Re: Dynamicallhy Changing Linux Guest Network
I think that I may have joined after the original message for this thread so I am not sure of the use case. Sounds like you may have a disjoint namespace meaning that you use a different DNS than Active Directory for your non-windows systems (like Linux). Our DirectControl product seamlessly works in this type environment such that you can join AD with a different alias than the hostname. Single sign on with AD still works, you don't need to change the hostname and we have a raft of other features as well. Just an FYI. Best regards, Corey Corey Williams Director of Product Management Centrify Corporation 408.542.7508 office 650.520.8450 mobile corey.willi...@centrify.com www.centrify.com Control. Authorize. Audit. Centralized identity management leveraging Microsoft Active Directory. On 8/14/09 10:01 AM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Yeah, you are right and we know. The effort and cost to duplicate the active directory environment likely won't fly for just Linux on z servers testing. And the AD servers are not in the mainframe datacenter so unlikely that they would suffer the same disaster. In our case though, the real event doesn't have any configuration changes necessary other than the network routers. The best test though is just to go run in the other place for a week or whatever. We'll be doing that too. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Richard Troth Sent: Friday, August 14, 2009 9:52 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Forgive me ... you realize, of course, that you're not getting a true exercise. Touching prod stuff means there's yet another point that's not getting exercised. (Not to mention the exposure ... test things with access to your prod network.) I have fought the same fight where I work (about changing IP addresses). Others have already acquiesced. (Gotta pick yer battles, I guess, but this hostname and IP addr shuffle drives me nuts.) I'm probably telling you something you already know. -- R; On Fri, Aug 14, 2009 at 12:18, Marcy Cortesmarcy.d.cor...@wellsfargo.com wrote: It's because of the software we use to interface to Active Directory for single signon. It doesn't want 2 systems coming in with the same hostname. If we do that, we can't login to the prod systems :( Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Michael MacIsaac Sent: Friday, August 14, 2009 9:02 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Marcy, have to change IPs and hostnames I can understand that you have to change IP addresses. But do you have to change hostnames? Maybe have a DNS system that maps the same hosts to new i...@s? ... just a thought ... Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
-Original Message- From: Said, Nick [mailto:nick_s...@medco.com] Sent: Sunday, August 23, 2009 7:14 AM The script reads a shared CMS file using the cmsfs package then updates config files accordingly. The input file contains network configuration items for both home and DR. By externalizing the data on a CMS disk customization of each Linux server is not required - one script fits all. We plan to use the script for initial builds at home as well. We do it in conjunction with a DHCP lease. Whenever the DHCP client receives any new configuration information, it reconfigures itself through the use of a dhcpcd-hook type script similar to what's done for SAMBA and DHCP in the default SLES release. It works for both provisioning and for DR. I can share details offlist with interested parties, as well. ok r. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
On 8/24/2009 at 7:43 AM, Shedlock, George gshedl...@aegonusa.com wrote: Mark, As I said in one of my earlier posts, I have been using Rexx for a lot of testing. I have implemented a script similar to what Nick has. In my case we have a provisioning job that, when run, places the configuration file that it used to create the guest on the 191 disk. My Rexx script runs in /etc/init.d/boot early enough in the process to change the network parameters and other configuration parameters during the initial startup. I can clean it up a bit if you are interested in that also. Sure, send it on. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Mark, As I said in one of my earlier posts, I have been using Rexx for a lot of testing. I have implemented a script similar to what Nick has. In my case we have a provisioning job that, when run, places the configuration file that it used to create the guest on the 191 disk. My Rexx script runs in /etc/init.d/boot early enough in the process to change the network parameters and other configuration parameters during the initial startup. I can clean it up a bit if you are interested in that also. George Shedlock Jr AEGON Information Technology AEGON USA 502-560-3541 -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Sunday, August 23, 2009 10:40 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Dynamicallhy Changing Linux Guest Network On 8/23/2009 at 10:13 AM, Said, Nick nick_s...@medco.com wrote: -snip- It worked like a charm. If anyone is interested in the details, please contact me off-list. Would you be willing to have it available on linuxvm.org? If so, please send it to me off-list. Thanks, Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Lionel, We just tested such a scenario at a DR exercise this past week. A common script was installed on all our Linux servers and set to execute at an early run-level prior to network initialization. The script reads a shared CMS file using the cmsfs package then updates config files accordingly. The input file contains network configuration items for both home and DR. By externalizing the data on a CMS disk customization of each Linux server is not required - one script fits all. We plan to use the script for initial builds at home as well. It worked like a charm. If anyone is interested in the details, please contact me off-list. ...Nick. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Lionel Dyck Sent: Friday, August 14, 2009 11:01 AM To: LINUX-390@VM.MARIST.EDU Subject: Dynamicallhy Changing Linux Guest Network Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? I've tried playing with it without success - keep missing a piece here or there. thx Lionel B. Dyck, z/Linux Virtualization Specialist IBM Global Services - Kaiser Permanente Team Linux on System z Service Delivery Team 925-926-5332 (8-473-5332) | E-Mail: ld...@us.ibm.com AIM: lbdyck | Yahoo IM: lbdyck I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts. - Sir Arthur Conan Doyle -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 This e-mail message and any attachments contain confidential information from Medco. If you are not the intended recipient, you are hereby notified that disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronic information is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender by reply message and then delete the electronic message and any attachments. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
On 8/23/2009 at 10:13 AM, Said, Nick nick_s...@medco.com wrote: -snip- It worked like a charm. If anyone is interested in the details, please contact me off-list. Would you be willing to have it available on linuxvm.org? If so, please send it to me off-list. Thanks, Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Dynamicallhy Changing Linux Guest Network
Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? I've tried playing with it without success - keep missing a piece here or there. thx Lionel B. Dyck, z/Linux Virtualization Specialist IBM Global Services - Kaiser Permanente Team Linux on System z Service Delivery Team 925-926-5332 (8-473-5332) | E-Mail: ld...@us.ibm.com AIM: lbdyck | Yahoo IM: lbdyck I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts. - Sir Arthur Conan Doyle -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
My eyes have seen the glory ... er, uh ... the elegance of an isolated network where this is not needed and not even desirable. Nice when DR looks 100% like your real data center (just virtualized). But that probably doesn't help you in this context. You can get VM ID and z/VM host node ID from /proc/sysinfo. It's architected. No need for 'hcp' or 'vmcp', just 'grep' for the strings of interest and 'awk' to parse them. You then would want to have some home-grown script (in Linux space) which wraps it all up and automagically sets your DR networking. Not difficult at all, just time consuming. You could also employ (physical) DHCP in your DR network, but your z/VM VSWITCHes would all have to be layer 2. -- R; On Fri, Aug 14, 2009 at 11:01, Lionel Dyckld...@us.ibm.com wrote: Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? I've tried playing with it without success - keep missing a piece here or there. thx Lionel B. Dyck, z/Linux Virtualization Specialist IBM Global Services - Kaiser Permanente Team Linux on System z Service Delivery Team 925-926-5332 (8-473-5332) | E-Mail: ld...@us.ibm.com AIM: lbdyck | Yahoo IM: lbdyck I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts. - Sir Arthur Conan Doyle -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
On Aug 14, 2009, at 10:01 AM, Lionel Dyck wrote: Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? I've tried playing with it without success - keep missing a piece here or there. This is inherently a network-specific question, and I don't think there is a one-size-fits-all approach. A DHCP server that, before starting, does a Q CPUID and swaps the appropriate lease-granting file in is probably the most straightforward approach, but how to do this and do it right is going to be extremely dependent on the specifics of what changes between the DR network and the normal network, or the original network and the changed network. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Use an internal DHCP server configured with specific MAC addresses for each server. Change /etc/dhcp3/dhcpd.conf when you go to DR. That's what it's for. On 8/14/09 11:01 AM, Lionel Dyck ld...@us.ibm.com wrote: Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Actually, you could trivially construct a Linux NAT appliance that would translate between the DR external addresses and the normal ones. It would simply substitute for the default route in the normal network, and NAT appropriately. You just don't bring it up in the normal configuration. On 8/14/09 11:14 AM, Richard Troth vmcow...@gmail.com wrote: My eyes have seen the glory ... er, uh ... the elegance of an isolated network where this is not needed and not even desirable. Nice when DR looks 100% like your real data center (just virtualized). But that probably doesn't help you in this context. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
DHCP is not an option here. In the event of a real disaster, we use the production IP s and hostnames, full replication, all is easy peasy. But for a disaster test, we can't - have to change IPs and hostnames. This can be problematic, but after a while, you make a list and figure it out - not everything uses DNS (think firewall, perhaps load balancers, some stupid sw :). In SuSE 9 and 10, the files that are going to perhaps need attention are /etc/HOSTNAME /etc/hosts /etc/sysconfig/hwcfg-qeth-bus* /etc/sysconfig/network/ifcfg-qeth-bus-ccw-x.x. /etc/sysconfig/network/routes /etc/resolv.conf We also regenerate server SSH keys on a change of the HOSTNAME. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Lionel Dyck Sent: Friday, August 14, 2009 8:01 AM To: LINUX-390@VM.MARIST.EDU Subject: [LINUX-390] Dynamicallhy Changing Linux Guest Network Does anyone have a z/vm and/or linux script that they could share that can be used to dynamically change the linux servers network when the server is brought up at a dr site and/or when the network addressing is changed? I've tried playing with it without success - keep missing a piece here or there. thx Lionel B. Dyck, z/Linux Virtualization Specialist IBM Global Services - Kaiser Permanente Team Linux on System z Service Delivery Team 925-926-5332 (8-473-5332) | E-Mail: ld...@us.ibm.com AIM: lbdyck | Yahoo IM: lbdyck I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts. - Sir Arthur Conan Doyle -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Marcy, have to change IPs and hostnames I can understand that you have to change IP addresses. But do you have to change hostnames? Maybe have a DNS system that maps the same hosts to new i...@s? ... just a thought ... Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
It's because of the software we use to interface to Active Directory for single signon. It doesn't want 2 systems coming in with the same hostname. If we do that, we can't login to the prod systems :( Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Michael MacIsaac Sent: Friday, August 14, 2009 9:02 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Marcy, have to change IPs and hostnames I can understand that you have to change IP addresses. But do you have to change hostnames? Maybe have a DNS system that maps the same hosts to new i...@s? ... just a thought ... Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Forgive me ... you realize, of course, that you're not getting a true exercise. Touching prod stuff means there's yet another point that's not getting exercised. (Not to mention the exposure ... test things with access to your prod network.) I have fought the same fight where I work (about changing IP addresses). Others have already acquiesced. (Gotta pick yer battles, I guess, but this hostname and IP addr shuffle drives me nuts.) I'm probably telling you something you already know. -- R; On Fri, Aug 14, 2009 at 12:18, Marcy Cortesmarcy.d.cor...@wellsfargo.com wrote: It's because of the software we use to interface to Active Directory for single signon. It doesn't want 2 systems coming in with the same hostname. If we do that, we can't login to the prod systems :( Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Michael MacIsaac Sent: Friday, August 14, 2009 9:02 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Marcy, have to change IPs and hostnames I can understand that you have to change IP addresses. But do you have to change hostnames? Maybe have a DNS system that maps the same hosts to new i...@s? ... just a thought ... Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Dynamicallhy Changing Linux Guest Network
Yeah, you are right and we know. The effort and cost to duplicate the active directory environment likely won't fly for just Linux on z servers testing. And the AD servers are not in the mainframe datacenter so unlikely that they would suffer the same disaster. In our case though, the real event doesn't have any configuration changes necessary other than the network routers. The best test though is just to go run in the other place for a week or whatever. We'll be doing that too. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Richard Troth Sent: Friday, August 14, 2009 9:52 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Forgive me ... you realize, of course, that you're not getting a true exercise. Touching prod stuff means there's yet another point that's not getting exercised. (Not to mention the exposure ... test things with access to your prod network.) I have fought the same fight where I work (about changing IP addresses). Others have already acquiesced. (Gotta pick yer battles, I guess, but this hostname and IP addr shuffle drives me nuts.) I'm probably telling you something you already know. -- R; On Fri, Aug 14, 2009 at 12:18, Marcy Cortesmarcy.d.cor...@wellsfargo.com wrote: It's because of the software we use to interface to Active Directory for single signon. It doesn't want 2 systems coming in with the same hostname. If we do that, we can't login to the prod systems :( Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Michael MacIsaac Sent: Friday, August 14, 2009 9:02 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Dynamicallhy Changing Linux Guest Network Marcy, have to change IPs and hostnames I can understand that you have to change IP addresses. But do you have to change hostnames? Maybe have a DNS system that maps the same hosts to new i...@s? ... just a thought ... Mike MacIsaac mike...@us.ibm.com (845) 433-7061 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
