RHEL 4 - FCP - tape drives
Good Morning, Having fun trying do define and put on line some tape drives via FCP. I have searched but have not yet found doc I can use that shows a good example of how to define this. Can someone direct me to some doc on this (cookbook or REL4 stuff maybe) Thank you, Paul -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: z/Linux and z/OS ADABAS
Grand Day, Adabas SOA Gateway (ASG 2.2) runs on z/OS native, no CICS needed. It's an Apache 2.0.xx server with a plug-in module (Xerces) to parse the XML SOA to Adabas calls and return the results to the SOA client. One can also run ASG on LinTel and zSeries if your Adabas is there Run the ASG server on the same machine as Adabas. Run the SOA client where you need the results. If anyone needs an Apache running on z/OS, z/VSE, z/VM or BS2K let me know ___ Dick Waite Senior Consultant Technical Marketing Manager Adabas Phone: +49 6151 92-1505 Mobile: +49 176 1592 1505 [EMAIL PROTECTED] Software AG Uhlandstrasse 12 | 64297 Darmstadt | Germany www.softwareag.com ___ Software AG - Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany, - Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/ Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), David Broadbent, Mark Edwards, Dr. Peter Kurpick, Alfred Pfaff, Arnd Zinnhardt; - Aufsichtsratsvorsitzender/ Chairman of the Supervisory Board: Frank F. Beelitz - http://www.softwareag.com -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Avinoam hirschberg Sent: 14 March 2007 11:02 To: linux-390@vm.marist.edu Subject: z/Linux and z/OS ADABAS Hi, is anyone experiences working with Linux application which runs under z/VM and ADABAS which runs on z/OS. are there any special software package that need to be install in the Linux machine Thanks, Avinoam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Question about using z/VM DCSS for sharing code under Linux
barton wrote: If your system is already tuned with the easy stuff and you already understand how to manage virtual machine sizes, and you use vdisk for swap, then you could save something using XIP. Otherwise, sorry, don't bother for 20 servers. I second that. so long, Carsten -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Question about using z/VM DCSS for sharing code under Linux
Tools are there, lots of storage savings possible. Indeed, possibilities for the technique exist. As do some tools. My point was that it's not yet universally applicable, it is not a panacea, and it is not yet easily applied for the casual user. At this point, using the technique pretty much eliminates the use of the provided automated maintenance capabilities, which puts it beyond many people's skills. Until that changes, it's not likely to see much use. machines do not need to be identical, it just takes an understanding of how to implement, what to include and specifically how to measure it. See above. Given the number of people who are living by cookbook, this seems a good corroboration of my earlier point. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Printer help
It looks like lpr is pointing to lprng on my system. [EMAIL PROTECTED]:~# v /usr/bin/lpr lrwxrwxrwx 1 root root 9 2007-04-02 12:29 /usr/bin/lpr - lpr-lprng* So do I need to uninstall lprng or can I just change the link to point to lpr-cups? Thanks, Russ -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Mark Post Sent: Friday, June 01, 2007 4:50 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Printer help On Fri, Jun 1, 2007 at 5:29 PM, in message [EMAIL PROTECTED], David Boyes [EMAIL PROTECTED] wrote: -snip- Looks like you have an older version of the printing utilities installed that is not CUPS-aware. Make sure the cups-lpd package is installed. That will enable support for classic lpr. No such package on Slack/390. There's cups, and lprng, and that's it. If lprng was installed on top of cups, that could cause a similar issue. Only one of the two should be installed, not ever both of them. One way to tell is: # v /usr/bin/lpr lrwxrwxrwx 1 root root 8 2005-01-27 15:49 /usr/bin/lpr - lpr-cups Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Verifying a NFS mountpoint is active?
I'm posting this to both the MVS OS (z/OS UNIX) forum and the Linux forum because it involves both platforms, at least to an extent. I have a Linux box which is running an NFS server. It has a subdirectory which is NFS exported. The z/OS system imports this subdirectory. I have a job on z/OS which writes data to the z/OS UNIX subdirectory which is __supposed__ to be mounted to the Linux machine. And it does, so long as the NFS mount has been issued on the z/OS system (which is not automated at present) and the Linux machine (which is mine - not a server per se) is up. What I'd like to be able to __easily__ figure out are: (1) is the z/OS UNIX subdirectory properly NFS MOUNTed to the Linux system? (2) is the Linux system actually working? I also have ssh working between z/OS UNIX and Linux. So I think that I can answer question 2 by simply trying a do nothing ssh from z/OS to Linux. If it works, then the Linux box is up. If it doesn't then something is wrong and I need a return code in the batch job on z/OS to indicate this. I think this is doable. But I cannot figure out how to determine #1. What I've come up with is something like: Have the batch job do an ssh connect to the Linux box and do a cat function to write a file on the Linux system in the NFS exported subdirectory. If the ssh fails, then assume something is wrong with the Linux system and set a bad RC so that I know to look at what is going on. If the ssh works, then do a compare between the original file on the z/OS system and what is on the NFS file. If they are not equal, assume that the subdirectory is not NFS mount and issue a bad RC. Does this sounds reasonable? -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Printer help
On Mon, Jun 4, 2007 at 10:18 AM, in message [EMAIL PROTECTED], Jones, Russell [EMAIL PROTECTED] wrote: It looks like lpr is pointing to lprng on my system. [EMAIL PROTECTED]:~# v /usr/bin/lpr lrwxrwxrwx 1 root root 9 2007-04-02 12:29 /usr/bin/lpr - lpr-lprng* So do I need to uninstall lprng or can I just change the link to point to lpr-cups? The easiest and safest thing to do would be to removepkg lprng and then installpkg cups. Most of the packages have a install/doinst.sh file in them that does things like set up symbolic links, etc., so that really should get run again. The installpkg cups command will make that happen. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Verifying a NFS mountpoint is active?
John, for #1, what about issuing 'df' command and parse that directory ? Or 'mount' command ? I mean on z/OS side. Marian --- McKown, John [EMAIL PROTECTED] wrote: I'm posting this to both the MVS OS (z/OS UNIX) forum and the Linux forum because it involves both platforms, at least to an extent. I have a Linux box which is running an NFS server. It has a subdirectory which is NFS exported. The z/OS system imports this subdirectory. I have a job on z/OS which writes data to the z/OS UNIX subdirectory which is __supposed__ to be mounted to the Linux machine. And it does, so long as the NFS mount has been issued on the z/OS system (which is not automated at present) and the Linux machine (which is mine - not a server per se) is up. What I'd like to be able to __easily__ figure out are: (1) is the z/OS UNIX subdirectory properly NFS MOUNTed to the Linux system? (2) is the Linux system actually working? I also have ssh working between z/OS UNIX and Linux. So I think that I can answer question 2 by simply trying a do nothing ssh from z/OS to Linux. If it works, then the Linux box is up. If it doesn't then something is wrong and I need a return code in the batch job on z/OS to indicate this. I think this is doable. But I cannot figure out how to determine #1. What I've come up with is something like: Have the batch job do an ssh connect to the Linux box and do a cat function to write a file on the Linux system in the NFS exported subdirectory. If the ssh fails, then assume something is wrong with the Linux system and set a bad RC so that I know to look at what is going on. If the ssh works, then do a compare between the original file on the z/OS system and what is on the NFS file. If they are not equal, assume that the subdirectory is not NFS mount and issue a bad RC. Does this sounds reasonable? -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 Need a vacation? Get great deals to amazing places on Yahoo! Travel. http://travel.yahoo.com/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Verifying a NFS mountpoint is active?
-Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Marian Gasparovic Sent: Monday, June 04, 2007 11:35 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Verifying a NFS mountpoint is active? John, for #1, what about issuing 'df' command and parse that directory ? Or 'mount' command ? I mean on z/OS side. Marian Thanks. I'm just not thinking yet this morning. I think that will work splendidly. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: VSWITCH
Mark I used the following command to couple the vswitch to the nic 0600 couple 0600 to system vsw1 after I did that everything worked fine thanks for your help -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: VSWITCH
If you use the directory entry NICDEF, it will do the define and the couple if define completely and allow for layer 2 routing. Thanks, Gary L. Detro Senior IT Specialist 1177 S. Belt Line Rd; Coppell, TX 75019 Internal Mail Stop: 77-01-3001O; Coppell, TX Phone: 469-549-8174 (t/l 603-8174); Fax: 469-549-8235 (t/l 603-8235) Send me an email [EMAIL PROTECTED] IBM Global Solution Center [EMAIL PROTECTED] Sent by: Linux on 390 Port LINUX-390@VM.MARIST.EDU 06/04/2007 12:03 PM Please respond to Linux on 390 Port LINUX-390@VM.MARIST.EDU To LINUX-390@VM.MARIST.EDU cc Subject Re: VSWITCH Mark I used the following command to couple the vswitch to the nic 0600 couple 0600 to system vsw1 after I did that everything worked fine thanks for your help -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 image/jpegimage/jpeg
Re: VSWITCH
couple 0600 to system vsw1 after I did that everything worked fine Hmmm - that is interesting I am using the z/vm and linux on ibm system z cookbook for sles9 Did you use the nicdef statement: NICDEF 600 TYPE QDIO LAN SYSTEM VSW1 in the PROFILE LNXDFLT as described and bring the changes online with DIRECTXA? With that model the NICDEF should be automatically coupled to the VSWITCH when the user ID logs on. Mike MacIsaac [EMAIL PROTECTED] (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
I believe you set them up just as you would any other FCP lun: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/s390-multi-install-guide/s1-s390info-zfcp.html If you need to share the tape drive across multiple LPARs, you'll need to use NPIV: http://linuxvm.org/present/SHARE107/S9257vs.pdf (although the NPIV link above isn't working for me right now. Mark, can you confirm?) -Brad On Mon, 2007-06-04 at 07:42 -0400, Ayer, Paul W wrote: Good Morning, Having fun trying do define and put on line some tape drives via FCP. I have searched but have not yet found doc I can use that shows a good example of how to define this. Can someone direct me to some doc on this (cookbook or REL4 stuff maybe) Thank you, Paul -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Brad Hinson [EMAIL PROTECTED] Technical Account Manager Red Hat, Inc. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
On Mon, Jun 4, 2007 at 2:33 PM, in message [EMAIL PROTECTED], Brad Hinson [EMAIL PROTECTED] wrote: -snip- to use NPIV: http://linuxvm.org/present/SHARE107/S9257vs.pdf (although the NPIV link above isn't working for me right now. Mark, can you confirm?) Looks like it got truncated on upload. It should be fixed now. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
Hi Brad, Thanks for the info. I have been using the 1st document and all items work fine when doing the commands to /sys/bus/drivers ... but when I move over to the /sys/bus/scsi/devices .. is always empty. Paul -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Brad Hinson Sent: Monday, June 04, 2007 2:33 PM To: LINUX-390@vm.marist.edu Subject: Re: RHEL 4 - FCP - tape drives I believe you set them up just as you would any other FCP lun: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/s390-multi-i nstall-guide/s1-s390info-zfcp.html If you need to share the tape drive across multiple LPARs, you'll need to use NPIV: http://linuxvm.org/present/SHARE107/S9257vs.pdf (although the NPIV link above isn't working for me right now. Mark, can you confirm?) -Brad On Mon, 2007-06-04 at 07:42 -0400, Ayer, Paul W wrote: Good Morning, Having fun trying do define and put on line some tape drives via FCP. I have searched but have not yet found doc I can use that shows a good example of how to define this. Can someone direct me to some doc on this (cookbook or REL4 stuff maybe) Thank you, Paul -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Brad Hinson [EMAIL PROTECTED] Technical Account Manager Red Hat, Inc. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Securing zVM logon via z/OS RACF
Greetings all, Is it possible to use z/OS-based RACF to authenticate a z/VM user (non-Linux)? The idea is to avoid maintaining a second (z/VM-based) RACF instance... Both LPARs (z/OS and z/VM) are on the same CEC... TIA Pat Patrick Carroll | Enterprise Architect L.L.Bean, Inc.(r) | Double L St. | Freeport ME 04033 http://www.llbean.com | [EMAIL PROTECTED] | 207.552.2426 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
Hi, Pat. I believe the short answer is going to be, no, you can not use z/SO RACF to authenticate z/VM users. You can, however, share the RACF database between a z/VM RACF and a z/OS RACF. Pat Carroll wrote: Greetings all, Is it possible to use z/OS-based RACF to authenticate a z/VM user (non-Linux)? The idea is to avoid maintaining a second (z/VM-based) RACF instance... Both LPARs (z/OS and z/VM) are on the same CEC... TIA Pat Patrick Carroll | Enterprise Architect L.L.Bean, Inc.(r) | Double L St. | Freeport ME 04033 http://www.llbean.com | [EMAIL PROTECTED] | 207.552.2426 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- DJ V/Soft -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
Is it possible to use z/OS-based RACF to authenticate a z/VM user (non-Linux)? I don't think so. You can share a database, but that still requires RACF/VM. The LDAP client in 5.3 might be a future possibility (not clear yet; haven't been able to try it), but, you'd have to have VM 5.3, which isn't GA yet. What I'd really like is a ESM that allowed integration of PAM via a Linux guest. That way we'd only have to solve this problem once for LDAP, NIS, NIS+, Kerberos, etc -- db -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
On Monday, 06/04/2007 at 03:57 AST, Pat Carroll [EMAIL PROTECTED] wrote: Greetings all, Is it possible to use z/OS-based RACF to authenticate a z/VM user (non-Linux)? The idea is to avoid maintaining a second (z/VM-based) RACF instance... Both LPARs (z/OS and z/VM) are on the same CEC... No, you cannot avoid the z/VM instance of RACF since something has to process the security requests on the VM system. (The same is true with z/OS - each LPAR has to be running RACF.) What you *can* do is share a RACF database between z/VM and z/OS, performing the non-VM-specific RACF admin from z/OS. There are some restrictions: - You cannot share a database between MVS and VM if the MVS system is in a sysplex (due to non-use of RESERVE/RELEASE) - You cannot use RRSF to synchronize data between RACF on z/OS and z/VM. - RACF/VM server (as opposed to database) administration must be performed from the VM system You can invent a rather complicated configuration wherein you create a small z/OS image running as a z/VM guest. It shares it own RACF database with RACF/VM and is configured to receive RRSF communications from the sysplex. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
On Monday, 06/04/2007 at 04:56 AST, David Boyes [EMAIL PROTECTED] wrote: The LDAP client in 5.3 might be a future possibility (not clear yet; haven't been able to try it), but, you'd have to have VM 5.3, which isn't GA yet. z/VM 5.3 doesn't do that. As with z/OS there is no off-platform authentication. The LDAP server support enables centralized password management, but it isn't a two-way street. Local password changes are not propagated to the central server. What I'd really like is a ESM that allowed integration of PAM via a Linux guest. That way we'd only have to solve this problem once for LDAP, NIS, NIS+, Kerberos, etc The interface for ESMs is fully documented as part of the Access Control Interface. Two components are needed: - A server that connects to *RPI system service - Extensions to CP to manage the *RPI connection, cache security data (for performance), and handle passwords Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
What commands are you using exactly, and what errors are you getting with each path? On Mon, 2007-06-04 at 15:08 -0400, Ayer, Paul W wrote: Hi Brad, Thanks for the info. I have been using the 1st document and all items work fine when doing the commands to /sys/bus/drivers ... but when I move over to the /sys/bus/scsi/devices .. is always empty. Paul -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Brad Hinson Sent: Monday, June 04, 2007 2:33 PM To: LINUX-390@vm.marist.edu Subject: Re: RHEL 4 - FCP - tape drives I believe you set them up just as you would any other FCP lun: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/s390-multi-i nstall-guide/s1-s390info-zfcp.html If you need to share the tape drive across multiple LPARs, you'll need to use NPIV: http://linuxvm.org/present/SHARE107/S9257vs.pdf (although the NPIV link above isn't working for me right now. Mark, can you confirm?) -Brad On Mon, 2007-06-04 at 07:42 -0400, Ayer, Paul W wrote: Good Morning, Having fun trying do define and put on line some tape drives via FCP. I have searched but have not yet found doc I can use that shows a good example of how to define this. Can someone direct me to some doc on this (cookbook or REL4 stuff maybe) Thank you, Paul -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Brad Hinson [EMAIL PROTECTED] Technical Account Manager Red Hat, Inc. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Brad Hinson [EMAIL PROTECTED] Technical Account Manager Red Hat, Inc. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
The LDAP client in 5.3 might be a future possibility z/VM 5.3 doesn't do that. Bummer. Oh, well, time to start writing requirements for next year's WAVV... The interface for ESMs is fully documented as part of the Access Control Interface. Two components are needed: - A server that connects to *RPI system service - Extensions to CP to manage the *RPI connection, cache security data (for performance), and handle passwords Is there an online pointer to that doc? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
Wow,..thanks for the responses. Like David, I was hoping for a little hidden miracle in 5.3 Maybe 5.4? Time to get creative ;)) Patrick Carroll | Enterprise Architect L.L.Bean, Inc.(r) | Double L St. | Freeport ME 04033 http://www.llbean.com | [EMAIL PROTECTED] | 207.552.2426 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of David Boyes Sent: Monday, June 04, 2007 5:30 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Securing zVM logon via z/OS RACF The LDAP client in 5.3 might be a future possibility z/VM 5.3 doesn't do that. Bummer. Oh, well, time to start writing requirements for next year's WAVV... The interface for ESMs is fully documented as part of the Access Control Interface. Two components are needed: - A server that connects to *RPI system service - Extensions to CP to manage the *RPI connection, cache security data (for performance), and handle passwords Is there an online pointer to that doc? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Securing zVM logon via z/OS RACF
On Monday, 06/04/2007 at 05:30 AST, David Boyes [EMAIL PROTECTED] wrote: The interface for ESMs is fully documented as part of the Access Control Interface. Two components are needed: - A server that connects to *RPI system service - Extensions to CP to manage the *RPI connection, cache security data (for performance), and handle passwords Is there an online pointer to that doc? Chapter 11 of the CP Programming Services book, http://publibz.boulder.ibm.com/epubs/pdf/hcse5b11.pdf. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
On Monday, 06/04/2007, Brad Hinson [EMAIL PROTECTED] wrote: I believe you set them up just as you would any other FCP lun: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/s390-multi-i nstall-guide/s1-s390info-zfcp.html If you need to share the tape drive across multiple LPARs, you'll need to use NPIV: http://linuxvm.org/present/SHARE107/S9257vs.pdf NPIV has nothing to do with sharing across LPARs. Sharing is simply a matter of giving an multiple LPARs access to different subchannels the same FCP chpid. N_Port ID Virtualization (NPIV) assigns each subchannel on the FCP chpid its own WWPN so that FC fabric access controls can be applied to each LPAR or guest individually at the subchannel level rather than at the chpid level (as is done on machines without NPIV). To use this support your FC switch must support NPIV. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 4 - FCP - tape drives
Linux on 390 Port LINUX-390@VM.MARIST.EDU wrote on 06/04/2007 03:08:28 PM: Hi Brad, Thanks for the info. I have been using the 1st document and all items work fine when doing the commands to /sys/bus/drivers ... but when I move over to the /sys/bus/scsi/devices .. is always empty. Paul Paul, If you're having problems with commands like these: # cat /sys/bus/scsi/devices/0\:0\:1\:0/hba_id 0.0.010a # cat /sys/bus/scsi/devices/0\:0\:1\:0/wwpn 0x5005076300c18154 # cat /sys/bus/scsi/devices/0\:0\:1\:0/fcp_lun 0x5719 # cat /sys/bus/scsi/devices/0\:0\:1\:0/block/dev 8:0 # cat /sys/bus/scsi/devices/0\:0\:1\:0/block/sda1/dev 8:1 There are extra '\' characters in there. The SCSI device IDs should be written like 0:0:1:0. Go into the directory, and do an ls to see what your SCSI device IDs look like. Mine look like this: [EMAIL PROTECTED]:cd /sys/bus/scsi/devices [EMAIL PROTECTED]:ls 0:0:0:0 1:0:0:0 2:0:0:0 3:0:0:0 [EMAIL PROTECTED]:cat /sys/bus/scsi/devices/3:0:0:0/hba_id 0.0.c403 [EMAIL PROTECTED]:cat /sys/bus/scsi/devices/3:0:0:0/wwpn 0x500507630510477a [EMAIL PROTECTED]:cat /sys/bus/scsi/devices/3:0:0:0/fcp_lun 0x40114081 Thanks, Ray Higgs System z FCP Development Bld. 706, B24 2455 South Road Poughkeepsie, NY 12601 (845) 435-8666, T/L 295-8666 [EMAIL PROTECTED] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Verifying a NFS mountpoint is active?
McKown, John wrote: I'm posting this to both the MVS OS (z/OS UNIX) forum and the Linux forum because it involves both platforms, at least to an extent. I have a Linux box which is running an NFS server. It has a subdirectory which is NFS exported. The z/OS system imports this subdirectory. I have a job on z/OS which writes data to the z/OS UNIX subdirectory which is __supposed__ to be mounted to the Linux machine. And it does, so long as the NFS mount has been issued on the z/OS system (which is not automated at present) and the Linux machine (which is mine - not a server per se) is up. What I'd like to be able to __easily__ figure out are: (1) is the z/OS UNIX subdirectory properly NFS MOUNTed to the Linux system? (2) is the Linux system actually working? (1) Test for the existance of a known directory in the mount point. If it's present, you know everything. In bash, [ -d /net/ns/var ] || echo Oh dear -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Please do not reply off-list -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Script to automate SLES10 minimal installs
I've written a shell script that will create a SLES10 AutoYaST installation file. (These files are similar to Kickstart configuration files.) Since AutoYaST files are in XML, editing one by hand is a little scary, and if you're looking at your first install, you won't have an existing one to modify anyway. I don't know how many people will actually find this useful, but I decided it was worth developing regardless. The script will ask a bunch of questions, try to validate the input as much as I felt capable of coding, and use the input to generate an autoinst.xml file that can be used by AutoYast to install a SLES10 (pre-SP1) system. Once SP1 is GA, I'll probably put out an update to handle that case. The output of the script will be a file named autoinst.xml. It will be created in your current working directory. If there is already a file by that name in your current working directory, it will clobber it. In your kernel parmfile, you point to this file as follows: autoyast=nfs://server.name/path/to/autoinst.xml autoyast=http://server.name/different/pathto/autoinst.xml autoyast=... etc. The filename doesn't _have_ to be autoinst.xml, but if you decide to use a different name, make sure your kernel parmfile matches exactly. There's an entire manual on AutoYaST at http://forgeftp.novell.com/yast/doc/SLES10/autoinstall/index.html for more information. The script should be run on a Linux or UNIX system, but it only requires sh, not bash (you're welcome, Rick). Don't try to run it on Windows, not even if you have Cygwin installed. I tested it with Cygwin _once_, and I have no desire to try to outguess what your Cygwin settings are regarding MS-DOS versus UNIX line-endings, etc. On my Celeron 600 system, it was pretty pokey, so don't be too surprised at the length of time between entering a value and being prompted for the next one. It would be nice if the openssl command is in your PATH, but if not, it will fall back to stuffing plain text passwords into autoinst.xml, if you allow it to. Those passwords will of course be encrypted by the system when putting them into /etc/shadow. That's probably better than not letting it put passwords in at all, since that's even less secure, but I gave you the choice to take that risk. Using this script does _not_ remove the need for creating a good kernel parmfile, or answering all the initial network setup questions. The network has to be up for the system to find the autoinst.xml file. (If you're capable of modifying the initrd to include autoinst.xml, you probably don't need this script in the first place!) I've tested this both on z/VM and in an LPAR using Hercules, and got a usable running system in both cases. Unless you've got a really beefy Hercules system, installing there can take quite a while, so be warned. The resulting system will be _very_ minimal (by SLES/RHEL terms), only 221 packages. The complete list is shown below. You'll find a number of packages you'll want to add on top of that, I'm sure. If you apply the nccreg.diff patch and edit the appropriate values, the system will even register itself for updates via rug, without trying to fire up a web browser. (The values to change should be easy to spot; they all start and end with XXX.) This will add some time to your install, since a lot of network traffic flows between the system and update.novell.com, but you'll need to do it eventually anyway, for at least one system. The system will fit onto one 3390-3, whether a full-pack minidisk (cylinder 0 belonging to z/VM and the other 3338 to Linux), or a full volume (with all 3339 cylinders being used by Linux). To minimize the effort of anyone using this to install a system, when the system is first created, it will be using an LVM logical volume for paging. This means it will work in an LPAR situation, as well as z/VM. In the z/VM case, you can move to using VDISK very simply, and reclaim the LVM space for other use. If you use something larger than a 3390-3, the additional space will wind up in the LVM volume group, available for use as you see fit later on. The file system layout of the resulting system once the installation is complete is: FilesystemSize Used Avail Use% Mounted on /dev/dasda1 388M 85M 284M 23% / /dev/mapper/vg01-home 97M 4.2M 88M 5% /home /dev/mapper/vg01-opt 74M 7.7M 63M 11% /opt /dev/mapper/vg01-tmp 291M 17M 260M 6% /tmp /dev/mapper/vg01-usr 642M 403M 207M 67% /usr /dev/mapper/vg01-var 295M 57M 223M 21% /var FilenameTypeSizeUsedPriority /dev/mapper/vg01-swap partition 524280 0 -1 Since this is being hosted on linuxvm.org, the usual caveats and disclaimers apply in terms of your particular system, how well it will or won't work, support, etc. I tried to assume some level of sanity on the part of anyone using this, so