Re: hipersockets don't come up after HW upgrade
Hi Roger, your boot.messages do not show any message refering to 0.0.7000 or hsi0. Your hsi0-device is in state SOFTSETUP, which means it has been activated successfully; just the ifup step fails. The configuration file for ifup is /etc/sysconfig/network/ifcfg-hsi0. Can you check the definitions of this file? By the way, you have chosen layer2=1 for your hsi0-device. This is ok, but it allows communication to other layer2 HiperSockets participants only, no layer3 HiperSockets participants. Regards, Ursula Braun, IBM Germany On Tue, 2011-11-08 at 08:39 +0100, Roger Evans wrote: Hi, Ursula uname -a Linux DPRODDB2 2.6.32.46-0.3-default #1 SMP 2011-09-29 17:49:31 +0200 s390x s390x s390x GNU/Linux lsqeth ... [other devices] Device name : hsi0 - card_type : HiperSockets cdev0 : 0.0.7000 cdev1 : 0.0.7001 cdev2 : 0.0.7002 chpid : F1 online : 1 portname: no portname required portno : 0 state : SOFTSETUP priority_queueing : always queue 2 buffer_count: 16 layer2 : 1 isolation : none I am attaching the results of the dmesg command Med vennlig hilsen Roger Evans -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
THanks for that tip. I can't remember having chosen level2, but I see that my other (older) interfaces are not level2, so, yes, I would like to switch to level3. I used the commands (from Device Drivers, Features...) to to take the device offline and to make it not level2 (level2=9); After that, lsqeth showed it as level2=0. But after rebooting, it reverted to level2=1. I noticed the following message on VM when booting: --- ..skippedWaiting for mandatory devices: hsi-bus-ccw-0.0.7000 __NSC__ 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 hsi-bus-ccw-0.0.7000No interface found Any idea what I'm missing? Roger On Tue, 2011-11-08 at 09:37 +0100, Ursula Braun wrote: Hi Roger, your boot.messages do not show any message refering to 0.0.7000 or hsi0. Your hsi0-device is in state SOFTSETUP, which means it has been activated successfully; just the ifup step fails. The configuration file for ifup is /etc/sysconfig/network/ifcfg-hsi0. Can you check the definitions of this file? By the way, you have chosen layer2=1 for your hsi0-device. This is ok, but it allows communication to other layer2 HiperSockets participants only, no layer3 HiperSockets participants. Regards, Ursula Braun, IBM Germany On Tue, 2011-11-08 at 08:39 +0100, Roger Evans wrote: Hi, Ursula uname -a Linux DPRODDB2 2.6.32.46-0.3-default #1 SMP 2011-09-29 17:49:31 +0200 s390x s390x s390x GNU/Linux lsqeth ... [other devices] Device name : hsi0 - card_type : HiperSockets cdev0 : 0.0.7000 cdev1 : 0.0.7001 cdev2 : 0.0.7002 chpid : F1 online : 1 portname: no portname required portno : 0 state : SOFTSETUP priority_queueing : always queue 2 buffer_count: 16 layer2 : 1 isolation : none I am attaching the results of the dmesg command Med vennlig hilsen Roger Evans -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
Forgot to send the info you requested: DPRODDB2:/etc/sysconfig/network # cat ifcfg-hsi0 BOOTPROTO='static' BROADCAST='' ETHTOOL_OPTIONS='' IPADDR='10.5.2.11/16' LLADDR='00:00:00:00:00:00' MTU='' NAME='Hipersocket (0.0.7000)' NETWORK='' REMOTE_IPADDR='' STARTMODE='manual' USERCONTROL='no' Roger On Tue, 2011-11-08 at 09:37 +0100, Ursula Braun wrote: Hi Roger, your boot.messages do not show any message refering to 0.0.7000 or hsi0. Your hsi0-device is in state SOFTSETUP, which means it has been activated successfully; just the ifup step fails. The configuration file for ifup is /etc/sysconfig/network/ifcfg-hsi0. Can you check the definitions of this file? By the way, you have chosen layer2=1 for your hsi0-device. This is ok, but it allows communication to other layer2 HiperSockets participants only, no layer3 HiperSockets participants. Regards, Ursula Braun, IBM Germany On Tue, 2011-11-08 at 08:39 +0100, Roger Evans wrote: Hi, Ursula uname -a Linux DPRODDB2 2.6.32.46-0.3-default #1 SMP 2011-09-29 17:49:31 +0200 s390x s390x s390x GNU/Linux lsqeth ... [other devices] Device name : hsi0 - card_type : HiperSockets cdev0 : 0.0.7000 cdev1 : 0.0.7001 cdev2 : 0.0.7002 chpid : F1 online : 1 portname: no portname required portno : 0 state : SOFTSETUP priority_queueing : always queue 2 buffer_count: 16 layer2 : 1 isolation : none I am attaching the results of the dmesg command Med vennlig hilsen Roger Evans -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
Roger, get rid of the LLADDR='00:00:00:00:00:00' definition. ifup does no longer work for a zero MAC-address. HiperSockets define a MAC-address; during initialization Linux determines this MAC-address and uses it, if LLADDR is not defined. Ursula On Tue, 2011-11-08 at 10:47 +0100, Roger Evans wrote: Forgot to send the info you requested: DPRODDB2:/etc/sysconfig/network # cat ifcfg-hsi0 BOOTPROTO='static' BROADCAST='' ETHTOOL_OPTIONS='' IPADDR='10.5.2.11/16' LLADDR='00:00:00:00:00:00' MTU='' NAME='Hipersocket (0.0.7000)' NETWORK='' REMOTE_IPADDR='' STARTMODE='manual' USERCONTROL='no' Roger -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
Roger, when configuring a network interface with yast, a udev-rule is created for the device containing qeth attribute definitions, among them attribute layer2. Look into /etc/udev/rules.d and check a rule starting with 51-...7000... . I assume this rule contains a line with layer2=1. Change this into layer2=0 and the device should come up with layer3 after reboot. Ursula On Tue, 2011-11-08 at 10:45 +0100, Roger Evans wrote: THanks for that tip. I can't remember having chosen level2, but I see that my other (older) interfaces are not level2, so, yes, I would like to switch to level3. I used the commands (from Device Drivers, Features...) to to take the device offline and to make it not level2 (level2=9); After that, lsqeth showed it as level2=0. But after rebooting, it reverted to level2=1. I noticed the following message on VM when booting: --- ..skippedWaiting for mandatory devices: hsi-bus-ccw-0.0.7000 __NSC__ 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 hsi-bus-ccw-0.0.7000No interface found Any idea what I'm missing? Roger -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
Thank you, Ursula That solved the problem. I can now ping and ftp between my layer3 hipersockets. I still get the Waiting for mandatory devices. hsi-bus-ccw-0.0.7000 No interface found msg. when booting but now that it works, I'll just stop watching. You're pretty amazing. Think you could fix the Greek deficit crisis, too? Best Regards Roger Evans, Autodata Norge A/S http://www.autodata.no On Tue, 2011-11-08 at 12:22 +0100, Ursula Braun wrote: Roger, get rid of the LLADDR='00:00:00:00:00:00' definition. ifup does no longer work for a zero MAC-address. HiperSockets define a MAC-address; during initialization Linux determines this MAC-address and uses it, if LLADDR is not defined. Ursula On Tue, 2011-11-08 at 10:47 +0100, Roger Evans wrote: Forgot to send the info you requested: DPRODDB2:/etc/sysconfig/network # cat ifcfg-hsi0 BOOTPROTO='static' BROADCAST='' ETHTOOL_OPTIONS='' IPADDR='10.5.2.11/16' LLADDR='00:00:00:00:00:00' MTU='' NAME='Hipersocket (0.0.7000)' NETWORK='' REMOTE_IPADDR='' STARTMODE='manual' USERCONTROL='no' Roger -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
Roger, good news. I am working in the networking team of Linux on System z development; thus qeth-related problems are my daily business. But please do not ask me financial questions ;-) For your remaining problem: Have you upgraded your system from SLES10? In this case you may still have old configuration files /etc/sysconfig/hardware/hwcfg-hsi-bus-ccw-0.0.7000 or /etc/sysconfig/network/ifcfg-hsi-bus-ccw-0.0.7000. Those are no longer needed for SLES11 and can be removed. Ursula On Tue, 2011-11-08 at 12:58 +0100, Roger Evans wrote: Thank you, Ursula That solved the problem. I can now ping and ftp between my layer3 hipersockets. I still get the Waiting for mandatory devices. hsi-bus-ccw-0.0.7000 No interface found msg. when booting but now that it works, I'll just stop watching. You're pretty amazing. Think you could fix the Greek deficit crisis, too? Best Regards Roger Evans, Autodata Norge A/S http://www.autodata.no -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: hipersockets don't come up after HW upgrade
That worked - the error msg. went away, and it shaved about 20 seconds off the boot time. This was a new clone of SLES11sp1. So the file must have been created by yast or something else I did while trying to fix the problem. Since you're paying taxes in Germany, I suppose you're doing your part to fix the other crisis and we appreciate that, too. Best Regards Roger Evans, Autodata Norge A/S http://www.autodata.no On Tue, 2011-11-08 at 13:18 +0100, Ursula Braun wrote: Roger, good news. I am working in the networking team of Linux on System z development; thus qeth-related problems are my daily business. But please do not ask me financial questions ;-) For your remaining problem: Have you upgraded your system from SLES10? In this case you may still have old configuration files /etc/sysconfig/hardware/hwcfg-hsi-bus-ccw-0.0.7000 or /etc/sysconfig/network/ifcfg-hsi-bus-ccw-0.0.7000. Those are no longer needed for SLES11 and can be removed. Ursula On Tue, 2011-11-08 at 12:58 +0100, Roger Evans wrote: Thank you, Ursula That solved the problem. I can now ping and ftp between my layer3 hipersockets. I still get the Waiting for mandatory devices. hsi-bus-ccw-0.0.7000 No interface found msg. when booting but now that it works, I'll just stop watching. You're pretty amazing. Think you could fix the Greek deficit crisis, too? Best Regards Roger Evans, Autodata Norge A/S http://www.autodata.no -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: mvsdasd
Stop calling this a security problem. (but see below about the conf file) The security point for virtual machines is devices. If the device is available, then whatever the guest does is okay by definition. Just because the current crop of security weebles don't get it does not a true problem make. They are going to have to figure out virtualization eventually. (Maybe compare MVS vols to USB sticks? Would the light bulb come on then?) If the security police don't want the disk (or flash drive) read and/or reformatted by (eg) the Windoze box, don't plug it in! If one wants to take issue with the config file being mis-tagged as a security solution, THAT is a legit beef. It's a doc issue. (Jacob was on this list a year ago. Guessing he still is, but please, debate it offline.) But again, it's outside the security model of virtualization. (Thankfully the name of that dataset does not have sec in it.) -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Mon, Nov 7, 2011 at 12:39, Alan Altmark alan_altm...@us.ibm.com wrote: On Monday, 11/07/2011 at 11:12 EST, Richard Gasiorowski rgasi...@csc.com wrote: Robert - the read-only seemed harmless and as far as security that could get ugly, We sue CA TSS thru PAM calls and I would not want even ask what that would cause. really thank you for taking the time The bottom line is that unless you have a problem on z/OS that is solved by mvsdasd, don't use it, as it adds problems of its own that don't have good solutions. The security issues pretty much kill it. Definitely read those old posts. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: mvsdasd
On Tuesday, 11/08/2011 at 10:49 EST, Richard Troth vmcow...@gmail.com wrote: Stop calling this a security problem. (but see below about the conf file) The security point for virtual machines is devices. If the device is available, then whatever the guest does is okay by definition. No, it's not. It may be ok by *policy*, but not by *definition*. For example, if the volume contains cardholder data, PCI applies and strong access controls are required and all access to the cardholder data must be logged. If you have two logs, then you must have an automated way to reconstruct who accessed the cardholder data. Just because the current crop of security weebles don't get it does not a true problem make. They are going to have to figure out virtualization eventually. (Maybe compare MVS vols to USB sticks? Would the light bulb come on then?) If the security police don't want the disk (or flash drive) read and/or reformatted by (eg) the Windoze box, don't plug it in! Eh? Security controls inhibit you when you DO plug in the USB stick. E.g. configured to ignore USB ports. Don't autoplay. Etc. If one wants to take issue with the config file being mis-tagged as a security solution, THAT is a legit beef. It's a doc issue. (Jacob was on this list a year ago. Guessing he still is, but please, debate it offline.) But again, it's outside the security model of virtualization. (Thankfully the name of that dataset does not have sec in it.) I'm not talking about security of the dasd volume -- that's fully covered by z/VM. Rather, I'm speaking of logical controls on the datasets that reside on the volume and the VTOC itself. Of course, if the volume contains only those datasets that the Linux guest is permitted to see, then there's not a logical access issue, BUT the dataset access isn't audited. Any audit on the z/VM side can't be correlated with anything on the z/OS side. IF these datasets are specifically constructed for Linux's use, e.g. as a pre-boot configuration manager (a la CMS), then the audit issue may be able to be ignored. This is an example of a having a problem (Linux pre-configuration management without z/VM) that mvsdasd can solve. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Jumbp Frames and VSWITCH
Hi We just set up a 10GB OSA network and we are planning to use Jumbo Frames. Is there anything that I need to do on the VSWITCH to allow for Jumbo Frame transfers ? Thank You, Terry Martin Principal Systems Engineer Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Jumbp Frames and VSWITCH
On Wednesday, 11/09/2011 at 12:19 EST, Martin, Terry R. (CMS/CTR) (CTR) terry.mar...@cms.hhs.gov wrote: We just set up a 10GB OSA network and we are planning to use Jumbo Frames. Is there anything that I need to do on the VSWITCH to allow for Jumbo Frame transfers ? No, there's nothing to configure. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: mvsdasd
On Wed, Nov 9th, 2011 at 3:44 PM, Alan Altmark wrote: Just because the current crop of security weebles don't get it does not a true problem make. Eh? LOL. Should it come to pass that Alan and I are once again in the same bar imbibing the best of Aussie brews/wine, I must remember to remind him of the time he was accused of being a (security) weebie (which I just had to look up to assuage my ignorance). :-) Shane ... -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
