Re: Alloc memory errors....
Derric, > 10:09:29 CRS8ASRM *8 qeth: no memory for packet from hsi1 means, that the network device driver qeth receives an incoming packet. It has to allocate memory for it before the qeth driver can give this packet to the upper layers in the Linux network stack. Since in your case memory allocation has failed, the qeth driver can only drop this packet. If this message is seen quite rarely, it may not hurt since reliable networking protocols can handle this. If it is seen quite often, it indicates a general problem with the size of your virtual memory. Regards, Ursula Braun IBM Germany -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
Tom Shilson wrote: > The 2-order v. 5-order have to do with the amount of memory requested. The > memory manager pools each have a single request size for efficiency. I > have forgotten the relationship between order number and amount of memory > requested. Very good explanation, Tom. The size = 2 ^ order * PAGE: Order 0 = 2^0 = 1 Page = 4K Order 1 = 2^1 = 2 Pages = 8K Order 2 = 2^2 = 4 Pages = 16K ... You usually only see this message if the requester of the memory sits in kernel space. Note that some kernel components continue normal operation even if their memory allocation fails. Our dasd device driver is a very good example for that. This message therefore does not always indicate an error. -- Carsten Otte has stopped smoking: Ich habe in 10 Monate, 5 Tage und 14 Stunden schon 1.486,05 Euro gespart anstatt 6.191,90 Zigaretten zu kaufen. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
shogunx wrote: On Fri, 30 Mar 2007, John Summerfield wrote: Try denyhosts also... very handly little program that detects bruteforce attempts and adds the offending host to /etc/hosts.deny. For that, one can use iptables to limit the rate of incoming connections. My rules are static, that suits me fine. When that fails me, I'll use a VPN. Imap/pop3 are harder to restrict geographically, but in many cases one can expect that people won't be connecing to check their mail more than once every so often (and they won'e have much problem with their password, but that's another worry: some connecting correctly ten 60 times an hour is more likely a stupid user than someone trying to guess passwords). Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On Fri, 30 Mar 2007, John Summerfield wrote: > Gregg Levine wrote: > > > David, your assertion that would take 37 seconds for some pest to > > promptly try to annoy the site that Stephen Frazier configured is > > indeed fact. Not too long ago I brought a new Slackware (Intel) system > > online for some development work, and since I had the SSH port open > > for other purposes, some idiot promptly found it and was rubbing the > > penguin the wrong way. > > I use tcpwrappers to restrict access to my ssh port to those regions of > the world where I might be (Western Australia). I've found some minor > discrepancies, but it's pretty rare these days that someone uses it to > enumerate my login accounts. > > Firewall rules would do about as well. Try denyhosts also... very handly little program that detects bruteforce attempts and adds the offending host to /etc/hosts.deny. Enjoy, Scott > > > -- > > Cheers > John > > -- spambait > [EMAIL PROTECTED] [EMAIL PROTECTED] > > Please do not reply off-list > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On Mar 29, 2007, at 6:09 PM, Jay Maynard wrote: On Fri, Mar 30, 2007 at 07:04:28AM +0800, John Summerfield wrote: Adam Thornton wrote: On Mar 29, 2007, at 5:46 PM, Gregg Levine wrote: And yes Adam if your reading this, (over David's shoulder), it was indeed on an Apple II. You know, we *are* a small company, but I *do* have my own computer from which to read mail. It's true, he's got his own Apple. Yeah, but I bet he's never used it as an MVS system console. Nobody likes a show-off, Jay. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On 3/29/07, Adam Thornton <[EMAIL PROTECTED]> wrote: On Mar 29, 2007, at 5:46 PM, Gregg Levine wrote: > And yes Adam if your reading this, (over David's shoulder), > it was indeed on an Apple II. You know, we *are* a small company, but I *do* have my own computer from which to read mail. Adam Hello! Adam? That was intended as a joke. Jay? What about using it as a DECsystem-20 console? That was one idea they discussed when the company was very friendly with DEC. John? Thank you for your good ideas. Remind me the next time any of you are in my neck of the woods. I owe each of you something. -- Gregg C Levine [EMAIL PROTECTED] "This signature was once found posting rude messages in English in the Moscow subway." -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On Fri, Mar 30, 2007 at 07:04:28AM +0800, John Summerfield wrote: > Adam Thornton wrote: > >On Mar 29, 2007, at 5:46 PM, Gregg Levine wrote: > >>And yes Adam if your reading this, (over David's shoulder), > >>it was indeed on an Apple II. > >You know, we *are* a small company, but I *do* have my own computer > >from which to read mail. > It's true, he's got his own Apple. Yeah, but I bet he's never used it as an MVS system console. -- Jay Maynard, K5ZChttp://www.conmicro.cx http://jmaynard.livejournal.com http://www.tronguy.net http://www.hercules-390.org (Yes, that's me!) Buy Hercules stuff at http://www.cafepress.com/hercules-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
Adam Thornton wrote: On Mar 29, 2007, at 5:46 PM, Gregg Levine wrote: And yes Adam if your reading this, (over David's shoulder), it was indeed on an Apple II. You know, we *are* a small company, but I *do* have my own computer from which to read mail. Adam It's true, he's got his own Apple. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
Gregg Levine wrote: David, your assertion that would take 37 seconds for some pest to promptly try to annoy the site that Stephen Frazier configured is indeed fact. Not too long ago I brought a new Slackware (Intel) system online for some development work, and since I had the SSH port open for other purposes, some idiot promptly found it and was rubbing the penguin the wrong way. I use tcpwrappers to restrict access to my ssh port to those regions of the world where I might be (Western Australia). I've found some minor discrepancies, but it's pretty rare these days that someone uses it to enumerate my login accounts. Firewall rules would do about as well. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On Mar 29, 2007, at 5:46 PM, Gregg Levine wrote: And yes Adam if your reading this, (over David's shoulder), it was indeed on an Apple II. You know, we *are* a small company, but I *do* have my own computer from which to read mail. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On 3/29/07, John Summerfield <[EMAIL PROTECTED]> wrote: David Boyes wrote: >>I have created a website using Apache2. I can get to it using the IP >>address ###.###.###.### now I >>would like to give it a URL. What do I need to do? > > > Select a name and have your DNS administrator add it to the zone files > for the appropriate domain. Once that's live, you're live, and you have > about 37 seconds before some moron tries to break into it. Some years ago I put up some pics, and added the link to my sig: I was posting to a Debian list at the time. It actually took about forty minutes. Some paranoid from Microsoft dropped in to see what free Microsoft software I was offering. You know what a hotbed of insurgents the Debianista are and their attitudes to software, free and not. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list Hello! David, your assertion that would take 37 seconds for some pest to promptly try to annoy the site that Stephen Frazier configured is indeed fact. Not too long ago I brought a new Slackware (Intel) system online for some development work, and since I had the SSH port open for other purposes, some idiot promptly found it and was rubbing the penguin the wrong way. I find their attempts annoying. Especially since the methods look worse then the beginning cracking attempts that surfaced when I was their age. And yes Adam if your reading this, (over David's shoulder), it was indeed on an Apple II. I naturally did nothing wrong, but it was annoying as anything. I have since closed the ports that I had open for remote access. They won't be open again until I definitely have a system up (with a disposable harddrive!) and running. -- Gregg C Levine [EMAIL PROTECTED] "This signature was once found posting rude messages in English in the Moscow subway." -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Slackware 390
On 3/29/07, John Summerfield <[EMAIL PROTECTED]> wrote: RPN01 wrote: > I was thinking of trying the Slackware 390 distribution, mainly for the > experience and to assist in any testing. I went to the site and to the > download page, and the page states that there are no iso images ³since it > would be more hassle to you than it's worth². However, the download site has > the distribution as ³loose files and directories², so to download it with > ftp, I have to do each directory individually. An ³mget *² fails on the > first directory found, with ³No such file or directory². > > An iso package of the directory tree would be useful, not because I want to > burn it to a CD, but because it would give me a single file to download. > Even a tar or tgz file of the tree would be better than having to download > the entire tree as individual files. > > Since no such package seems to be available, is there some other tool for > downloading the ³big mess of files² beyond the Linux ftp program that I > should be using to be able to fetch this tree? > > wget I suggest you start with Slackware on Intel, it will be pretty similar and there will be more slackers able to help:-) -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list Hello! Thank you John! That was my thought also. It happens that both Mark and I use that distribution. It can be a decidedly resourceful experience collecting everything, and applying the necessary tweaks to bring everything online. I confess I have even considered using Hercules on Slackware Intel to study Slackware/390, however I am not completely sure how to implement that whole process. -- Gregg C Levine [EMAIL PROTECTED] "This signature was once found posting rude messages in English in the Moscow subway." -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Slackware 390
RPN01 wrote: I was thinking of trying the Slackware 390 distribution, mainly for the experience and to assist in any testing. I went to the site and to the download page, and the page states that there are no iso images ³since it would be more hassle to you than it's worth². However, the download site has the distribution as ³loose files and directories², so to download it with ftp, I have to do each directory individually. An ³mget *² fails on the first directory found, with ³No such file or directory². An iso package of the directory tree would be useful, not because I want to burn it to a CD, but because it would give me a single file to download. Even a tar or tgz file of the tree would be better than having to download the entire tree as individual files. Since no such package seems to be available, is there some other tool for downloading the ³big mess of files² beyond the Linux ftp program that I should be using to be able to fetch this tree? wget I suggest you start with Slackware on Intel, it will be pretty similar and there will be more slackers able to help:-) -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
David Boyes wrote: I have created a website using Apache2. I can get to it using the IP address ###.###.###.### now I would like to give it a URL. What do I need to do? Select a name and have your DNS administrator add it to the zone files for the appropriate domain. Once that's live, you're live, and you have about 37 seconds before some moron tries to break into it. Some years ago I put up some pics, and added the link to my sig: I was posting to a Debian list at the time. It actually took about forty minutes. Some paranoid from Microsoft dropped in to see what free Microsoft software I was offering. You know what a hotbed of insurgents the Debianista are and their attitudes to software, free and not. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Problems starting Slackware after new install
>>> On Thu, Mar 29, 2007 at 5:11 PM, in message <[EMAIL PROTECTED]>, "Jones, Russell" <[EMAIL PROTECTED]> wrote: > I got farther this time. I completed the installation and IPLed from my > DASD volume. It started to come up, but froze and went into a disabled > wait after trying to start gmp. Sigh. One more reason why I suggest people to go with 10.1. I ripped gpm out of that version. It doesn't always cause problems, but when it does, it's ugly. -snip- > Is there any way to fix it without reinstalling > everything? You should be able to IPL the starter system, but once you SSH in, instead of starting the install process, do an "insmod dasd_eckd_mod dasd=xxx" where xxx is the device number of the volume where your root file system is. Then, mount /dev/dasda? /mnt and chmod -x /mnt/etc/rc.d/rc.gpm If you then umount /mnt and re-IPL, you should be OK. If not, you'll need to follow the steps above to get the root file system mounted, then chroot /mnt, and then "removepkg gpm" followed by exit, umount, and a re-IPL. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Problems starting Slackware after new install
I got farther this time. I completed the installation and IPLed from my DASD volume. It started to come up, but froze and went into a disabled wait after trying to start gmp. Starting gmp: /usr/sbin/gmp -m /dev/mouse -t ps2 gmp: oops() invoked from gmp.c(955) Failed on virtual console check: No such file or directory Bash-3.00# I don't need any mouse support for Slack/390, but the setup seemed to force me to choose a mouse driver. Do I need to reinstall and exclude the mouse package(s)? Is there any way to fix it without reinstalling everything? Russ -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Thursday, March 29, 2007 11:41 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Problems starting Slackware after new install >>> On Thu, Mar 29, 2007 at 9:32 AM, in message <[EMAIL PROTECTED]> , "Jones, Russell" <[EMAIL PROTECTED]> wrote: > That sounds like what my problem is. I did not install the "K" set. Are > there any other sets that must be installed? Usually, A, part of AP, and N are all that is required. (I moved s390-tools into A). I personally also install L and K. > *** > So, is it correct that when I IPL Slack/390 after the install, it will > not be accessible from the network, and will have to change the network > settings from the HMC? > *** Essentially, you're looking at two commands: ifconfig ifname ipaddress netmask route add default gw ipaddress Then, you can SSH in from the outside and edit /etc/rc.d/rc.inet1.conf appropriately. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
Linux on 390 Port wrote on 03/29/2007 03:31:32 PM: > To clarify when we start seeing the slow downs I have been getting some > TCP dumps to analyze. > That's why we see the interface going into promiscuous mode. If you don't need promiscuous mode you can specify with a tcpdump option to not turn it on. -p, perhaps? If the interface is already in promiscuous mode, tcpdump will *not* turn it off. tom -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
The 2-order v. 5-order have to do with the amount of memory requested. The memory manager pools each have a single request size for efficiency. I have forgotten the relationship between order number and amount of memory requested. Tom Shilson Powered by Penguins Unix Team / IT Server Services Tel: 651-733-7591 tshilson at mmm dot com Fax: 651-736-7689 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
To clarify when we start seeing the slow downs I have been getting some TCP dumps to analyze. That's why we see the interface going into promiscuous mode. I have yet to identify any errors in the dumps however. But our application starts spitting out Java 330 errors and costumers start reporting corrupted data transfers. -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Thursday, March 29, 2007 3:20 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Alloc memory errors >>> On Thu, Mar 29, 2007 at 4:08 PM, in message <[EMAIL PROTECTED]>, "Goodwin, Derric" <[EMAIL PROTECTED]> wrote: > I'm seeing the following errors in syslog for interface hsi1: > > > > 10:05:36 CRS8ASRM *8 device hsi1 entered promiscuous mode > > 10:05:36 CRS8ASRM *8 Mar 23 10:05:14 crs8asrm kernel: device hsi1 > entered promis This message typically means that someone (with root access) is doing network sniffing from inside your system. It could definitely have an impact on your network application's performance. You should find out who's doing that, and why, regardless of the follow-on errors. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
>>> On Thu, Mar 29, 2007 at 4:08 PM, in message <[EMAIL PROTECTED]>, "Goodwin, Derric" <[EMAIL PROTECTED]> wrote: > I'm seeing the following errors in syslog for interface hsi1: > > > > 10:05:36 CRS8ASRM *8 device hsi1 entered promiscuous mode > > 10:05:36 CRS8ASRM *8 Mar 23 10:05:14 crs8asrm kernel: device hsi1 > entered promis This message typically means that someone (with root access) is doing network sniffing from inside your system. It could definitely have an impact on your network application's performance. You should find out who's doing that, and why, regardless of the follow-on errors. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Alloc memory errors....
A memory allocation failure. You may need a larger virtual machine. Goodwin, Derric wrote: I'm seeing the following errors in syslog for interface hsi1: 10:05:36 CRS8ASRM *8 device hsi1 entered promiscuous mode 10:05:36 CRS8ASRM *8 Mar 23 10:05:14 crs8asrm kernel: device hsi1 entered promis 10:09:29 CRS8ASRM *8 __alloc_pages: 2-order allocation failed (gfp=0x20/0) 10:09:29 CRS8ASRM *8 NET: 9 messages suppressed. 10:09:29 CRS8ASRM *8 qeth: no memory for packet from hsi1 10:09:29 CRS8ASRM *8 __alloc_pages: 2-order allocation failed (gfp=0x20/0) The _alloc_pages: 2-order error I have seen on other systems with the 2 ranging from 0 to 5 or higher numbers. On this system it's always 2... This may be a dumb question but does anyone know what the numbers represent? What's the difference between a 2 and a 5 for instance. When we start logging these errors our application performance takes a dive. Thanks for any insight. --- Derric Goodwin Distributed Systems Integration Acxiom/TransUnion. Chicago, Il. Ph:(312)985-3312 email: [EMAIL PROTECTED] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Alloc memory errors....
I'm seeing the following errors in syslog for interface hsi1: 10:05:36 CRS8ASRM *8 device hsi1 entered promiscuous mode 10:05:36 CRS8ASRM *8 Mar 23 10:05:14 crs8asrm kernel: device hsi1 entered promis 10:09:29 CRS8ASRM *8 __alloc_pages: 2-order allocation failed (gfp=0x20/0) 10:09:29 CRS8ASRM *8 NET: 9 messages suppressed. 10:09:29 CRS8ASRM *8 qeth: no memory for packet from hsi1 10:09:29 CRS8ASRM *8 __alloc_pages: 2-order allocation failed (gfp=0x20/0) The _alloc_pages: 2-order error I have seen on other systems with the 2 ranging from 0 to 5 or higher numbers. On this system it's always 2... This may be a dumb question but does anyone know what the numbers represent? What's the difference between a 2 and a 5 for instance. When we start logging these errors our application performance takes a dive. Thanks for any insight. --- Derric Goodwin Distributed Systems Integration Acxiom/TransUnion. Chicago, Il. Ph:(312)985-3312 email: [EMAIL PROTECTED] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Backup & Restore
This is what we do..simply because we have not found a better way with the tools we have. We have been primarily an MVS shop and have not been doing z/VM for quite a year yet. It has been a real learning curve getting z/VM 5.2 in place and then doing RedHat Linux guests (15 so far). Backup/restores and a DR plan has been one of our concerns. The steps I take when I do backups are: 1) Schedule shutdown of all Linux guests and z/VM.usually on a Sunday afternoon. 2) Run a series of batch jobs to backup all z/VM and Linux DASD using DFDSS to do physical dumps to STK 9840 tape. This is so we can easily transport or vault offsite. 3) Startup z/VM and guests. The dumps usually take a few hours with the number of disk we have. We use Tivoli to do file backups of the guests nightly (automated). The logic is to use the Tivoli backups to do restores of files or individual servers if something bad happens. If it is a DR event then I would use the DFDSS snapshop to restore the entire zVM/guest environment and then use the Tivoli to bring the servers up to the most current backup. We have done some testing of this and it seems to work fine so far. Not prettybasic..but it works. Jon Brock <[EMAIL PROTECTED]> Sent by: Linux on 390 Port 03/29/2007 09:54 AM Please respond to Linux on 390 Port To LINUX-390@VM.MARIST.EDU cc Subject Re: Backup & Restore Since you are running MVS on your box, you can always (assuming you are sharing DASD) take your volume-level backups on the MVS side, which is what we do so far. To add to the fun, if your DASD has snapshot capability, you can get minimal guest downtime by: 1) Shut down a guest. 2) Snap its DASD on z/OS. 3) Start up the guest. 4) Back up the snapshot copy to tape. This is the procedure I use here for DR backups. File level backups are a whole different animal, though. Jon Primarily I need a DR solution; mainly to be able to bring the system back from a disaster in under a week. There are already DR processes in place for other systems on the mainframe(s), such as MVS, CICS, etc. I am behind on z/VM in that regard. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
> I have created a website using Apache2. I can get to it using the IP > address ###.###.###.### now I > would like to give it a URL. What do I need to do? Select a name and have your DNS administrator add it to the zone files for the appropriate domain. Once that's live, you're live, and you have about 37 seconds before some moron tries to break into it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
> What do I need to do? Be sure the IP@ is associated with a DNS name and use the DNS name. "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
On Mar 29, 2007, at 2:23 PM, Rich Smrcina wrote: Add it to your local hosts file (for you) or your DNS Server (for everyone else). Also see the VirtualHost directive. There's a lot of documentation in the various Apache doc sources, but the short version is: ServerName my.host.name DocumentRoot /var/www/my.host.docroot Yours will probably have a lot more stuff in it. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Apache URL
Add it to your local hosts file (for you) or your DNS Server (for everyone else). Stephen Frazier wrote: I have created a website using Apache2. I can get to it using the IP address ###.###.###.### now I would like to give it a URL. What do I need to do? -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Apache URL
I have created a website using Apache2. I can get to it using the IP address ###.###.###.### now I would like to give it a URL. What do I need to do? -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
I know. I should have included a smiley face of my own. Or, given the problems I am currently experiencing with IBM Link, maybe a grimacey face. Jon It was kind of a joke - note the smiley face. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
Jon, > It can be effective, but it can't be *counted on* to be effective. It was kind of a joke - note the smiley face. "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Problems starting Slackware after new install
>>> On Thu, Mar 29, 2007 at 9:32 AM, in message <[EMAIL PROTECTED]>, "Jones, Russell" <[EMAIL PROTECTED]> wrote: > That sounds like what my problem is. I did not install the "K" set. Are > there any other sets that must be installed? Usually, A, part of AP, and N are all that is required. (I moved s390-tools into A). I personally also install L and K. > *** > So, is it correct that when I IPL Slack/390 after the install, it will > not be accessible from the network, and will have to change the network > settings from the HMC? > *** Essentially, you're looking at two commands: ifconfig ifname ipaddress netmask route add default gw ipaddress Then, you can SSH in from the outside and edit /etc/rc.d/rc.inet1.conf appropriately. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
It can be effective, but it can't be *counted on* to be effective. Jon Low - rely on the probability that the Windows admin will never find/look for the key file in the file system (security through obscurity can be very effective :)) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How to start with zLinux assembly programming
On Thu, Mar 29, 2007 at 03:16:23PM +0200, Peter 1 Oberparleiter wrote: > Linux on 390 Port wrote on 29.03.2007 10:02:33: > > How to start with zLinux assembly programming language. Where to get the > > > information like what are the tools required and information about the > > general purpose, control, access & floating point registers. > > This information is for learning purpose. I searched internet but didn't > > > get any information. Please help me. > > Recommended reading: > > z/Architecture Principles of Operations > http://publibz.boulder.ibm.com/epubs/pdf/a2278324.pdf > > zSeries ELF Application Binary Interface Supplement > http://www.ibm.com/servers/eserver/zseries/os/linux/pdf/lzsabi0.pdf > > As for tools: > > How to compile assembler source code file.s: > > gcc file.s -o file > > (gcc calls other tools, but this doesn't need to concern you while you're > a beginner). > > For starters, I'd suggest writing small c-programs and then compiling them > with gcc while specifying option -save-temps. This will get you the > assembler code as generated by gcc in the '.s' file. You can then modify > the .s file and compile it with gcc again. In addition you might want to have a look at Documentation/s390/Debugging390.txt in the linux kernel sources. Some of the information there is outdated, but it should give you a brief overview. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: AF_IUCV support
On Thursday, 03/29/2007 at 11:21 AST, Melissa Howland/Endicott/[EMAIL PROTECTED] wrote: > So one should be very cautious about replacing the sockets (or other PFS) > BPX1 routines in the BFS on CMS. For example, if you replace BPX1SOC, you > have just ripped all of the sockets support out from under your C servers > running on CMS (that is, you can't replace just one addressing family > easilyBPX1SOC is all of your sockets addressing families). Also, the > sockets PFS shares some BPX routines with the file PFS, so if you replace > BPX1RED (read), you've just ripped out your read() function for files, too. > > So please consider this option with great caution. Aye, there be dragons here. Or worse. "Abandon hope all ye who here enter" pops to mind. It is an effort not to be undertaken lightly as the Law of Unintended Consquences (previously known as "unpredictable results may occur") definitely applies. If you start ripping out (replacing) one CSL routine you will undboutedly find yourself replacing others: Open, Close, Read, Write are all related, expecting to find the same infrastructure in the background. IBM spent a lot of time & money writing those CSL routines, so it is only fair that if it was hard for us that it be hard for the next person, eh? :-) Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Slackware 390
>>> On Thu, Mar 29, 2007 at 10:10 AM, in message <[EMAIL PROTECTED]>, RPN01 <[EMAIL PROTECTED]> wrote: > I was thinking of trying the Slackware 390 distribution, mainly for the > experience and to assist in any testing. I went to the site and to the Cool. > download page, and the page states that there are no iso images *since it > would be more hassle to you than it's worth*. However, the download site has > the distribution as *loose files and directories*, so to download it with > ftp, I have to do each directory individually. An *mget ** fails on the > first directory found, with *No such file or directory*. You do know about curl and wget, right? -snip- > Since no such package seems to be available, is there some other tool for > downloading the *big mess of files* beyond the Linux ftp program that I > should be using to be able to fetch this tree? The main page of http://www.slack390.org/ says that for a nominal fee, you can have a DVD shipped to you. (Or set of CDs, for that matter.) Contact me off list if you want to pursue that. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How to start with zLinux assembly programming
There have been SHARE presentations on this subject. SHARE 98 session 8131 - More than you ever wanted to know about GCC, GAS and ELF SHARE 99 session 8139 - An Assembler Programmer's view of Linux of S/390 and zSeries SHARE 107 session 8191 - High Level Assembler and LD for Linux on System z The handouts from these sessions are available on the SHARE web site at www.share.org and from http://www.tachyonsoft.com/present.html (You will need to go to the SHARE web site to get John Ehrman's half of the 8191 talk.) David Bond - Tachyon Software LLC - http://www.tachyonsoft.com >Hi, > >How to start with zLinux assembly programming language. Where to get the=20 >information like what are the tools required and information about the=20 >general purpose, control, access & floating point registers. >This information is for learning purpose. I searched internet but didn't=20 >get any information. Please help me. > >Thanks in advance. > > >Best Regards, >R.Nageswara Sastry, CSTE=AE,C|EH=AE -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Ziip Engines - slightly off topic.
On Thursday, 03/29/2007 at 07:06 MST, Moeur Tim C <[EMAIL PROTECTED]> wrote: > Have any of you IFL/zLinux users also bought into IBM's Ziip Engine for > DB2 work? If so, I'd like to hear about your experiences off list. > Please contact me at your convenience. > > Sorry for the mostly non-390-Linux question, but I suspect that there > may be a fair amount of overlap within this group. You'll find the people you're looking for over in IBM-MAIN. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
>>> On Thu, Mar 29, 2007 at 9:54 AM, in message <[EMAIL PROTECTED]>, David Boyes <[EMAIL PROTECTED]> wrote: >> I'm considering implementing SELinux for truly paranoid protection. > I'm >> a RACF security admin as well as a z/OS sysprog. Yes, I __own__ the > z/OS >> system. > > While you're at it, write some tools for managing SELinux policies. Much > like RACF, the problem is not implementing SELinux, but actually getting > it to behave in a usable manner. A set of useful management tools for > such a beast would make you a serious security god in the Unix world -- > I bet just porting all the stuff you wrote ages ago to manage RACF would > be a great start. Based on a review of RHEL5 that I read, it includes some better tools for writing SELinux policies, as well as providing more pre-built templates to use. I haven't looked at that yet though. Maybe Brad can give us a synopsis. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: AF_IUCV support
Alan wrote: >>You can already do that for some of the clients/servers. The C-based >>programs all call LE sockets. LE calls BPX1SOC CSL routine. Feel free to >>write your own replacement that implements the transport of your choice. CSL routines are usually provided for one (or both) of 2 reasons: 1) to make them easily replaceable or 2) to make them easily callable from many languages. So while the fact that they are CSL routines makes the BPX1 interfaces replaceable in a sense, that is not why they are CSL routines and, therefore, they are not really written or documented with the intention that they be replaceable. They are CSL routines to allow them to be easily called from several languages. So one should be very cautious about replacing the sockets (or other PFS) BPX1 routines in the BFS on CMS. For example, if you replace BPX1SOC, you have just ripped all of the sockets support out from under your C servers running on CMS (that is, you can't replace just one addressing family easilyBPX1SOC is all of your sockets addressing families). Also, the sockets PFS shares some BPX routines with the file PFS, so if you replace BPX1RED (read), you've just ripped out your read() function for files, too. So please consider this option with great caution. (Oh, did I mention that I also own/support the CMS sockets support in my "spare time"? :) ) Melissa Howland z/VM and Linux on z/VM Development IBM Corporation Endicott, NY 13760 (607)429-3303, (from within IBM T/L 620-3303) Fax: (607)429-4192 (T/L 620-4192) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
> Level of paranoia?... > Low - rely on the probability that the Windows admin will never find/look for the key file in the file system (security through obscurity can be very effective :)) "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
Level of paranoia?... Medium - Winzip / Encrypt (AES with decent password) the files and leave them on the windows box. High - Thumb Drive Extremely High - Winzip/Encrypt (AES with decent password) the files on the thumbdrive.. "McKown, John" <[EMAIL PROTECTED]> Sent by: Linux on 390 Port 03/28/2007 03:15 PM Please respond to Linux on 390 Port To LINUX-390@VM.MARIST.EDU cc Subject [LINUX-390] Protecting SSH key on Windows desktop I have used ssh-keygen on my Windows desktop (Cygwin) to create the id_rsa and id_rsa.pub files. I have ftp'ed the id_rsa.pub to my Linux server and added it to the end of my ~/.ssh/authorized_keys file. This is protected with a passphrase. But does anybody know what is the best way to make sure that a Windows Administrator cannot come along and copy the private key file? At present, the best that I can think of is to put it on a USB thumb drive which I then only attach to the Windows desktop when I need to ssh/scp/sftp to Linux. Is there an easier way which is still secure? -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Ziip Engines - slightly off topic.
Have any of you IFL/zLinux users also bought into IBM's Ziip Engine for DB2 work? If so, I'd like to hear about your experiences off list. Please contact me at your convenience. Sorry for the mostly non-390-Linux question, but I suspect that there may be a fair amount of overlap within this group. Tim [EMAIL PROTECTED] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: AF_IUCV support
<[EMAIL PROTECTED]> wrote: > Now, for the rest of us in the dark, what we we do with that function? Alan wrote: >>Connect to *MSG or other system services. Or even CMS apps or other Linux >>servers without using IP. ISFC Collections (VM clusters) and distributed >>IUCV anyone? The current version of the AF_IUCV support available on developerWorks allows for local CONNECT's only (i.e., to guests on the same CP)...(this is consistent with the AF_IUCV support in CMS). So don't say "distributed IUCV" yet. Since this is my first append here, I should probably introduce myself :) . Many of you know me from my many years as a CMS developer (much of which my last name was Carlson, in case you're wondering :) ) I'm now leading a team of developers in Endicott that is working with the Linux team in Boeblingen, focusing on z/VM exploitation in Linux (we would be the "colleagues" that Alan referred to). Melissa Howland z/VM and Linux for S/390 Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: AF_IUCV support
> > And you're revamping an awful lot of CP internals at the moment to > > finish the 64-bit enablement. It's worth bringing up the idea at least. > > By all means. But even in a 64-bit world, much of CP (including the ACI) > runs in a 31-bit execution space with the flexiblity to map any page into > that 31-bit space. The parts of CP that manage the 31-bit space are, of > course, 64-bit, as are those that need to access possibly more than 2GB of > data are also 64-bit enabled. I was under the impression that that mapping approach was a temporary rest stop on the evolution, though. If there is still major restructuring to be done, then it'd be worth looking into some of the other general interface stuff (cf how SPXTAPE works, etc) at that point, or at least start poking at the concept. Using a "service access point" model would keep the services available for CMS but also make them easier to access in a pure hosting model. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
> SELinux is great until you actually want to get something done. > > Run it in warning mode first for a while to get a glimpse of what's > going to break when you turn it on for real, is my advice. If you install RHEL5, it will be running by default: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=enforcing ^ # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted It hasn't gotten in my way until I wanted to allow vmcp and ssh to apache via sudo. Yes, it would be nice to easily allow that rather than setting to permissive mode. -Mike MacIsaac -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Slackware 390
I was thinking of trying the Slackware 390 distribution, mainly for the experience and to assist in any testing. I went to the site and to the download page, and the page states that there are no iso images ³since it would be more hassle to you than it's worth². However, the download site has the distribution as ³loose files and directories², so to download it with ftp, I have to do each directory individually. An ³mget *² fails on the first directory found, with ³No such file or directory². An iso package of the directory tree would be useful, not because I want to burn it to a CD, but because it would give me a single file to download. Even a tar or tgz file of the tree would be better than having to download the entire tree as individual files. Since no such package seems to be available, is there some other tool for downloading the ³big mess of files² beyond the Linux ftp program that I should be using to be able to fetch this tree? -- .~.Robert P. Nix Mayo Foundation /V\RO-OC-1-13200 First Street SW /( )\ 507-284-0844 Rochester, MN 55905 ^^-^^ - "In theory, theory and practice are the same, but in practice, theory and practice are different." -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Backup & Restore
I use the exact same backup procedure in my shop. Guest downtime is only 5-10 minutes. Lea Stahr Linux/Unix Team 630-753-5445 [EMAIL PROTECTED] -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Jon Brock Sent: Thursday, March 29, 2007 8:55 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Backup & Restore Since you are running MVS on your box, you can always (assuming you are sharing DASD) take your volume-level backups on the MVS side, which is what we do so far. To add to the fun, if your DASD has snapshot capability, you can get minimal guest downtime by: 1) Shut down a guest. 2) Snap its DASD on z/OS. 3) Start up the guest. 4) Back up the snapshot copy to tape. This is the procedure I use here for DR backups. File level backups are a whole different animal, though. Jon Primarily I need a DR solution; mainly to be able to bring the system back from a disaster in under a week. There are already DR processes in place for other systems on the mainframe(s), such as MVS, CICS, etc. I am behind on z/VM in that regard. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 CONFIDENTIALITY NOTICE: This e-mail, and any attachments and/or documents linked to this email, are intended for the addressee and may contain information that is privileged, confidential, proprietary, or otherwise protected by law. Any dissemination, distribution, or copying is prohibited. This notice serves as a confidentiality marking for the purpose of any confidentiality or nondisclosure agreement. If you have received this communication in error, please contact the original sender. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
On Mar 29, 2007, at 7:54 AM, McKown, John wrote: I'm considering implementing SELinux for truly paranoid protection. I'm a RACF security admin as well as a z/OS sysprog. Yes, I __own__ the z/OS system. SELinux is great until you actually want to get something done. Run it in warning mode first for a while to get a glimpse of what's going to break when you turn it on for real, is my advice. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How to start with zLinux assembly programming
Linux on 390 Port wrote on 29.03.2007 10:02:33: > How to start with zLinux assembly programming language. Where to get the > information like what are the tools required and information about the > general purpose, control, access & floating point registers. > This information is for learning purpose. I searched internet but didn't > get any information. Please help me. Recommended reading: z/Architecture Principles of Operations http://publibz.boulder.ibm.com/epubs/pdf/a2278324.pdf zSeries ELF Application Binary Interface Supplement http://www.ibm.com/servers/eserver/zseries/os/linux/pdf/lzsabi0.pdf As for tools: How to compile assembler source code file.s: gcc file.s -o file (gcc calls other tools, but this doesn't need to concern you while you're a beginner). For starters, I'd suggest writing small c-programs and then compiling them with gcc while specifying option -save-temps. This will get you the assembler code as generated by gcc in the '.s' file. You can then modify the .s file and compile it with gcc again. Regards, Peter Oberparleiter -- Peter Oberparleiter Linux on System z Development IBM Deutschland Entwicklung GmbH -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
> I'm considering implementing SELinux for truly paranoid protection. I'm > a RACF security admin as well as a z/OS sysprog. Yes, I __own__ the z/OS > system. While you're at it, write some tools for managing SELinux policies. Much like RACF, the problem is not implementing SELinux, but actually getting it to behave in a usable manner. A set of useful management tools for such a beast would make you a serious security god in the Unix world -- I bet just porting all the stuff you wrote ages ago to manage RACF would be a great start. -- db -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Backup & Restore
Since you are running MVS on your box, you can always (assuming you are sharing DASD) take your volume-level backups on the MVS side, which is what we do so far. To add to the fun, if your DASD has snapshot capability, you can get minimal guest downtime by: 1) Shut down a guest. 2) Snap its DASD on z/OS. 3) Start up the guest. 4) Back up the snapshot copy to tape. This is the procedure I use here for DR backups. File level backups are a whole different animal, though. Jon Primarily I need a DR solution; mainly to be able to bring the system back from a disaster in under a week. There are already DR processes in place for other systems on the mainframe(s), such as MVS, CICS, etc. I am behind on z/VM in that regard. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Problems starting Slackware after new install
That sounds like what my problem is. I did not install the "K" set. Are there any other sets that must be installed? *** So, is it correct that when I IPL Slack/390 after the install, it will not be accessible from the network, and will have to change the network settings from the HMC? *** I ended up giving up on the CD and IPLing from tape. Thanks, Russ Jones -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Wednesday, March 28, 2007 4:34 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Problems starting Slackware after new install >>> On Wed, Mar 28, 2007 at 5:24 PM, in message <[EMAIL PROTECTED]> , "Jones, Russell" <[EMAIL PROTECTED]> wrote: > I have completed the install of Slackware 10.0 in an LPAR on our > mainframe. The install seemed to complete without any problems, but my > new Slack/390 will not IPL. The LPAR goes into disabled wait status. Any > ideas why my boot information is not being found? This is due to a bug/undocumented requirement in Slack/390 10.0. If you didn't select the s390-tools package (in the K series) to be installed, this is what happens. You can re-run the install and make sure it includes that package. I would recommend, however, that you use what's in Slack390-current on the download server. More up to date, etc. Just be aware that there's another lack in the both installers. The network information you supply during the install doesn't get propagated to the system being installed. You'll need to enter that information manually, later. Getting time to fix that has been what's holding up renaming -current to -10.1. :( I was going to respond to your prior note about the installing seeming to hang after "finding" the initrd. What happened to get you past that? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Backup & Restore
Hi, If you have zOS you can use the zOS NFS Server to be the backup of your linux guests, you mention that there are already backup procedure for traditional MVS. -Jose -Original Message- From: KEETON Dave * OR SDC [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2007 7:51 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Backup & Restore Not to sound coy, but I want the best of both worlds. ;-) Primarily I need a DR solution; mainly to be able to bring the system back from a disaster in under a week. There are already DR processes in place for other systems on the mainframe(s), such as MVS, CICS, etc. I am behind on z/VM in that regard. I took Steve Frazier's suggestion to heart and started reading up on DDR. I've backed up z/VM with DDR in the past, but I have yet to try it with the DASD used by the Linux guests. Given what I already know about using DDR with the system volumes, I'm sure I could stumble through it. What I hoped to do is get some sort of automated backup established for both DR and application data. I've sent inquires to our VAR for information on BrightStor VM:Backup and IBM's Backup and Restore for z/VM. We'll take a look at both of those products and see what fits. My biggest interest was leveraging our VTS. I can easily walk out on the raised floor and swap tapes, or perhaps have an operator take care of it, but automation has so much appeal. :-) To answer a couple of questions already posed to me in this thread: 1. Yes, I am interested in learning more about the free front-ends for DDR that have been written by folks on this list. 2. I didn't post to the VM list because I felt that cross-posting might have been frowned upon... 3. Dennis asked if I was going to take the guests offline while doing a backup. Yes, that was my plan. I have one day a week when there's no workload on any of the guests, so I can take advantage of that in the short term. My sincere thanks to everyone that's responded to my questions. Dave -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Kern Sent: Wednesday, March 28, 2007 4:31 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Backup & Restore Are you looking for Disaster Recovery backups of z/VM and Linux DASD? Or are you looking for file level backup/restore for these systems? For DR purposes, DDR or other programs can dump/restore all of your DASD to VTS tapes. Mounting the VTS tapes requires DFSMS/RM and is enhanced by tape management products (VM:Tape from CA, Tape Manager from IBM), but it can be done from scratch (not nicely yet). For file level restores, there is no one program that can help you. For z/VM, you can buy products (VM:Backup from CA, Backup/Restore Manager from IBM) or code your own around the CMS TAPE or VMFPLC2 commands. Again DFSMS/RM talks to the VTS and a tape management program helps. For the linux files, you need a linux program like Amanda or Bacula, both of which are free and can write to the VTS drives. You still need DFSMS/RM and an interface program from Sine Nomine (http://www.sinenomine.net). My bosses have not purchased any products to help backup/restore any level of z/VM or Linux data so I can sympathize with situation. /Tom Kern /301-903-2211 --- KEETON Dave * OR SDC <[EMAIL PROTECTED]> wrote: > I'm trying to gather my options for backing up z/VM 5.2 & SLES 9 & 10 > guests to an IBM TotalStorage VTS. So far I've been able to deduce that > DFSMS/VM is required, though I'm still unclear as to whether or not it's > included with z/VM 5.2. There seem to be quite a selection of commercial > products available for VM & Linux, so the choices seem overwhelming. I'm > not sure which ones will fit my needs and which are overkill. > > Can any one point me to some resources (How-tos, redbooks and the like) > for someone who doesn't have years of experience in the mainframe world? > I've been responsible for a z/VM system for about a year, having taken > over for someone else when they left the organization. I've had some > training, but my real strength is in the Linux arena. What I want to be > able to do backups and restores of VM & all my Linux guests to the > virtual tape system. Is this something that can be accomplished using > OSS at free or low cost? Has anyone been down this road that can share > their experience and wisdom? > > Many thanks, > > Dave Keeton > Linux Systems Administrator > Enterprise Systems Group > Oregon State Data Center > (503) 373-0832 > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcu
Re: How to start with zLinux assembly programming
Tools: - You have a few choices: gcc's gas, Dignus' dasm, and (I think) Tachyon's assembler. The first is free the others are not. If you're used to HLASM then gas will be hard to come to terms with (no USING directive for example). Architecture information: - Debugging390.txt in the Documentation/s390/ directory of the Linux source code gives a pretty good, but dated, introduction - The Linux for zSeries ABI document describes all you need to know about register use, stack layout, parameter passing and result returning conventions etc. http://www.linuxbase.org/spec/ELF/zSeries/index_s390.html Neale On Thu, 2007-03-29 at 13:32 +0530, Nageswara R Sastry wrote: > How to start with zLinux assembly programming language. Where to get the > information like what are the tools required and information about the > general purpose, control, access & floating point registers. > This information is for learning purpose. I searched internet but didn't > get any information. Please help me. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How to start with zLinux assembly programming
> -Original Message- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of Nageswara R Sastry > Sent: Thursday, March 29, 2007 3:03 AM > To: LINUX-390@VM.MARIST.EDU > Subject: How to start with zLinux assembly programming > > > Hi, > > How to start with zLinux assembly programming language. Where > to get the > information like what are the tools required and information > about the > general purpose, control, access & floating point registers. > This information is for learning purpose. I searched internet > but didn't > get any information. Please help me. > > Thanks in advance. > > > Best Regards, Well, personally, I'd likely not do any "pure" assembly writing on z/Linux. Did you know that you could imbed assembler in C and C++ source code with the GNU C compiler? That's what it seems to me that the Linux kernel people do, in the main. If you want to look at z/Linux assembler, I would suggest getting the kernel source for s/390 and start looking at files in the arch/s390 subdirectory. The assembler source ends in .S The Linux kernel source is nicely on line at: http://lxr.linux.no/source/?a=s390 If you need to learn the instruction set for the zSeries, then "The Principles of Operation" is the only definative source. You can read it at: http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/XKS/DZ9ZBK05 Depending on other factors, such as money, you might want to invest in the Dignus Systems/ASM product. This is a different assembler than the GNU assembler, "gas". The plus is that the source is compatable with the IBM High Level Assembler which is used on z/OS and the other z/... operating systems, including z/VM. That leverages your knowledge to other systems. The syntax for "gas" is truly weird, IMO. http://dignus.com/dasm/ This product is not free. And it does require a yearly maintenance fee as well. So that may be a consideration. I don't know the current costs. I have read that there is a hobbist license that is probably very reasonable. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: How to start with zLinux assembly programming
z/Architecture assembly is documented in the z/Architecture Principles of Operation book which can be found here in PDF form: http://www-03.ibm.com/servers/eserver/zseries/zos/bkserv/r8pdf/zarchpops.html As for tools, you can use whatever IDEs or editors you want to write the assembly and GCC can be used to compile it. If you want to see examples of z/Architecture assembly check out the asm-s390 directories in the Linux kernel source tree (or look for .S files in the s390-specific directories). ks On 3/29/07, Nageswara R Sastry <[EMAIL PROTECTED]> wrote: Hi, How to start with zLinux assembly programming language. Where to get the information like what are the tools required and information about the general purpose, control, access & floating point registers. This information is for learning purpose. I searched internet but didn't get any information. Please help me. Thanks in advance. Best Regards, R.Nageswara Sastry, CSTE(r),C|EH(r) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Protecting SSH key on Windows desktop
> -Original Message- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of John Summerfield > Sent: Wednesday, March 28, 2007 8:55 PM > To: LINUX-390@VM.MARIST.EDU > Subject: Re: Protecting SSH key on Windows desktop > > > I can seriously restrict what our students can do, using AD. I don't > think I have that control over Firefox on Windows, let alone > linux where > the user has root:-) > The Bosses can't exercise so much control over what you do on > your Linux > desktop, but then if they trust you with the crown jewels > Well, given what has happened in the audit so far, it appears to be more of a case of "make sure John hasn't done anything too stupid like leaving telnet running" rather than "lock him down". We will see. The auditor has not been to my cubical yet for an actual inspection. I'm considering implementing SELinux for truly paranoid protection. I'm a RACF security admin as well as a z/OS sysprog. Yes, I __own__ the z/OS system. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
How to start with zLinux assembly programming
Hi, How to start with zLinux assembly programming language. Where to get the information like what are the tools required and information about the general purpose, control, access & floating point registers. This information is for learning purpose. I searched internet but didn't get any information. Please help me. Thanks in advance. Best Regards, R.Nageswara Sastry, CSTE®,C|EH® -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390