Re: [zones-discuss] unable to rsh into zone2
On Thu 27 Sep 2007 at 08:24AM, James Carlson wrote: > [EMAIL PROTECTED] writes: > > Anyone know how to start the restarter? > > You don't need to, and doing it wouldn't help. Instead, you need to > use "zlogin -C zone2" to connect to the zone's console and answer the > questions that sysidtool is asking. Those questions (such as the root > password and default time zone) are what's blocking it from booting up. > > Once you've done that, it'll boot up correctly. > > Alternatively, you can make sure that you use a sysidcfg file when you > install the zone. There are references to this in the documentation ... We should really detect this case (the unconfigured zone, I mean) and print something out when you boot it up... perhaps: # zoneadm -z myzone boot Notice: Zone appears to have no sysid configuration. Log onto zone console to complete configuration before using the zone. (ok, needs wordsmithing need on the message, I realize) -dp -- Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
[EMAIL PROTECTED] writes: > Anyone know how to start the restarter? You don't need to, and doing it wouldn't help. Instead, you need to use "zlogin -C zone2" to connect to the zone's console and answer the questions that sysidtool is asking. Those questions (such as the root password and default time zone) are what's blocking it from booting up. Once you've done that, it'll boot up correctly. Alternatively, you can make sure that you use a sysidcfg file when you install the zone. There are references to this in the documentation ... -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
On 9/26/07, James Carlson <[EMAIL PROTECTED]> wrote: > Russ Petruzzelli writes: > > > > run "inetadm", see if rlogin is enabled... > > Note that rlogin and rsh (shell) are two completely separate and > unrelated protocols. And the situation is thoroughly confused by the fact that "rsh hostname" really uses the rlogin protocol and "rsh hostname command" uses the rsh protocol. I wish I had a dime for every time I had to explain this to someone that was trying to get rsh or rcp to work. -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Anyone know how to start the restarter? xc12p11-b1-ce0-zone2# svcs -x svc:/system/sysidtool:system (sysidtool) State: offline since Wed Sep 26 14:40:18 2007 Reason: Start method is running. See: http://sun.com/msg/SMF-8000-C4 See: sysidtool(1M) See: /var/svc/log/system-sysidtool:system.log Impact: 18 dependent services are not running. (Use -v for list.) svc:/network/rpc/gss:default (Generic Security Service) State: uninitialized since Wed Sep 26 14:39:45 2007 Reason: Restarter svc:/network/inetd:default is not running. See: http://sun.com/msg/SMF-8000-5H See: gssd(1M) Impact: 14 dependent services are not running. (Use -v for list.) [...] svc:/network/rpc/rstat:default (kernel statistics server) State: uninitialized since Wed Sep 26 14:39:47 2007 Reason: Restarter svc:/network/inetd:default is not running. See: http://sun.com/msg/SMF-8000-5H See: rpc.rstatd(1M) See: rstatd(1M) Impact: 1 dependent service is not running. (Use -v for list.) xc12p11-b1-ce0-zone2# svcs -l svc:/system/sysidtool:system fmri svc:/system/sysidtool:system name sysidtool enabled true stateoffline next_state online state_time Wed Sep 26 14:40:18 2007 logfile /var/svc/log/system-sysidtool:system.log restartersvc:/system/svc/restarter:default dependency require_all/none svc:/milestone/single-user:default (online) dependency require_all/none svc:/system/filesystem/local:default (online) dependency require_all/none svc:/system/sysidtool:net (online) dependency optional_all/none svc:/network/rpc/bind:default (online) dependency require_all/none svc:/system/filesystem/minimal:default (online) dependency require_all/none svc:/system/identity:node (online) svc:/system/identity:domain (online) xc12p11-b1-ce0-zone2# svcs -l svc:/network/rpc/gss:default fmri svc:/network/rpc/gss:default name Generic Security Service enabled true stateuninitialized next_state none state_time Wed Sep 26 14:39:45 2007 restartersvc:/network/inetd:default dependency require_all/restart svc:/network/rpc/bind (online) dependency optional_all/none svc:/network/rpc/keyserv (disabled) James Carlson wrote: >[EMAIL PROTECTED] writes: > > >>It is enabled but uninitialized. >> >> > >Aha. > >That almost certainly means that you need to log into the console of >that zone and answer the questions that sysidtool is asking. > >You can look at "svcs -x" to find out more about the state of the zone >services. > > > ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
[EMAIL PROTECTED] writes: > It is enabled but uninitialized. Aha. That almost certainly means that you need to log into the console of that zone and answer the questions that sysidtool is asking. You can look at "svcs -x" to find out more about the state of the zone services. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
It is enabled but uninitialized. Russ Petruzzelli wrote: > run "inetadm", see if rlogin is enabled... > > James Carlson wrote: > >>[EMAIL PROTECTED] writes: >> >> >>>Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 >>>and zone2 ok. >>> >>> >>>xc12p11-b1# zoneadm list -cv >>> ID NAME STATUS PATH BRANDIP >>> 0 global running/ native >>> shared >>> 6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native >>> shared >>> 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native >>> shared >>> >>>xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'<- Not working >>>xc12p11-b1-ce0-zone2: Connection refused >>> >>> >> >>What's the status of svc:/network/shell:default in that zone? >> >>Did you perhaps configure zone2 and forget to go through sysid? >> >> >> ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Russ Petruzzelli writes: > I also notice in your command you are attempting rsh by root. > It is a big security risk, but you must comment out the CONSOLE line in > /etc/default/login to allow root logins via rsh. True. It's worse than that -- rsh and rlogin are completely insecure. It's 2007. In general, you ought not be using them anymore. Try ssh instead. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Hi Lana, I also notice in your command you are attempting rsh by root. It is a big security risk, but you must comment out the CONSOLE line in /etc/default/login to allow root logins via rsh. Russ Russ Petruzzelli wrote: run "inetadm", see if rlogin is enabled... James Carlson wrote: [EMAIL PROTECTED] writes: Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 and zone2 ok. xc12p11-b1# zoneadm list -cv ID NAME STATUS PATH BRANDIP 0 global running/ native shared 6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native shared 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native shared xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'<- Not working xc12p11-b1-ce0-zone2: Connection refused What's the status of svc:/network/shell:default in that zone? Did you perhaps configure zone2 and forget to go through sysid? ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Brendan Gregg, who contributes to this mailing list wrote a Perl program which he calls zcp. # USAGE: zcp file1 zonename:file2 # eg, # zcp /etc/syslog.conf workzone1:/tmp If you would like a copy, please let me know. [EMAIL PROTECTED] wrote: Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 and zone2 ok. xc12p11-b1# zoneadm list -cv ID NAME STATUS PATH BRANDIP 0 global running/ native shared 6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native shared 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native shared xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'<- Not working xc12p11-b1-ce0-zone2: Connection refused xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone1 'date' Wednesday, September 26, 2007 10:04:25 AM PDT xc12p11-b1# ping xc12p11-b1-ce0-zone1 xc12p11-b1-ce0-zone1 is alive xc12p11-b1# ping xc12p11-b1-ce0-zone2 xc12p11-b1-ce0-zone2 is alive xc12p11-b1# zlogin xc12p11-b1-ce0-zone1 [Connected to zone 'xc12p11-b1-ce0-zone1' pts/10] Last login: Wed Sep 26 10:08:05 from xc12p11-b1 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 # hostname xc12p11-b1-ce0-zone1 # date Wed Sep 26 10:17:03 PDT 2007 # exit [Connection to zone 'xc12p11-b1-ce0-zone1' pts/10 closed] xc12p11-b1# zlogin xc12p11-b1-ce0-zone2 [Connected to zone 'xc12p11-b1-ce0-zone2' pts/10] Last login: Wed Sep 26 10:03:08 on pts/10 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 # hostname xc12p11-b1-ce0-zone2 # date Wed Sep 26 10:17:14 PDT 2007 # exit [Connection to zone 'xc12p11-b1-ce0-zone2' pts/10 closed] Please reply directly to me as I am not on this alias. Thanks, Lana ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA 92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel: 714 377 3705 Fax: 714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Russ Petruzzelli writes: > > run "inetadm", see if rlogin is enabled... Note that rlogin and rsh (shell) are two completely separate and unrelated protocols. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
run "inetadm", see if rlogin is enabled... James Carlson wrote: [EMAIL PROTECTED] writes: Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 and zone2 ok. xc12p11-b1# zoneadm list -cv ID NAME STATUS PATH BRANDIP 0 global running/ native shared 6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native shared 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native shared xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'<- Not working xc12p11-b1-ce0-zone2: Connection refused What's the status of svc:/network/shell:default in that zone? Did you perhaps configure zone2 and forget to go through sysid? ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
[EMAIL PROTECTED] writes: > Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 > and zone2 ok. > > > xc12p11-b1# zoneadm list -cv > ID NAME STATUS PATH BRANDIP >0 global running/ native > shared >6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native > shared > 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native > shared > > xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'<- Not working > xc12p11-b1-ce0-zone2: Connection refused What's the status of svc:/network/shell:default in that zone? Did you perhaps configure zone2 and forget to go through sysid? -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
