Anyone lose network connectivity during upgrade to SLES11 SP1
Hello, We are in the midst of performing our first upgrade from SLES10 SP4 to SLES11 SP1 and are having network connection issues. We are attempting to upgrade our Linux sandbox system that runs under z/VM. We ipl from the card reader and perform the first part of the upgrade just fine. After the first part of the upgrade, the install program reboots itself. All appears to be working fine until the part that tells us to VNC into the system to finish the upgrade. At that point we try to do this and VNC does not connect. We try to ping the guest and get no response. I run nmap against the address and it shows no ports open. The device 0700 being used is connected to a VSWITCH. Before the upgrade, the device works fine. The first part of the upgrade works fine. It is only the second part of the upgrade that does not work ok. Here are what I think are the relevant portions of the messages that come out out boot. dasd-eckd.412b53: 0.0.0201: DASD with 4 KB/block, 2403360 KB total size, 48 KB/t rack, compatible disk layout dasdd: qeth.736dae: 0.0.0700: Device is a Guest LAN QDIO card (level: V620) with link type GuestLAN QDIO (portname: ) qeth.47953b: 0.0.0700: Hardware IP fragmentation not supported on eth0 qeth.066069: 0.0.0700: Inbound source MAC-address not supported on eth0 qeth.d7fdb4: 0.0.0700: VLAN enabled qeth.e90c78: 0.0.0700: Multicast enabled qeth.5a9d02: 0.0.0700: IPV6 enabled qeth.184d8a: 0.0.0700: Broadcast enabled qeth.dac2aa: 0.0.0700: Using SW checksumming on eth0. qeth.9c4c89: 0.0.0700: Outbound TSO not supported on eth0 VOL1/ 0X0200: Adding 2403256k swap on /dev/dasdb1. Priority:-1 extents:1 across:2403256k device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.15.0-ioctl (2009-04-01) initialised: dm-de...@redhat.com redir.aspx?C=c96b8535c5c94f02aa7b733fd5bd1f87URL=mailto%3adm-devel%40redhat.com loop: module loaded REISERFS (device dasda2): found reiserfs format 3.6 with standard journal (Deleted lines) Disabling IPv6 privacy..done ..done Setting up hostname 'bus0105'..done Setting up loopback interface lo loIP address: 127.0.0.1/8 IP address: 127.0.0.2/8 ..done Running sadc ..done Setting kernel specific parameters for a SAP system ..doneSystem Boot Control: The system has been set up Skipped features: [80C [14Dboot.md System Boot Control: Running /etc/init.d/boot.local ..doneStarting syslog services..done Starting D-Bus daemon..done Loading CPUFreq modules (CPUFreq not supported) Starting HAL daemon..done Setting up (localfs) network interfaces: lo loIP address: 127.0.0.1/8 IP address: 127.0.0.2/8 lo ..doneeth0 name: IBM OSA Express Network card (0.0.0700) eth0 IP address: 10.80.200.126/24 eth0 ..doneWaiting for mandatory devices: qeth-bus-ccw-0.0.0600 qeth-bus-ccw-0.0.510 0 qeth-bus-ccw-0.0.5200 qeth-bus-ccw-0.0.a006 __NSC__ 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 qeth-bus-ccw-0.0.0600 No interface found ..failedqeth-bus-ccw-0.0.5100 No interface found ..failedqeth-bus-ccw-0.0.5200 No interface found ..failedqeth-bus-ccw-0.0.a006 No interface found ..failedSetting up service (localfs) network . . . . . . . . . ...fail ed *** *** Please return to your X-Server screen to finish installation *** pcilib: Cannot open /proc/bus/pci lspci: Cannot find any working access method. starting VNC server... A log file will be written to: /var/log/YaST2/vncserver.log ... *** *** You can connect to 10.80.200.126, display :1 now with vncviewer *** Or use a Java capable browser on http://10.80.200.126:5801/ redir.aspx?C=c96b8535c5c94f02aa7b733fd5bd1f87URL=http%3a%2f%2f10.80.200.126%3a5801%2f *** (When YaST2 is finished, close your VNC viewer and return to this window.) *** Starting YaST2 *** This is a sandbox system, so for various reasons has many network interfaces. But for this run, the 0600, 5100, 5200, and a006 interfaces have been removed from the directory. That is the reason for all the no interface found messages. We have also made an update run where we removed the interfaces from the guest before we started. The results were the same. We try to connect to 10.80.200.126 and do not get a response. Any ideas? Any additional documentation required? Thanks, Ron -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
On 2/2/2012 at 02:34 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have also made an update run where we removed the interfaces from the guest before we started. The results were the same. We try to connect to 10.80.200.126 and do not get a response. Any ideas? When you do this with all the extraneous interfaces removed, what messages come out on the console after the activation of the 0.0.0700 vNIC? Are you able to ping that vNIC from another guest on the 10.80.200.126/24 network? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
On 2/2/2012 at 02:34 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have also made an update run where we removed the interfaces from the guest before we started. The results were the same. We try to connect to 10.80.200.126 and do not get a response. Any ideas? Also, is this a Layer 2 vNIC? If so, is LLADDR specified in /etc/sysconfig/network/ifcfg-?? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
My cohort said that in his latest try, he removed all the extraneous interfaces, and had the same result. He said he tried to ping it and did not get a response. From: Linux on 390 Port [LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post [mp...@novell.com] Sent: Thursday, February 02, 2012 2:31 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Anyone lose network connectivity during upgrade to SLES11 SP1 On 2/2/2012 at 02:34 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have also made an update run where we removed the interfaces from the guest before we started. The results were the same. We try to connect to 10.80.200.126 and do not get a response. Any ideas? When you do this with all the extraneous interfaces removed, what messages come out on the console after the activation of the 0.0.0700 vNIC? Are you able to ping that vNIC from another guest on the 10.80.200.126/24 network? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
This is a layer 3 vswitch. From: Linux on 390 Port [LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post [mp...@novell.com] Sent: Thursday, February 02, 2012 2:41 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Anyone lose network connectivity during upgrade to SLES11 SP1 On 2/2/2012 at 02:34 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have also made an update run where we removed the interfaces from the guest before we started. The results were the same. We try to connect to 10.80.200.126 and do not get a response. Any ideas? Also, is this a Layer 2 vNIC? If so, is LLADDR specified in /etc/sysconfig/network/ifcfg-?? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: When LDAP Fails
We use YaST to configure everything and it made no difference. We also eliminated PAM as the problem as well. Additional testing results are as follows: If we shut down the remote LDAP server everything is fine, nss will get ?not available? and will continue with the local files. This allows us to logon to the Linux Console as root since root is a local Linux account. However, if we lose the network connection, (simulated by shutting down the network interface), nss will hang and the logon will timeout, no matter how high the timeout value is increased. Another words, not root or any local account authentication can occurred when specifying the following in nsswitch.conf when the network is down. passwd: ldap files shadow: ldap files group: ldap files We believe the problem lies with is nss_ldap. We are running nss_ldap-262-11.32.31.1. The problem seems to be that nss is not recognizing the timeout parameter in /etc/ldap.conf. If the network connection is not there, then it just keeps trying instead of timing out and looking at the local files. If the network is there, it immediately recognizes that LDAP is not running and moves on. Googling this issue reveals many hits identical to this. Bug 176209 (https://bugzilla.redhat.com/show_bug.cgi?id=176209) seems to address it. There are others that describe various symptoms of this same problem. How can I tell if this is a known issue with SuSE, Novell, or Attachmate? Is anyone else using LDAP and experiencing this problem? Peter From: Mark Post mp...@novell.com To: LINUX-390@vm.marist.edu Date: 01/26/2012 04:52 PM Subject:Re: When LDAP Fails Sent by:Linux on 390 Port LINUX-390@vm.marist.edu On 1/26/2012 at 04:35 PM, Peter E. Abresch Jr. - at Pepco peabre...@pepco.com wrote: II configured /etc/ldap.conf manually following the recommendations outline in an IBM Rebook about RACF LDAP server. I took the defaults with the following exceptions: host conprod base o=PHI timelimit 30 bind_timelimit 30 bind_policy soft pam_lookup_policy yes pam_check_host_attr yes pam_password racf nss_initgroups_ignoreusers root,postfix nss_schema rfc2307bis nss_map_attribute uniqueMember member Any ideas? I would be tempted to use YaST to configure all this, and compare the results with what has already been done. Perhaps the Redbook missed something subtle, or things changed somewhat between when it was published and SLES11 SP1, etc. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ This Email message and any attachment may contain information that is proprietary, legally privileged, confidential and/or subject to copyright belonging to Pepco Holdings, Inc. or its affiliates (PHI). This Email is intended solely for the use of the person(s) to which it is addressed. If you are not an intended recipient, or the employee or agent responsible for delivery of this Email to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this Email is strictly prohibited. If you have received this message in error, please immediately notify the sender and permanently delete this Email and any copies. PHI policies expressly prohibit employees from making defamatory or offensive statements and infringing any copyright or any other legal right by Email communication. PHI will not accept any liability in respect of such communications. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
On 2/2/2012 at 04:14 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: My cohort said that in his latest try, he removed all the extraneous interfaces, and had the same result. He said he tried to ping it and did not get a response. My question, though, was the ping attempt made from the same subnet? I.e., no routing involved. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: When LDAP Fails
On 2/2/2012 at 04:34 PM, Peter E. Abresch Jr. - at Pepco peabre...@pepco.com wrote: How can I tell if this is a known issue with SuSE, Novell, or Attachmate? Is anyone else using LDAP and experiencing this problem? By opening a service request with your support provider. Share your research with them and see what they can find out. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: When LDAP Fails
We faced something similar with Redhat, albeit 3+ years ago, and I ended
up implementing the following as part of our build procedure. It might
be worthwhile to at least read the kbase article and see if this sounds
similar:
===
# Add a stanza to /etc/pam.d/system-auth
# to fix bug about logging in when networking is
# down and the ldap servers can't be contacted.
#
# This should be inserted as the second account ...
# stanza
#
# See the following document for details:
# http://kbase.redhat.com/faq/docs/DOC-8322
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.orig
perl -n -e 'print;
if (!$didit m/^account/) {
$didit=1; print account sufficient
/lib/security/\$ISA/pam_localuser.so\n
}' /etc/pam.d/system-auth.orig /etc/pam.d/system-auth
Sorry for the line wrap, and gGood luck!
-- Pat
On 02/02/2012 03:34 PM, Peter E. Abresch Jr. - at Pepco wrote:
We use YaST to configure everything and it made no difference. We also
eliminated PAM as the problem as well. Additional testing results are as
follows:
If we shut down the remote LDAP server everything is fine, nss will get
?not available? and will continue with the local files. This allows us to
logon to the Linux Console as root since root is a local Linux account.
However, if we lose the network connection, (simulated by shutting down
the network interface), nss will hang and the logon will timeout, no
matter how high the timeout value is increased. Another words, not root or
any local account authentication can occurred when specifying the
following in nsswitch.conf when the network is down.
passwd: ldap files
shadow: ldap files
group: ldap files
We believe the problem lies with is nss_ldap. We are running
nss_ldap-262-11.32.31.1. The problem seems to be that nss is not
recognizing the timeout parameter in /etc/ldap.conf. If the network
connection is not there, then it just keeps trying instead of timing out
and looking at the local files. If the network is there, it immediately
recognizes that LDAP is not running and moves on. Googling this issue
reveals many hits identical to this.
Bug 176209 (https://bugzilla.redhat.com/show_bug.cgi?id=176209) seems to
address it. There are others that describe various symptoms of this same
problem.
How can I tell if this is a known issue with SuSE, Novell, or Attachmate?
Is anyone else using LDAP and experiencing this problem?
Peter
From: Mark Post mp...@novell.com
To: LINUX-390@vm.marist.edu
Date: 01/26/2012 04:52 PM
Subject:Re: When LDAP Fails
Sent by:Linux on 390 Port LINUX-390@vm.marist.edu
On 1/26/2012 at 04:35 PM, Peter E. Abresch Jr. - at Pepco
peabre...@pepco.com wrote:
II configured /etc/ldap.conf manually following the recommendations
outline in an IBM Rebook about RACF LDAP server.
I took the defaults with the following exceptions:
host conprod
base o=PHI
timelimit 30
bind_timelimit 30
bind_policy soft
pam_lookup_policy yes
pam_check_host_attr yes
pam_password racf
nss_initgroups_ignoreusers root,postfix
nss_schema rfc2307bis
nss_map_attribute uniqueMember member
Any ideas?
I would be tempted to use YaST to configure all this, and compare the
results with what has already been done. Perhaps the Redbook missed
something subtle, or things changed somewhat between when it was published
and SLES11 SP1, etc.
Mark Post
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
This Email message and any attachment may contain information that is
proprietary, legally privileged, confidential and/or subject to copyright
belonging to Pepco Holdings, Inc. or its affiliates (PHI). This Email is
intended solely for the use of the person(s) to which it is addressed. If
you are not an intended recipient, or the employee or agent responsible for
delivery of this Email to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this Email is strictly
prohibited. If you have received this message in error, please immediately
notify the sender and permanently delete this Email and any copies. PHI
policies expressly prohibit employees from making defamatory or offensive
statements and infringing any copyright or any other legal right by Email
communication. PHI will not accept any liability in respect of such
communications.
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
Re: Anyone lose network connectivity during upgrade to SLES11 SP1
No. The ping attempt was not made from the same subnet. We will try this on the next attempt. Sent from my iPhone On Feb 2, 2012, at 4:13 PM, Mark Post mp...@novell.com wrote: On 2/2/2012 at 04:14 PM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: My cohort said that in his latest try, he removed all the extraneous interfaces, and had the same result. He said he tried to ping it and did not get a response. My question, though, was the ping attempt made from the same subnet? I.e., no routing involved. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
