Phone: (925) 926-5332 (tie line 8/473-5332) > E-Mail:[EMAIL PROTECTED] > Sametime: (use Lotus Notes address) > AIM:lbdyck >
Re: Is there a Veritas client for the zseries Linux?
FDR Upstream works extremely well for us. Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com |-+> | | Abdullah | | | Al-humaid| | | <[EMAIL PROTECTED]| | | om> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | || | || | | 03/21/2003 11:47 | | | PM | | | Please respond to| | | Linux on 390 Port| | || |-+> >-| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: [LINUX-390] Is there a Veritas client for the zseries Linux? | >-| How would you go about backing up the linux server if there wasn't one. One idea I can think of is NFS mounting the linux filesystem on a mchine that has a client. Any others? __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com
Re: Read-Only Telnet
Sorry for the lack of detail... Basically, It's a 3rd party java based application, numerous configuration files, etc, which are dynamically updated via the application itself. Lots of log files, etc. The users access it via a web page front end, but our developers are asking to get "beneath the covers" while it's running. Right now I am using a restricted ftpd where then can only do "gets" from various directories. That way they can pull the files back that they need to look at for debugging, monitoring, etc. The developers are complaining that what they really need is "telnet/ssh" access so that they can get in and look at the filesystem as a whole. I realize that they "should" be able to do this all via FTP, but I have been told to come up with a solution to make this work for them. So I guess a better way to word it would be that I am looking for a way to grant them read-only access to the filesystems on the host. But Linux Owner/Group/World Permissions won't work since I can't really muck with them since they are set by the vendor. They have certain areas which are validly world writeable, but where an accidental key stroke could wreak havoc on the app, so I need to guarantee read only to those areas. ( I sure do miss RACF at times ) I like the idea of another image which mounts all the filesystems RO, but I need to investigate it further and try some experiments. I have also found a couple of interesting discussions by searching on kiosk and restricted shell which Tzafrir Cohen recommended, but I still need to do some digging. Thanks again! --- Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com |-+> | | "Post, Mark K" | | | <[EMAIL PROTECTED]| | | m> | | | Sent by: Linux on| | | 390 Port | | | <[EMAIL PROTECTED]| | | IST.EDU> | | || | || | | 03/22/2003 01:38 | | | PM | | | Please respond to| | | Linux on 390 Port| | || |-+> >-| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: Re: [LINUX-390] Read-Only Telnet | >-| Jeremy, You're a little too vague (for me) about what you mean by "so they can look at an application." Do you mean you want to be able to demo something for them? Do you only want to allow them to see the output of the application? (In that case, generating HTML output and having them point their web browser at the system might be quickest/easiest.) Something else entirely? Mark Post -Original Message- From: Jeremy Warren [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 9:21 AM To: [EMAIL PROTECTED] Subject: Read-Only Telnet Does anyone know of a simple/quick way to setup a GUARANTEED read-only access to a linux guest? Maybe some type of read-only telnet/ssh daemon? I couldn't find a switch to either of them. Basically I need to grant read-only access to a system to a group of users so they can look at an application, However the user/group/world file permissions for other reasons don't allow me to guarantee that these users will have read-only. TIA! --- Jeremy Warren Sr. Systems Programmer KB Toy Stores mailto:[EMAIL PROTECTED]@kbtoys.com
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
At 08:57 AM 3/24/03 -0500, you wrote: >What's the matter with the kernel source, Peter? It shows that, yes, >it uses code pages 037 and 500. It looks like 037 for the 3215 and >3270 console and 500 for the integrated system console (037 if running >on VM). All conversions are to 437 (based on commentary). > >http://lxr.linux.no/source/drivers/s390/ebcdic.c?a=s390#L70 and >http://lxr.linux.no/source/arch/s390/kernel/ebcdic.c?a=s390#L91 were >starting points for my search. Thanks for those references, Alan. As to why not the kernel source, that's because I haven't got the foggiest clue where to begin looking in the code. A kernel hacker I'm not. In fact, I've never even looked at the kernel source, much less read the kernel hackers guides that are out there. Too scared of getting lost, I think. That water is very, very deep. I notice, though, that the translations on the page you point out are not symmetrical. In particular, the ascii->ebcdic translate table converts ascii square brackets (x'5B', x'5D') to ebcdic x'AD' and x'BD', but the ebcdic->ascii translation presumes square brackets are at x'BA' and x'BB', and translates those characters to ascii x'5B' and x'5D' respectively. x'AD' and x'BD' both translate to ascii x'07'. Any idea why that is so? Shouldn't those tables be symmetrical? - Peter J. Farley III ([EMAIL PROTECTED])
RE : z/VM TCPIP Question as pertaing to Linux Guest
You can use OSD Type for OSA Card and using QDIO mode for connecting Linux Guest to TCP/IP machine. Then, when you reboot TCP/IP machine Linux Guest wil be dynamically reconnected. Regards Mathieu C. CARTIER ALEOS www.aleos.net -Message d'origine- De : Linux on 390 Port [mailto:[EMAIL PROTECTED] De la part de Ketchens, LeMarr T. (RyTull) Envoyé : lundi 24 mars 2003 15:15 À : [EMAIL PROTECTED] Objet : z/VM TCPIP Question as pertaing to Linux Guest I was wondering if I had any changes to my z/VM TCPIP stack, would I need to shutdown and reipl all my Linux Guests before recycling the z/VM TCPIP stack? If not, what would be ways to insure that? __ Lemarr T. Ketchens Technical Services MVS Systems Programmer [EMAIL PROTECTED] --- Legal Disclaimer: The information contained in this communication may be confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message and any copy of it from your computer system. Thank you. ---
Re: z/VM TCPIP Question as pertaing to Linux Guest
On Monday, 03/24/2003 at 08:14 CST, "Ketchens, LeMarr T. (RyTull)" <[EMAIL PROTECTED]> wrote: > I was wondering if I had any changes to my z/VM TCPIP stack, would I need to > shutdown and reipl all my Linux Guests before recycling the z/VM TCPIP > stack? If not, what would be ways to insure that? Answered on VMESA-L. Alan Altmark Sr. Software Engineer IBM z/VM Development
z/VM TCPIP Question as pertaing to Linux Guest
I was wondering if I had any changes to my z/VM TCPIP stack, would I need to shutdown and reipl all my Linux Guests before recycling the z/VM TCPIP stack? If not, what would be ways to insure that? __ Lemarr T. Ketchens Technical Services MVS Systems Programmer [EMAIL PROTECTED] --- Legal Disclaimer: The information contained in this communication may be confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message and any copy of it from your computer system. Thank you. ---
Re: 1000th z800 Sold
>Anyone else find it a stretch of credibility that the 1000th z900 and the >1000th z800 both >went to Linux-only shops? >As far as I'm aware there isn't a single Linux-only z800 in Europe. I may >well be wrong, but >it's still fingers of one hand making a rude sign. Okay not quite Linux-only, but definitely in Europe, but the one sitting a few metres away from me has 2 partitions. One is z/VM4.3 with Linux and the other is z/VM4.2 with Linux (and OS/390.) MfG / Best Regards Sebastian Welton [EMAIL PROTECTED] [EMAIL PROTECTED] www.welton.de = MfG / Best Regards Sebastian Welton [EMAIL PROTECTED] [EMAIL PROTECTED] www.welton.de __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
On Monday, 03/24/2003 at 12:09 EST, "Peter J. Farley III" <[EMAIL PROTECTED]> wrote: > So, my question to this list is whether CP's 437/500 are the > ASCII/EBCDIC code pages used in the base console code in the linux-390 > kernel (without any "locale" considerations, just LANG=C) to translate > HMC characters to ASCII, or at least where can I go to find out what is > used (besides the kernel source, please). > > TIA for any info, RTFM's or other assistance you can provide. What's the matter with the kernel source, Peter? It shows that, yes, it uses code pages 037 and 500. It looks like 037 for the 3215 and 3270 console and 500 for the integrated system console (037 if running on VM). All conversions are to 437 (based on commentary). http://lxr.linux.no/source/drivers/s390/ebcdic.c?a=s390#L70 and http://lxr.linux.no/source/arch/s390/kernel/ebcdic.c?a=s390#L91 were starting points for my search. Alan Altmark Sr. Software Engineer IBM z/VM Development
Re: Does the linux-390 kernel use CP437/CP500 for ASCII/EBCDIC?
> I'm running debian-390 under hercules-390 (v2.17.1), both under RH7.3 > and under WinXP. A strange problem showed up recently, in that the > split vertical bar character would disappear when entered from the > hercules HMC console. Not get translated into something else, just > plain deleted. What operating system is hosting your Hercules? Only I had the exact same problem with Cygwin on WinME and found this in the Cygwin FAQ: Pipe key (`|') doesn't work on non-US keyboards in Win9x/ME This might get fixed someday, but meanwhile, just use rxvt, which does not have this problem. This is no real loss, because rxvt has many other advantages. (Do not attempt to use the "broken" pipe key (`|') as a substitute, it is a different character.) Regards, Dougie Lawson -- ITS Technical Support SupportLine for IMS, DB2 & Linux
Multiple guests sharing /usr RO... Using RPM
Is there a generally accepted "best way" to upgrade/install packages with RPM with a shared RO /usr across multiple images? Management is leaning toward all guests having the same software installed, where service A would be running on one image, and service B on another, though the software is installed on both. The RPM database across images would be identical. I do not see a "clean" or "easy" way to deal with upgrading each img, because of their differences in /etc and /var, while respecting /usr. Is Chap 8 (Shared Linux Filesystems) of the Large Scale Linux Deployment redbook the way to go here? Thanks, ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
Re: logon
Try this when you get a prompt. PATH=/bin:/usr/bin ls
Re: Is there a Veritas client for the zseries Linux?
But there is one . . . http://www.legato.com/products/networker/linuxclient.cfm LEGATO NetWorker Client for Linux on the Mainframe (NCLM) provides automated, robust backup and recovery of business-critical Linux data on the IBM zSeries and S/390 mainframes. NCLM delivers the manageability, scalability, and enterprise-class performance of LEGATO NetWorker to ensure fast, reliable, "lights out" protection for tens to thousands of Linux Virtual Machines (VM) on a single mainframe in DAS or SAN environments. NCLM is a part of LEGATO's total information protection solution for data centers to minimize downtime costs, reduce management overhead, and maximize ROI of storage resources. - Original Message - From: "Abdullah Al-humaid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 22, 2003 5:47 AM Subject: Is there a Veritas client for the zseries Linux? > How would you go about backing up the linux server if > there wasn't one. One idea I can think of is NFS > mounting the linux filesystem on a mchine that has a > client. Any others? > > __ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com
Re: Sles8 and V-Disk FBA Swap Two part question
> -Original Message-
> Behalf Of Richard Troth
> Sent: Friday, March 21, 2003 2:49 PM
>
> > Dave Jones of Sine Nomine has written an EXEC that will do
> > just what you want, in the guest's CMS startup phase:
> > http://www.sinenomine.net/downloads/SWAPGEN.EXEC
>
> Mr. Nit Picky sez that Jones' EXEC does exactly the right thing.
>
> -- RMT
I humbly offer a minor code simplification/performance tweek to
SWAPGEN.EXEC. It doesn't change the outcome one speck, and thus
probably isn't worth changing since it isn't an exec that's called a
zillion times a day. But it's all I've got to offer tonight - please
forgive if this is impertinent. In more frequently used code and/or
longer strings, this change would be more worthy of consideration.
Somewhat more consequential than my LCD-on-a-toaster idea.
swap_blk = ''
do i = 1 to 1027
swap_blk = swap_blk || d2c(0)
end
can be replaced with...
swap_blk = left('',1027,'00'x) /* pad-->1027 */
and similarily:
do i = 1033 to 4086
swap_blk = swap_blk || d2c(0)
end
can be replaced with...
swap_blk = left(swap_blk,4086,'00'x) /* pad-->4086 */
And at this time of night, I haven't much self control, so I can't help
but offer...
swap_blk = ''
do i = 1 to 1027
swap_blk = swap_blk || d2c(0)
end
pages = trunc((blks * 512)/4096) - 1
swap_blk = swap_blk || d2c(1)
swap_blk = swap_blk || d2c(pages,4)
do i = 1033 to 4086
swap_blk = swap_blk || d2c(0)
end
swap_blk = swap_blk || sig
could be reduced (at great risk of obfuscation) to...
swap_blk = left(right('01'x || d2c(trunc((blks * 512)/4096) -
1,4),,
1032,'00'x),,
4086,'00'x) || sig
/* geez I hope I coded that right! */
-jcf
Code tweeked while-u-wait.
No charge for Rexx.
