Re: [zones-discuss] webshere in Solaris 10 containers
1) Ensure that the wasprofile.properties file was edited to point to /opt/WebSphere/Profiles directory as described in the paper before you created the zones and profiles The white paper states that you should change the following Before: WS_CMT_LOG_HOME=${was.install.root}/logs/wasprofile After: WS_CMT_LOG_HOME=/opt/WASProfiles/logs/wasprofile and Before: WS_PROFILE_REGISTRY=${was.install.root}/properties/profileRegistry.xml After: WS_PROFILE_REGISTRY=/opt/WASProfiles/properties/profileRegistry.xml My WAS 6.1 was different any how so I changed it as follows: Before: WS_CMT_LOG_HOME=${was.install.root}/logs/manageprofiles After: WS_CMT_LOG_HOME=/opt/WebSphere61/Profiles/logs/manageprofiles Before: WS_PROFILE_REGISTRY=${was.install.root}/properties/profileRegistry.xml After: WS_PROFILE_REGISTRY=/opt/WebSphere61/Profiles/properties/profileRegistry.xml 2) In your dmgr profile's bin directory, the setupCmdLine.sh has two variables: USER_INSTALL_ROOT and ITP_LOC. If you've done the previous step, USER_INSTALL_ROOT should point to your custom profile directory rather than $WAS_HOME/profiles/ setupCmdLine.sh now contains: ITP_LOC=$WAS_HOME/deploytool/itp which is indeed incorrect as it should point to a directory inside the profile directory and not to the global WAS base. Perhaps the configuration for wasprofile.properties is different in WAS6.1. I will manually set the ITP_LOC in setupCmdLine.sh to match a directory inside the profile dir and test again. Thanks for pointing out this configuration param. This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] trying to login with solaris Ldap client
I changed the pam.conf exactly as you said, and now the problem es different. Answering your questions, I have 2 solaris: -SunOS 5.11 NexentaOS_20061012 i86pc i386 i86pc Solaris -SunOS solaris-devx 5.11 snv_55b i86pc i386 i86pc The OpenLdap version is 2.3.34. I got it from www.openldap.org. In Nexenta I use this setup script: ldapclient -v manual -a defaultServerList=192.168.70.133 -a defaultSearchBase=dc=tel,dc=uva,dc=es -a serviceSearchDescriptor=passwd:ou=users,dc=tel,dc=uva,dc=es -a serviceSearchDescriptor=group:ou=groups,dc=tel,dc=uva,dc=es -a serviceSearchDescriptor=shadow:ou=users,dc=tel,dc=uva,dc=es -a authenticationMethod=simple -a proxyDN=cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es -a proxyPassword=password The unique different with your setup is authenticationMethod. I use simple. The pam.conf is the same as you, and the nsswitch.conf is this: passwd: files ldap group: files ldap shadow: files ldap # consult /etc files only if ldap is down. hosts: files dns # Note that IPv4 addresses are searched for in all of the ipnodes databases # before searching the hosts databases. ipnodes:files dns networks: files protocols: files rpc:files ethers: files netmasks: files bootparams: files publickey: files netgroup: ldap automount: files ldap aliases:files ldap # for efficient getservbyname() avoid ldap services: files ldap printers: user files ldap auth_attr: files ldap prof_attr: files ldap project:files ldap tnrhtp: files ldap tnrhdb: files ldap Id, passwd, finger...run well. [EMAIL PROTECTED]:~# passwd dpercam Enter dpercam's password: New Password: Re-enter new Password: passwd: password successfully changed for dpercam [EMAIL PROTECTED]:~# id caralo uid=2001(caralo) gid=1001(profesores) groups=1001(profesores) But when I try to login, It doesn't run. login incorrect. conn=0 fd=12 ACCEPT from IP=192.168.70.144:34772 (IP=0.0.0.0:389) conn=0 op=0 SRCH base=ou=users,dc=tel,dc=uva,dc=es scope=1 deref=3 filter=((objectClass=shadowAccount)(uid=dpercam)) conn=0 op=0 SRCH attr=uid userpassword shadowflag = bdb_equality_candidates: (uid) index_param failed (18) conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= In Solaris Developer Express I have the same pam.conf and nsswitch.conf. I use this setup script: ldapclient -v init -a proxyDN=cn=proxyagent,ou=profile,dc=tel,dc=uva,dc=es -a proxyPassword=password -a domainname=tel.uva.es 192.168.70.133 It configures itseft with the default user in my ldap server: dn: cn=default,ou=profile,dc=tel,dc=uva,dc=es ObjectClass: top ObjectClass: DUAConfigProfile defaultServerList: 192.168.70.133 defaultSearchBase: dc=tel,dc=uva,dc=es authenticationMethod: simple followReferrals: TRUE cn:default credentialLevel: proxy serviceSearchDescriptor: passwd: ou=users,dc=tel,dc=uva,dc=es?one serviceSearchDescriptor: group: ou=groups,dc=tel,dc=uva,dc=es?one serviceSearchDescriptor: shadow: ou=users,dc=tel,dc=uva,dc=es?one With this configuration, when I try to login at the beginning of the reboot, I can login, but without introducing the password. The pc doesn't request me the password. If I login as root, and I try to login in the terminal, I can't. The message is this: # login dpercam No utmpx entry. You must exec login from the lowest level shell. In both cases, I can use su and ssh. Does Anybody know what I have to change? Thank you very much From: jpd [EMAIL PROTECTED] To: Daniel Pérez del Campo [EMAIL PROTECTED] Subject: Re: [zones-discuss] trying to login with solaris Ldap client Date: Sat, 25 Aug 2007 01:32:03 +0100 pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_cred.so.1 #login auth required pam_unix_auth.so.1 login auth bindingpam_unix_auth.so.1 server_policy login auth required pam_ldap.so.1 use_first_pass login auth required pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 #rlogin auth required pam_unix_auth.so.1 rlogin auth bindingpam_unix_auth.so.1 server_policy rlogin auth required pam_ldap.so.1 use_first_pass # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth bindingpam_krb5.so.1 #krloginauth required pam_unix_auth.so.1 krlogin auth bindingpam_unix_auth.so.1 server_policy krlogin auth required pam_ldap.so.1 use_first_pass # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient
[zones-discuss] memory stats on zones
Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] memory stats on zones
On Aug 28, 2007, at 11:10 AM, Brian Kolaci wrote: Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. Like prstat -Z? # prstat -Z ZONEIDNPROC SWAP RSS MEMORY TIME CPU ZONE 47 25 701M 662M 4.1% 3:38:03 0.1% z13275AF -Jason ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] memory stats on zones
Jason A. Hoffman wrote: On Aug 28, 2007, at 11:10 AM, Brian Kolaci wrote: Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. Like prstat -Z? # prstat -Z ZONEIDNPROC SWAP RSS MEMORY TIME CPU ZONE 47 25 701M 662M 4.1% 3:38:03 0.1% z13275AF -Jason Exactly. prstat -Z currently shows they're using over 20,000 Gig of memory and 3000 processes, so thats not correct. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] memory stats on zones
Thanks Lou. Is there anything in the works that you know of? rcapd also doesn't work properly due to this issue. The customer has several other systems with zones that also do alot of shared memory that aren't oracle. They were actually looking for this in SunMC or some other standard utility. Lou Springer wrote: Unfortunately, the short answer is no. None of the out of the box Solaris utilities account for double-dipping shared memory. This is a long standing issue. For Oracle process related answers, you can use the Oracle utilities to see it's memory consumption and come up with a total calculation accounting for this. If anything else is using shared memory, you would also need to account for this. Lou Brian Kolaci wrote: Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Are there any good guides for living in a zone?
Basically, I need to identify what different methods I need to use to do system administration from within a zone. (Particularly when it comes to performance measurement on an overloaded shared system.) -- - Brian Gupta http://opensolaris.org/os/project/nycosug/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] memory stats on zones
Brian Kolaci wrote: Thanks Lou. Is there anything in the works that you know of? rcapd also doesn't work properly due to this issue. The customer has several other systems with zones that also do alot of shared memory that aren't oracle. They were actually looking for this in SunMC or some other standard utility. Lou Springer wrote: Unfortunately, the short answer is no. None of the out of the box Solaris utilities account for double-dipping shared memory. This is a long standing issue. For Oracle process related answers, you can use the Oracle utilities to see it's memory consumption and come up with a total calculation accounting for this. If anything else is using shared memory, you would also need to account for this. Lou Brian Kolaci wrote: Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. You might take a look at: 4754856 *prstat* prstat -atJTZ should count shared segments only once This has been fixed in nevada since last December and will be fixed in the upcoming S10u4 release as well. This is also discussed in more detail in this thread: http://www.opensolaris.org/jive/thread.jspa?threadID=10451tstart=0 and in this arc cases: http://www.opensolaris.org/os/community/arc/caselog/2006/496/ Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] memory stats on zones
Jerry Jelinek wrote: Brian Kolaci wrote: Thanks Lou. Is there anything in the works that you know of? rcapd also doesn't work properly due to this issue. The customer has several other systems with zones that also do alot of shared memory that aren't oracle. They were actually looking for this in SunMC or some other standard utility. Lou Springer wrote: Unfortunately, the short answer is no. None of the out of the box Solaris utilities account for double-dipping shared memory. This is a long standing issue. For Oracle process related answers, you can use the Oracle utilities to see it's memory consumption and come up with a total calculation accounting for this. If anything else is using shared memory, you would also need to account for this. Lou Brian Kolaci wrote: Is there a way to get the actual memory swap usage of zones? You can't sum the RSS values of the processes in zones since processes like oracle show shared memory segments separate for each LWP and proc as well as separate for shared text segments for things like libc.so. So if you summed the RSS values of the processes in the zones it may show 500 Gig rather than 50 Gig. You might take a look at: 4754856 *prstat* prstat -atJTZ should count shared segments only once This has been fixed in nevada since last December and will be fixed in the upcoming S10u4 release as well. This is also discussed in more detail in this thread: http://www.opensolaris.org/jive/thread.jspa?threadID=10451tstart=0 and in this arc cases: http://www.opensolaris.org/os/community/arc/caselog/2006/496/ Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org Thanks, this is what I was looking for. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] webshere in Solaris 10 containers
Redmar, WAS v6.1 profile creation is more flexible than v6.0. In addition to the two settings that we mentioned in the whitepaper (which was based on v6.0.2 then, WS_CMT_LOG_HOME and WS_PROFILE_REGISTRY), there's an additional setting you should change in v6.1: /WS_WSPROFILE_DEFAULT_PROFILE_HOME/. I'm glad you're satisfied with your Solaris 10 Zone set up. Thank you for your feedback. For other information about WebSphere on Solaris, please look at these URL's below. We have information like Performance tuning, Service Manifest, WebSphere licensing on Solaris,etc. http://www.sun.com/websphere http://blogs.sun.com/sunabl http://blogs.sun.com/dkumar Albert Redmar van Leeuwaarden wrote: Okay, changing the setting in setupCmdLine.sh to ITP_LOC=/opt/WebSphere61/Profiles/dmgr/deploytool/itp and copying the contents op /opt/WebSphere61/AppServer/deploytool/itp to this directory SOLVED the problem. (Ofcourse had to restart dmgr to update the environment variable). The deployment tool is now able to write its temporary files succesfully: [8/28/07 16:10:17:922 CEST] 005d DeployEJBTask I ADMA0158I: [EJBDeploy] framework search path: /opt/WebSphere61/Profiles/dmgr/deploytool/itp/plugins Any way I still wonder what settings needs to be altered in the wasprofile.properties files to get this setting initially correct. After all I did change the vars as stated in the white paper (on http://www.sun.com/software/whitepapers/solaris10/websphere6_sol10.pdf) For this moment I am very happy with this setup! This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] silent zone install?
Hello Huafeng Lu and zone-mgr script authors, After several attempts, I have identified why the zonemgr script (zonemgr-1.8.1.sh) is not finishing a silent OS installation for me. zonemgr is in fact creating a sysidcfg file. However there is one line that it burps on... name_service=DNS {domain_name=red.iplanet.com name_server=mf-usca19-12} This is what works for me in SWAN... name_service=NIS {domain_name=red.iplanet.com name_server=mf-usca19-12(192.18.56.149)} I'm not sure how to modify the script to get it to use NIS rather than DNS, and to put the name-server's IP on the line. Is there maybe something else that will allow DNS to work in the script? For instance, if /etc/hosts had the nameserver's entry hostname/IP? Thanks, Russ Huafeng Lu wrote: forgot one sentence. see below. Huafeng Lu 写道: Russ Petruzzelli 写道: Hi Huafeng , The zone manager project (and download links for the code)is here: http://opensolaris.org/os/project/zonemgr/ Hi Russ, This script is very long, so I only searched in it. I do find that it generates a sysidcfg file and populates it to the zone. I don't know what happened to you when you were using it. Anyway the idea is, after the zone is installed, create a sysidcfg file and copy it to the zone: cp sysidcfg /export/home/zones/zone_name/root/etc/sysidcfg ... then boot the zone. The zone will get information from this file instead of asking you to input. This file should contain necessary information that you fill when you first boot a system after you install it (or after you do sys-unconfig). The format of this file is different for shared zones and exclusive zones. See sysidcfg(4) for details. Let me know if you got further questions. Thanks, Russ Huafeng Lu wrote: Russ Petruzzelli 写道: Is there a way to make a zone installation totally silent? I use zonemgr to install, but at the end it says: Copy completed. Booting zone for the first time. Waiting for first boot tasks to complete. Then I zlogin -C into the zone and have to do the system identification; hostname, nameserver, kerberos, NIS, etc. Is there an equivalent to the sysinfo file for zones to make it 'jumpstart' silent? I haven't used the zonemgr script before (can you give me a link?), so I don't know what it does after zone installation and before zone booting, but to my experience, the point is to populate the /etc/sysidcfg file for the zone before booting it. You can see the attached script that I'm using to see what's put in this file. I believe there are many other simliar scripts floating around on the web. Thanks, Russ zonemgr script: $ZONEMGR -a add -n $MYZONENAME -t w -z $ZONEBASEDIR \ -P xxx -R / \ -D red.iplanet.com \ -d mf-usca19-12 \ -R /|/bin/bash \ -s enable \ -I 192.18.77.190|hme0|24|ps-eng8-zone1 \ -C /etc/ssh/sshd_config -C /etc/resolv.conf \ -C /etc/nsswitch.conf END ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] silent zone install?
Russ Petruzzelli wrote: Hello Huafeng Lu and zone-mgr script authors, After several attempts, I have identified why the zonemgr script (zonemgr-1.8.1.sh) is not finishing a silent OS installation for me. zonemgr is in fact creating a sysidcfg file. However there is one line that it burps on... name_service=DNS {domain_name=red.iplanet.com name_server=mf-usca19-12} This is what works for me in SWAN... name_service=NIS {domain_name=red.iplanet.com name_server=mf-usca19-12(192.18.56.149)} I'm not sure how to modify the script to get it to use NIS rather than DNS, and to put the name-server's IP on the line. Is there maybe something else that will allow DNS to work in the script? For instance, if /etc/hosts had the nameserver's entry hostname/IP? Is the hostname of your zone present in DNS? I seem to remember that the sysid tools try to resolve the hostname and that they will go interactive if the name can't be resolved by the name server you specified. Menno -- Menno Lageman - Sun Microsystems - http://blogs.sun.com/menno ___ zones-discuss mailing list zones-discuss@opensolaris.org