Re: [zones-discuss] Setting process.max-file-descriptor per zone?
Hi Zoram, I understand that you set these values in each zones /etc/project file like this: bash-3.00# cat /etc/project system:0 user.root:1: noproject:2 default:3process.max-file-descriptor=(basic,1024,deny) group.staff:10 Hope this helps. Andy Zoram Thanga wrote: > Hi, > > Has anyone succeeded in setting the process.max-file-descriptor rctl on > a per-zone level? Somewhat like making the > > set rlim_fd_cur=x > set rlim_fd_max=y > > entries in /etc/system? The setting must apply to all processes in a > given zone, independently of the settings in the GZ or other NGZ's. > > At present max-file-descriptor is not a zone level rctl, and there are > some *legacy* applications that are started out from inittab that > wouldn't honor SRM project settings or start up before SRM settings are > applied. > > Any ideas appreciated. > > Thanks, > Zoram > -- == Title : SAP Technical Design Consultant Tel: +44 (0)161 905 8112 Fax: +44 (0)870 1617421 Mobile : +44 (0)7711 639937 Car: +44 (0)7770 630428 Business Email : [EMAIL PROTECTED] Sms/Pager : [EMAIL PROTECTED] == ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Setting process.max-file-descriptor per zone?
Hi Steve, Thanks for the suggestions. Steve Lawrence wrote: > We currently don't have a mechanism for stating the default rctls for all > processes on a per-zone basis. > > Are these apps still being started out of inittab in the zone? Yes. These are apps from the largest database software maker ;) > > If so, can you run a script from inittab or from /etc/rc0.d to run the > commands: > > prctl -n process.max-file-descriptor -t basic -r -v `pgrep -x init` > prctl -n process.max-file-descriptor -t priv -r -v `pgrep -x init` > > If you can run these commands before init starts your legacy applications, > then they will inherit init's process.max-file-descriptor values. This sounds like an approach we can use because we can't modify the apps themselves. The problem is that the app's daemons on startup call sysconf(3C) to get the max number of descriptors (fd_max) and close all descriptors from 0 to fd_max. This can take a very long time when, for example, fd_max is 2.15G! > > I'm guessing that the rctl tuning is only desired for the legacy apps, > and not for all processes started by init. > This is correct. Thanks, Zoram > The best thing to do would be to stop using inittab, and instead create a > service for these legacy apps. This service can be assigned to a project, > and the project can specify the rctls as desired. You could also start > the legacy apps from an /etc/rc?.d script, and set the rctls in the script: > > cat /etc/rc3.d/S99startlegacyapps > #!/sbin/sh > prctl -n process.max-file-descriptor -t basic -r -v $$ > prctl -n process.max-file-descriptor -t priv -r -v $$ > <..start legacy applications...> > exit 0 > > -Steve L. > > On Wed, Aug 01, 2007 at 07:44:51PM +0530, Zoram Thanga wrote: >> Hi, >> >> Has anyone succeeded in setting the process.max-file-descriptor rctl on >> a per-zone level? Somewhat like making the >> >> set rlim_fd_cur=x >> set rlim_fd_max=y >> >> entries in /etc/system? The setting must apply to all processes in a >> given zone, independently of the settings in the GZ or other NGZ's. >> >> At present max-file-descriptor is not a zone level rctl, and there are >> some *legacy* applications that are started out from inittab that >> wouldn't honor SRM project settings or start up before SRM settings are >> applied. >> >> Any ideas appreciated. >> >> Thanks, >> Zoram >> -- >> Zoram Thanga::Sun Cluster Development::http://blogs.sun.com/zoram >> ___ >> zones-discuss mailing list >> zones-discuss@opensolaris.org -- Zoram Thanga::Sun Cluster Development::http://blogs.sun.com/zoram ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
Here is the output: [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F labv490-01z5: Zone state is invalid for the requested operation [EMAIL PROTECTED] -Original Message- From: Mike Gerdts [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 01, 2007 5:30 PM To: Yanakiev, Vladimir Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete > zonecfg: illegal option -- F > usage: zonecfg help > zonecfg -z(interactive) > zonecfg -z > zonecfg -z -f > [EMAIL PROTECTED] Try this: zonecfg -z labv490-01z5 delete -F -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
Hi What does zonadm -z labv490-01z5 have to say, ie is the zone in a state other than installed? so the complete steps for an installed zone are: zoneadm list -cv ( just to see zone state ) zoneadm -z labv490-01z5 halt ( if not in installed state ) zoneadm -z labv490-01z5 uninstall -F zonecfg -z labv490-01z5 delete -F if above fails then give the complete output from above commands, including the zoneadm list -cv. Enda Yanakiev, Vladimir wrote: > Here is the output: > > [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F > labv490-01z5: Zone state is invalid for the requested operation > [EMAIL PROTECTED] > > -Original Message- > From: Mike Gerdts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 01, 2007 5:30 PM > To: Yanakiev, Vladimir > Cc: zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: >> [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete >> zonecfg: illegal option -- F >> usage: zonecfg help >> zonecfg -z(interactive) >> zonecfg -z >> zonecfg -z -f >> [EMAIL PROTECTED] > > Try this: > > zonecfg -z labv490-01z5 delete -F > ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
That was my first question - I can not figure out how this did happened. We have the xml, but the entry in the index file is missing. Maybe, the zoneadm -z...delete command got interrupted in the middle?... Fixing the problem by deleting the file is obvious, but the second question is, isn't it more adequate zonecfg to be able to handle this set problems? Isn't it better the -F option to disregard the status (or, the lack of it at all)? If we agree that this is not correct action, we have to open bug/fix? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:31 AM To: Yanakiev, Vladimir Cc: Mike Gerdts; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: > > Here it is: > > [EMAIL PROTECTED] zoneadm list -cv > ID NAME STATUS PATH >0 global running/ >1 labv490-01z3 running/export/zones/labv490-01z3/main >2 labv490-01z2 running/export/zones/labv490-01z2/main >4 labv490wsz2 running/export/zones/labv490wsz2/main >5 labv490wsz3 running/export/zones/labv490wsz3/main >6 labv490-01z1 running/export/zones/labv490-01z1/main >7 labv490wsz1 running/export/zones/labv490wsz1/main >8 labv490-01z6 running/export/zones/labv490-01z6/main > 16 labv490-01z7 running/export/zones/labv490-01z7/main > 43 labv490-01z4 running/export/zones/labv490-01z4/main > [EMAIL PROTECTED] > > As you can see, because the index file doesn't have info for the zone, > zoneadm will report nothing about it! Ok, wasn't aware of this problem :-) Any idea on how this occurred, i.e. steps taken to create the zonecfg for the zone without the index file getting updated, is this in a veritas cluster by any chance? Is there an xml file in /etc/zones for labv490-01z5? If not one could run zonecfg to create one, otherwise the only route I can see is to update the index file manually ( need to be careful here ) to include a reference to the missing zone, then retry. But I'd be interested in why this missing entry occurred to start with. Enda > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 02, 2007 9:16 AM > To: Yanakiev, Vladimir > Cc: Mike Gerdts; zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > Hi > What does zonadm -z labv490-01z5 have to say, ie is the zone in a state > other than installed? > > so the complete steps for an installed zone are: > zoneadm list -cv ( just to see zone state ) > > zoneadm -z labv490-01z5 halt ( if not in installed state ) > zoneadm -z labv490-01z5 uninstall -F > zonecfg -z labv490-01z5 delete -F > > if above fails then give the complete output from above commands, > including the zoneadm list -cv. > > > Enda > > > Yanakiev, Vladimir wrote: >> Here is the output: >> >> [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F >> labv490-01z5: Zone state is invalid for the requested operation >> [EMAIL PROTECTED] >> >> -Original Message- >> From: Mike Gerdts [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, August 01, 2007 5:30 PM >> To: Yanakiev, Vladimir >> Cc: zones-discuss@opensolaris.org >> Subject: Re: [zones-discuss] zonecfg question >> >> On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: >>> [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete >>> zonecfg: illegal option -- F >>> usage: zonecfg help >>> zonecfg -z(interactive) >>> zonecfg -z >>> zonecfg -z -f >>> [EMAIL PROTECTED] >> Try this: >> >> zonecfg -z labv490-01z5 delete -F >> > ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
Here it is: [EMAIL PROTECTED] zoneadm list -cv ID NAME STATUS PATH 0 global running/ 1 labv490-01z3 running/export/zones/labv490-01z3/main 2 labv490-01z2 running/export/zones/labv490-01z2/main 4 labv490wsz2 running/export/zones/labv490wsz2/main 5 labv490wsz3 running/export/zones/labv490wsz3/main 6 labv490-01z1 running/export/zones/labv490-01z1/main 7 labv490wsz1 running/export/zones/labv490wsz1/main 8 labv490-01z6 running/export/zones/labv490-01z6/main 16 labv490-01z7 running/export/zones/labv490-01z7/main 43 labv490-01z4 running/export/zones/labv490-01z4/main [EMAIL PROTECTED] As you can see, because the index file doesn't have info for the zone, zoneadm will report nothing about it! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:16 AM To: Yanakiev, Vladimir Cc: Mike Gerdts; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Hi What does zonadm -z labv490-01z5 have to say, ie is the zone in a state other than installed? so the complete steps for an installed zone are: zoneadm list -cv ( just to see zone state ) zoneadm -z labv490-01z5 halt ( if not in installed state ) zoneadm -z labv490-01z5 uninstall -F zonecfg -z labv490-01z5 delete -F if above fails then give the complete output from above commands, including the zoneadm list -cv. Enda Yanakiev, Vladimir wrote: > Here is the output: > > [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F > labv490-01z5: Zone state is invalid for the requested operation > [EMAIL PROTECTED] > > -Original Message- > From: Mike Gerdts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 01, 2007 5:30 PM > To: Yanakiev, Vladimir > Cc: zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: >> [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete >> zonecfg: illegal option -- F >> usage: zonecfg help >> zonecfg -z(interactive) >> zonecfg -z >> zonecfg -z -f >> [EMAIL PROTECTED] > > Try this: > > zonecfg -z labv490-01z5 delete -F > ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
Yanakiev, Vladimir wrote: > > Here it is: > > [EMAIL PROTECTED] zoneadm list -cv > ID NAME STATUS PATH >0 global running/ >1 labv490-01z3 running/export/zones/labv490-01z3/main >2 labv490-01z2 running/export/zones/labv490-01z2/main >4 labv490wsz2 running/export/zones/labv490wsz2/main >5 labv490wsz3 running/export/zones/labv490wsz3/main >6 labv490-01z1 running/export/zones/labv490-01z1/main >7 labv490wsz1 running/export/zones/labv490wsz1/main >8 labv490-01z6 running/export/zones/labv490-01z6/main > 16 labv490-01z7 running/export/zones/labv490-01z7/main > 43 labv490-01z4 running/export/zones/labv490-01z4/main > [EMAIL PROTECTED] > > As you can see, because the index file doesn't have info for the zone, > zoneadm will report nothing about it! Ok, wasn't aware of this problem :-) Any idea on how this occurred, i.e. steps taken to create the zonecfg for the zone without the index file getting updated, is this in a veritas cluster by any chance? Is there an xml file in /etc/zones for labv490-01z5? If not one could run zonecfg to create one, otherwise the only route I can see is to update the index file manually ( need to be careful here ) to include a reference to the missing zone, then retry. But I'd be interested in why this missing entry occurred to start with. Enda > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 02, 2007 9:16 AM > To: Yanakiev, Vladimir > Cc: Mike Gerdts; zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > Hi > What does zonadm -z labv490-01z5 have to say, ie is the zone in a state > other than installed? > > so the complete steps for an installed zone are: > zoneadm list -cv ( just to see zone state ) > > zoneadm -z labv490-01z5 halt ( if not in installed state ) > zoneadm -z labv490-01z5 uninstall -F > zonecfg -z labv490-01z5 delete -F > > if above fails then give the complete output from above commands, > including the zoneadm list -cv. > > > Enda > > > Yanakiev, Vladimir wrote: >> Here is the output: >> >> [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F >> labv490-01z5: Zone state is invalid for the requested operation >> [EMAIL PROTECTED] >> >> -Original Message- >> From: Mike Gerdts [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, August 01, 2007 5:30 PM >> To: Yanakiev, Vladimir >> Cc: zones-discuss@opensolaris.org >> Subject: Re: [zones-discuss] zonecfg question >> >> On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: >>> [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete >>> zonecfg: illegal option -- F >>> usage: zonecfg help >>> zonecfg -z(interactive) >>> zonecfg -z >>> zonecfg -z -f >>> [EMAIL PROTECTED] >> Try this: >> >> zonecfg -z labv490-01z5 delete -F >> > ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
Yanakiev, Vladimir wrote: > That was my first question - I can not figure out how this did happened. > We have the xml, but the entry in the index file is missing. Maybe, the > zoneadm -z...delete command got interrupted in the middle?... Fixing the > problem by deleting the file is obvious, but the second question is, > isn't it more adequate zonecfg to be able to handle this set problems? > Isn't it better the -F option to disregard the status (or, the lack of > it at all)? If we agree that this is not correct action, we have to open > bug/fix? hmm, hard to tell what happened I guess. the zoneadm delete was run was it? or is this some kind of say veritas cluster env, where the zonecfg did not get propogated to the node in question? I'm not in development, but I'd tend to agree that if such an inconsistency is detected, it would be good if we could somehow force the cleanup. But I'd let zones dev comment more on that one. Enda > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 02, 2007 9:31 AM > To: Yanakiev, Vladimir > Cc: Mike Gerdts; zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > Yanakiev, Vladimir wrote: >> >> Here it is: >> >> [EMAIL PROTECTED] zoneadm list -cv >> ID NAME STATUS PATH >>0 global running/ >>1 labv490-01z3 running/export/zones/labv490-01z3/main >>2 labv490-01z2 running/export/zones/labv490-01z2/main >>4 labv490wsz2 running/export/zones/labv490wsz2/main >>5 labv490wsz3 running/export/zones/labv490wsz3/main >>6 labv490-01z1 running/export/zones/labv490-01z1/main >>7 labv490wsz1 running/export/zones/labv490wsz1/main >>8 labv490-01z6 running/export/zones/labv490-01z6/main >> 16 labv490-01z7 running/export/zones/labv490-01z7/main >> 43 labv490-01z4 running/export/zones/labv490-01z4/main >> [EMAIL PROTECTED] >> >> As you can see, because the index file doesn't have info for the zone, >> zoneadm will report nothing about it! > > Ok, wasn't aware of this problem :-) > Any idea on how this occurred, i.e. steps taken to create the zonecfg > for the zone without the index file getting updated, is this in a > veritas cluster by any chance? > > > Is there an xml file in /etc/zones for labv490-01z5? > If not one could run zonecfg to create one, otherwise the only route I > can see is to update the index file manually ( need to be careful here ) > > to include a reference to the missing zone, then retry. > > But I'd be interested in why this missing entry occurred to start with. > > Enda > > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Thursday, August 02, 2007 9:16 AM >> To: Yanakiev, Vladimir >> Cc: Mike Gerdts; zones-discuss@opensolaris.org >> Subject: Re: [zones-discuss] zonecfg question >> >> Hi >> What does zonadm -z labv490-01z5 have to say, ie is the zone in a > state >> other than installed? >> >> so the complete steps for an installed zone are: >> zoneadm list -cv ( just to see zone state ) >> >> zoneadm -z labv490-01z5 halt ( if not in installed state ) >> zoneadm -z labv490-01z5 uninstall -F >> zonecfg -z labv490-01z5 delete -F >> >> if above fails then give the complete output from above commands, >> including the zoneadm list -cv. >> >> >> Enda >> >> >> Yanakiev, Vladimir wrote: >>> Here is the output: >>> >>> [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F >>> labv490-01z5: Zone state is invalid for the requested operation >>> [EMAIL PROTECTED] >>> >>> -Original Message- >>> From: Mike Gerdts [mailto:[EMAIL PROTECTED] >>> Sent: Wednesday, August 01, 2007 5:30 PM >>> To: Yanakiev, Vladimir >>> Cc: zones-discuss@opensolaris.org >>> Subject: Re: [zones-discuss] zonecfg question >>> >>> On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> > wrote: [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete zonecfg: illegal option -- F usage: zonecfg help zonecfg -z(interactive) zonecfg -z zonecfg -z -f [EMAIL PROTECTED] >>> Try this: >>> >>> zonecfg -z labv490-01z5 delete -F >>> > > ___ > zones-discuss mailing list > zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
While I don't have a reason why the index entry is missing I'd just like to add that the index entry stays until a delete occurs. zonecfg -z xxx delete -John Yanakiev, Vladimir wrote: No, there are no Veritas products on this server: [EMAIL PROTECTED] pkginfo |grep VRTS [EMAIL PROTECTED] zfs list |grep z5 DG1/demo 24.5K 63.2G 24.5K /export/zones/labv490-01z5/fs/export/demo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:48 AM To: Yanakiev, Vladimir Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: That was my first question - I can not figure out how this did happened. We have the xml, but the entry in the index file is missing. Maybe, the zoneadm -z...delete command got interrupted in the middle?... Fixing the problem by deleting the file is obvious, but the second question is, isn't it more adequate zonecfg to be able to handle this set problems? Isn't it better the -F option to disregard the status (or, the lack of it at all)? If we agree that this is not correct action, we have to open bug/fix? hmm, hard to tell what happened I guess. the zoneadm delete was run was it? or is this some kind of say veritas cluster env, where the zonecfg did not get propogated to the node in question? I'm not in development, but I'd tend to agree that if such an inconsistency is detected, it would be good if we could somehow force the cleanup. But I'd let zones dev comment more on that one. Enda -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:31 AM To: Yanakiev, Vladimir Cc: Mike Gerdts; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: Here it is: [EMAIL PROTECTED] zoneadm list -cv ID NAME STATUS PATH 0 global running/ 1 labv490-01z3 running/export/zones/labv490-01z3/main 2 labv490-01z2 running/export/zones/labv490-01z2/main 4 labv490wsz2 running/export/zones/labv490wsz2/main 5 labv490wsz3 running/export/zones/labv490wsz3/main 6 labv490-01z1 running/export/zones/labv490-01z1/main 7 labv490wsz1 running/export/zones/labv490wsz1/main 8 labv490-01z6 running/export/zones/labv490-01z6/main 16 labv490-01z7 running/export/zones/labv490-01z7/main 43 labv490-01z4 running/export/zones/labv490-01z4/main [EMAIL PROTECTED] As you can see, because the index file doesn't have info for the zone, zoneadm will report nothing about it! Ok, wasn't aware of this problem :-) Any idea on how this occurred, i.e. steps taken to create the zonecfg for the zone without the index file getting updated, is this in a veritas cluster by any chance? Is there an xml file in /etc/zones for labv490-01z5? If not one could run zonecfg to create one, otherwise the only route I can see is to update the index file manually ( need to be careful here ) to include a reference to the missing zone, then retry. But I'd be interested in why this missing entry occurred to start with. Enda -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:16 AM To: Yanakiev, Vladimir Cc: Mike Gerdts; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Hi What does zonadm -z labv490-01z5 have to say, ie is the zone in a state other than installed? so the complete steps for an installed zone are: zoneadm list -cv ( just to see zone state ) zoneadm -z labv490-01z5 halt ( if not in installed state ) zoneadm -z labv490-01z5 uninstall -F zonecfg -z labv490-01z5 delete -F if above fails then give the complete output from above commands, including the zoneadm list -cv. Enda Yanakiev, Vladimir wrote: Here is the output: [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F labv490-01z5: Zone state is invalid for the requested operation [EMAIL PROTECTED] -Original Message- From: Mike Gerdts [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 01, 2007 5:30 PM To: Yanakiev, Vladimir Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete zonecfg: illegal option -- F usage: zonecfg help zonecfg -z(interactive) zonecfg -z zonecfg -z -f [EMAIL PROTECTED] Try this: zonecfg -z labv490-01z5 delete -F ___ zones-discuss mailing list zones-discuss@opensolaris.org ___
Re: [zones-discuss] zonecfg question
No, there are no Veritas products on this server: [EMAIL PROTECTED] pkginfo |grep VRTS [EMAIL PROTECTED] zfs list |grep z5 DG1/demo 24.5K 63.2G 24.5K /export/zones/labv490-01z5/fs/export/demo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:48 AM To: Yanakiev, Vladimir Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: > That was my first question - I can not figure out how this did happened. > We have the xml, but the entry in the index file is missing. Maybe, the > zoneadm -z...delete command got interrupted in the middle?... Fixing the > problem by deleting the file is obvious, but the second question is, > isn't it more adequate zonecfg to be able to handle this set problems? > Isn't it better the -F option to disregard the status (or, the lack of > it at all)? If we agree that this is not correct action, we have to open > bug/fix? hmm, hard to tell what happened I guess. the zoneadm delete was run was it? or is this some kind of say veritas cluster env, where the zonecfg did not get propogated to the node in question? I'm not in development, but I'd tend to agree that if such an inconsistency is detected, it would be good if we could somehow force the cleanup. But I'd let zones dev comment more on that one. Enda > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 02, 2007 9:31 AM > To: Yanakiev, Vladimir > Cc: Mike Gerdts; zones-discuss@opensolaris.org > Subject: Re: [zones-discuss] zonecfg question > > Yanakiev, Vladimir wrote: >> >> Here it is: >> >> [EMAIL PROTECTED] zoneadm list -cv >> ID NAME STATUS PATH >>0 global running/ >>1 labv490-01z3 running/export/zones/labv490-01z3/main >>2 labv490-01z2 running/export/zones/labv490-01z2/main >>4 labv490wsz2 running/export/zones/labv490wsz2/main >>5 labv490wsz3 running/export/zones/labv490wsz3/main >>6 labv490-01z1 running/export/zones/labv490-01z1/main >>7 labv490wsz1 running/export/zones/labv490wsz1/main >>8 labv490-01z6 running/export/zones/labv490-01z6/main >> 16 labv490-01z7 running/export/zones/labv490-01z7/main >> 43 labv490-01z4 running/export/zones/labv490-01z4/main >> [EMAIL PROTECTED] >> >> As you can see, because the index file doesn't have info for the zone, >> zoneadm will report nothing about it! > > Ok, wasn't aware of this problem :-) > Any idea on how this occurred, i.e. steps taken to create the zonecfg > for the zone without the index file getting updated, is this in a > veritas cluster by any chance? > > > Is there an xml file in /etc/zones for labv490-01z5? > If not one could run zonecfg to create one, otherwise the only route I > can see is to update the index file manually ( need to be careful here ) > > to include a reference to the missing zone, then retry. > > But I'd be interested in why this missing entry occurred to start with. > > Enda > > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Thursday, August 02, 2007 9:16 AM >> To: Yanakiev, Vladimir >> Cc: Mike Gerdts; zones-discuss@opensolaris.org >> Subject: Re: [zones-discuss] zonecfg question >> >> Hi >> What does zonadm -z labv490-01z5 have to say, ie is the zone in a > state >> other than installed? >> >> so the complete steps for an installed zone are: >> zoneadm list -cv ( just to see zone state ) >> >> zoneadm -z labv490-01z5 halt ( if not in installed state ) >> zoneadm -z labv490-01z5 uninstall -F >> zonecfg -z labv490-01z5 delete -F >> >> if above fails then give the complete output from above commands, >> including the zoneadm list -cv. >> >> >> Enda >> >> >> Yanakiev, Vladimir wrote: >>> Here is the output: >>> >>> [EMAIL PROTECTED] zonecfg -z labv490-01z5 delete -F >>> labv490-01z5: Zone state is invalid for the requested operation >>> [EMAIL PROTECTED] >>> >>> -Original Message- >>> From: Mike Gerdts [mailto:[EMAIL PROTECTED] >>> Sent: Wednesday, August 01, 2007 5:30 PM >>> To: Yanakiev, Vladimir >>> Cc: zones-discuss@opensolaris.org >>> Subject: Re: [zones-discuss] zonecfg question >>> >>> On 8/1/07, Yanakiev, Vladimir <[EMAIL PROTECTED]> > wrote: [EMAIL PROTECTED] zonecfg -F -z labv490-01z5 delete zonecfg: illegal option -- F usage: zonecfg help zonecfg -z(interactive) zonecfg -z zonecfg -z -f [EMAIL PROTECTED] >>> Try this: >>> >>> zonecfg -z labv490-01z5 delete -F >>> > > ___ > zones-discuss mailing list > zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss
Re: [zones-discuss] zonecfg question
Yes, John, that's my understanding too - zonecfg is supposed delete both the entry in the index file, and the xml. But, somehow we ended with this awkward status. It makes sense to me if zonecfg detects such status, to send one extra "Status missing - are you sure to delete?"-type of message, and remove the xml... It looks like there is no logic in the code of zonecfg for the cases when there is trouble with the index file... This e-mail and its attachments are confidential and solely for the intended addressee(s). Do not share or use them without Fannie Mae's approval. If received in error, contact the sender and delete them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 10:25 AM To: Yanakiev, Vladimir Cc: [EMAIL PROTECTED]; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question While I don't have a reason why the index entry is missing I'd just like to add that the index entry stays until a delete occurs. zonecfg -z xxx delete -John Yanakiev, Vladimir wrote: No, there are no Veritas products on this server: [EMAIL PROTECTED] pkginfo |grep VRTS [EMAIL PROTECTED] zfs list |grep z5 DG1/demo 24.5K 63.2G 24.5K /export/zones/labv490-01z5/fs/export/demo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:48 AM To: Yanakiev, Vladimir Cc: zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: That was my first question - I can not figure out how this did happened. We have the xml, but the entry in the index file is missing. Maybe, the zoneadm -z...delete command got interrupted in the middle?... Fixing the problem by deleting the file is obvious, but the second question is, isn't it more adequate zonecfg to be able to handle this set problems? Isn't it better the -F option to disregard the status (or, the lack of it at all)? If we agree that this is not correct action, we have to open bug/fix? hmm, hard to tell what happened I guess. the zoneadm delete was run was it? or is this some kind of say veritas cluster env, where the zonecfg did not get propogated to the node in question? I'm not in development, but I'd tend to agree that if such an inconsistency is detected, it would be good if we could somehow force the cleanup. But I'd let zones dev comment more on that one. Enda -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 02, 2007 9:31 AM To: Yanakiev, Vladimir Cc: Mike Gerdts; zones-discuss@opensolaris.org Subject: Re: [zones-discuss] zonecfg question Yanakiev, Vladimir wrote: Here it is: [EMAIL PROTECTED] zoneadm list -cv ID NAME STATUS PATH 0 global running/ 1 labv490-01z3 running /export/zones/labv490-01z3/main 2 labv490-01z2 running /export/zones/labv490-01z2/main 4 labv490wsz2 running /export/zones/labv490wsz2/main 5 labv490wsz3 running /export/zones/labv490wsz3/main 6 labv490-01z1 running /export/zones/labv490-01z1/main 7 labv490wsz1 running /export/zones/labv490wsz1/main 8 labv490-01z6 running /export/zones/labv490-01z6/main 16 labv490-01z7 running /export/zones/labv490-01z7/main 43 labv490-01z4 running /export/zones/labv490-01z4/main [EMAIL PROTECTED] As you can see, because the index file doesn't have info for the zone, zoneadm will report nothing about it! Ok, wasn't aware of this problem :-) Any idea on how this occurred, i.e. steps taken to create the zonecfg for the zone without the index file getting updated, is this in a
[zones-discuss] CA etrust compatible with zones?
I have a customer interested in adopting zones as a core technology. They currently use CA's etrust 8.0 SP1 product to enforce security policies as well as compliance logging on all their Solaris systems. Would anyone know if this will work on either a sparse or full root zone? The OS used by the CU is u3 / S10 11/06. I checked the Zone FAQ and did not see it listed. CA's website limits information for non authenticated visitors, so I can't see the installation instructions for the product. I did find this compatibility matrix: http://supportconnectw.ca.com/public/etrust/etrust_ac/infodocs/etrustac-matrix.asp which references zones, but for a different version of the product. Any and all RTFM pointers appreciated. /jn -- Joseph Nyilas RAS System Support Engineer Sun Microsystems, Inc. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] CA etrust compatible with zones?
Joe, 8.0 SP1 supports Solaris Zones for x86 and SPARC. Joe Nyilas - RAS SSE wrote: > I have a customer interested in adopting zones as a core technology. > They currently use CA's etrust 8.0 SP1 product to enforce security > policies as well as compliance logging on all their Solaris systems. > Would anyone know if this will work on either a sparse or full root > zone? The OS used by the CU is u3 / S10 11/06. > > I checked the Zone FAQ and did not see it listed. CA's website limits > information for non authenticated visitors, so I can't see the > installation instructions for the product. I did find this compatibility > matrix: > http://supportconnectw.ca.com/public/etrust/etrust_ac/infodocs/etrustac-matrix.asp > > which references zones, but for a different version of the product. > > Any and all RTFM pointers appreciated. > > /jn > -- --- __ Joseph Balenzano /_/\ ISV Engineering / \\ \ Sun Microsystems Inc. /_\ \\ / 2 Stamford Plaza, 12th Floor /_/ \/ / /281 Tresser Blvd /_/ / \//\ Stamford, CT 06901 \_\//\ / / \_/ / /\ /[EMAIL PROTECTED] \_/ \\ \ Phone/Fax: (203) 653-4186 \_\ \\ \_\/ -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] CA etrust compatible with zones?
Also, note that the list in the FAQ is only a *very* small subset of the software packages which have been successfully tested in a zone. Joseph Balenzano wrote: > Joe, > 8.0 SP1 supports Solaris Zones for x86 and SPARC. > > Joe Nyilas - RAS SSE wrote: >> I have a customer interested in adopting zones as a core technology. >> They currently use CA's etrust 8.0 SP1 product to enforce security >> policies as well as compliance logging on all their Solaris systems. >> Would anyone know if this will work on either a sparse or full root >> zone? The OS used by the CU is u3 / S10 11/06. >> >> I checked the Zone FAQ and did not see it listed. CA's website limits >> information for non authenticated visitors, so I can't see the >> installation instructions for the product. I did find this compatibility >> matrix: >> http://supportconnectw.ca.com/public/etrust/etrust_ac/infodocs/etrustac-matrix.asp >> >> which references zones, but for a different version of the product. >> >> Any and all RTFM pointers appreciated. >> >> /jn >> > > -- -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Can the network interface of a local zone get a dynamic ipv4 address?
Hi, A simple question about the local zone. How to make the local zone network interface get a dynamic ipv4 address? For example, the global zone has one phisical network interface, e1000g0. It gets the dynamic ipv4 address from the DHCP server located on another server. Does the following make sense? ... ... zonecfg:my-zone> add net zonecfg:my-zone> set address=dhcp zonecfg:my-zone> set physical=e1000g0 zonecfg:my-zone> end ... ... This doesn't work for me on my system. The local zone get a address of 192.168.74.200, while the global address is in the segment of 10.239.*.* How to get this work? Thanks. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can the network interface of a local zone get a dynamic ipv4 address?
On Fri 03 Aug 2007 at 11:24AM, Lu, Baolu wrote: > > This doesn't work for me on my system. > The local zone get a address of 192.168.74.200, > while the global address is in the segment of 10.239.*.* Hi, and welcome. If you're running Solaris 10, you will have to wait for the update scheduled for later this summer, and then you will need to use an "exclusive" IP stack in order to get this functionality. If you are using Solaris Nevada, this is available today-- use set ip-type=exclusive in your zonecfg settings and reboot-- you will probably also need to do some networking config inside the zone. This means that the zone will have a complete TCP/IP stack all to itself. -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonecfg question
On Thu 02 Aug 2007 at 10:35AM, Yanakiev, Vladimir wrote: > Yes, John, that's my understanding too - zonecfg is supposed delete > both the entry in the index file, and the xml. But, somehow we ended > with this awkward status. It makes sense to me if zonecfg detects such > status, to send one extra "Status missing - are you sure to > delete?"-type of message, and remove the xml... It looks like there is > no logic in the code of zonecfg for the cases when there is trouble > with the index file... Hi guys, I did some cleanup in this area a while back; there were a number of cases where this could wind up happening. Forgive me for coming in late to the thread but what revision of Solaris are you running? The changes I made were introduced into Nevada build 24 and appear in Solaris 10 11/06 (sometimes called "update 3"). PSARC 2005/485 Zone Rename 4963365 zonecfg is unhelpful if /etc/zones not present 4971371 zonecfg should be more paranoid when saving a zone for the first time 5022506 RFE: ability to rename zones 6231612 zonecfg messaging should be improved. 6305400 when zone metadata gets confused, removing configured zones can fail 6318536 zonecfg sometimes seen spinning during certain STC test cases 6321858 zonecfg tab completion could complete slightly more In particular, the fix for 6305400 should have helped this situation. The dance to make this all work right is surprisingly complicated. Check out zonecfg_destroy() in libzonecfg:libzonecfg.c and putzoneent() in libzonecfg:getzoneent.c if you are interested. In the future we'll probably move the config into SMF and (I hope) utilize the index file purely as a cache for information stored in the backend (for speed) or just drop it altogether. Having multiple places that this information is stored is very irritating to implement correctly. -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can the network interface of a local zone geta dynamic ipv4 address?
Thanks for reply. I use snv_68 32 bits. The zonecfg doesn't support set ip-type command. Which build is this feature available since on? On Friday, August 03, 2007 12:21 PM, Dan Price wrote: > On Fri 03 Aug 2007 at 11:24AM, Lu, Baolu wrote: >> >> This doesn't work for me on my system. >> The local zone get a address of 192.168.74.200, >> while the global address is in the segment of 10.239.*.* > > Hi, and welcome. > > If you're running Solaris 10, you will have to wait for the update > scheduled for later this summer, and then you will need to use an > "exclusive" IP stack in order to get this functionality. > > If you are using Solaris Nevada, this is available today-- use > >set ip-type=exclusive > > in your zonecfg settings and reboot-- you will probably also need > to do some networking config inside the zone. This means that the > zone will have a complete TCP/IP stack all to itself. > >-dp > > -- > Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - > blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Can the network interface of a local zone geta dynamic ipv4 address?
On Fri 03 Aug 2007 at 12:39PM, Lu, Baolu wrote: > > Thanks for reply. > > I use snv_68 32 bits. The zonecfg doesn't support > > set ip-type > > command. > > Which build is this feature available since on? Since Build 57. Are you sure it isn't there? Try this: zonecfg help set|grep ip You should get (global)ip-type If not, then I'm not sure what is up. The other thing I forgot to mention is that IP instances needs you to have a physical network connection (or VLAN) which you can assign to the zone. See also this thread, which has some more good info about IP Instances: http://www.opensolaris.org/jive/thread.jspa?messageID=102102 I also realize that this isn't a great answer overall-- that it would be nice if this "just worked." We'll keep trying to improve things in this space. -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
